这里是 jenkins 角色、角色绑定、serviceaccount 和 ns 的完整文件。
命名空间.yaml
apiVersion: v1
kind: Namespace
metadata:
name: jenkins
角色绑定.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins-role-binding
namespace: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins-role
subjects:
- kind: ServiceAccount
name: jenkins-account
namespace: jenkins
角色.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins-role
namespace: jenkins
rules:
- apiGroups: [“”]
resources: [“pods”]
verbs: [“create”,”delete”,”get”,”list”,”patch”,”update”,”watch”]
- apiGroups: [“”]
resources: [“pods/exec”]
verbs: [“create”,”delete”,”get”,”list”,”patch”,”update”,”watch”]
- apiGroups: [“”]
resources: [“pods/log”]
verbs: [“get”,”list”,”watch”]
- apiGroups: [“”]
resources: [“secrets”]
verbs: [“get”]
- apiGroups: ["extensions", "apps"]
#
# at the HTTP level, the name of the resource for accessing Deployment
# objects is "deployments"
resources: ["deployments"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
service.account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins-account
namespace: jenkins
annotations:
eks.amazonaws.com/role-arn: arn:aws:sts::my-arn:assumed-role/DEVELOPER
最后我也验证了角色
[root@ip-10-1-2-3 auto]# kubectl describe role jenkins-role -n jenkins
Name: jenkins-role
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
deployments.apps [] [] [get list watch create update patch delete]
deployments.extensions [] [] [get list watch create update patch delete]
“pods.“”/exec” [] [] [“create” ”delete” ”get” ”list” ”patch” ”update” ”watch”]
“pods”.“” [] [] [“create” ”delete” ”get” ”list” ”patch” ”update” ”watch”]
“pods.“”/log” [] [] [“get” ”list” ”watch”]
“secrets”.“” [] [] [“get”]
看起来一切都很好,但 jenkins 仍然无法在运行管道构建时正确进行部署,并出现以下错误。
Masking supported pattern matches of $KUBECONFIG
[Pipeline] {
[Pipeline] echo
deploy to deployment!!
[Pipeline] sh
**+ kubectl auth can-i create deployments -n jenkins
no**
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] }
[Pipeline] // container
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] }
[Pipeline] // podTemplate
[Pipeline] End of Pipeline
ERROR: script returned exit code 1
Finished: FAILURE