Jenkins 无法在 EKS 集群内部署应用程序

Question

1. 拥有 EKS 集群并在 1.20 版本的单节点组中启动并运行
2. 然后从 Jenkins 我配置了云 k8 以连接到我的 API 服务器端点连接测试也成功。
3. 我通过 kubernetes yaml 文件部署了 Jenkins，并且还为 Jenkins 创建了专用命名空间。

这里是 jenkins 角色、角色绑定、serviceaccount 和 ns 的完整文件。

命名空间.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: jenkins

角色绑定.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: jenkins-role-binding
  namespace: jenkins
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: jenkins-role
subjects:
- kind: ServiceAccount
  name: jenkins-account
  namespace: jenkins

角色.yaml

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: jenkins-role
  namespace: jenkins
rules:
- apiGroups: [“”]
  resources: [“pods”]
  verbs: [“create”,”delete”,”get”,”list”,”patch”,”update”,”watch”]
- apiGroups: [“”]
  resources: [“pods/exec”]
  verbs: [“create”,”delete”,”get”,”list”,”patch”,”update”,”watch”]
- apiGroups: [“”]
  resources: [“pods/log”]
  verbs: [“get”,”list”,”watch”]
- apiGroups: [“”]
  resources: [“secrets”]
  verbs: [“get”]
- apiGroups: ["extensions", "apps"]
  #
  # at the HTTP level, the name of the resource for accessing Deployment
  # objects is "deployments"
  resources: ["deployments"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

service.account.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
 name: jenkins-account
 namespace: jenkins
 annotations:
  eks.amazonaws.com/role-arn: arn:aws:sts::my-arn:assumed-role/DEVELOPER

最后我也验证了角色

[root@ip-10-1-2-3 auto]# kubectl describe role jenkins-role -n jenkins
Name:         jenkins-role
Labels:       <none>
Annotations:  <none>
PolicyRule:
  Resources               Non-Resource URLs  Resource Names  Verbs
  ---------               -----------------  --------------  -----
  deployments.apps        []                 []              [get list watch create update patch delete]
  deployments.extensions  []                 []              [get list watch create update patch delete]
  “pods.“”/exec”          []                 []              [“create” ”delete” ”get” ”list” ”patch” ”update” ”watch”]
  “pods”.“”               []                 []              [“create” ”delete” ”get” ”list” ”patch” ”update” ”watch”]
  “pods.“”/log”           []                 []              [“get” ”list” ”watch”]
  “secrets”.“”            []                 []              [“get”]

看起来一切都很好，但 jenkins 仍然无法在运行管道构建时正确进行部署，并出现以下错误。

Masking supported pattern matches of $KUBECONFIG
[Pipeline] {
[Pipeline] echo
deploy to deployment!!
[Pipeline] sh
**+ kubectl auth can-i create deployments -n jenkins
no**
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] }
[Pipeline] // container
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] }
[Pipeline] // podTemplate
[Pipeline] End of Pipeline
ERROR: script returned exit code 1
Finished: FAILURE