• Jenkins的kubernetes-plugin使用方法


    Jenkins的kubernetes-plugin使用方法

    准备工作

    制作Jenkins连接kubernetes的证书

    因为Jenkins服务器在kubernetes集群之外,所以我们准备以下文件才能从外面连接到kubernetes集群。

    #在Master节点上执行
    cat /root/.kube/config
    

    内容如下:

    apiVersion: v1
    clusters:
    - cluster:
        certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJd01EVXlOREV6TkRrd04xb1hEVE13TURVeU1qRXpORGt3TjFvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTlRBCnlYV1o0L1RrK0xUaTZEbmtLc0djNXhveWRvaStSWDdPWFc3VFFyTmlacVJ4TW1nYXFlaFYrKzFRY05JanZZcEsKR0JVU0E1T2JpVWVuSHdkYkNFNkMreUJUSU9NbGxkS2xiWVJaZ0tQY0prMFhKcFFyNkJWV3ViMzVKUnU0UTZLNQpDVTFrR0E3QjFBazY1V0VpcGR3d2NoekxOOGEzSGlzdmN1U2lGQ1dIL3pDQlZ3Tkl3TFY3YW9ySFp1MlBTcXl3CkJyRlNWZHk0dE1EQjhwcUllSnkvaGhlVkpaalZnU2xCS1pwMEp5bzhKZkRNZTFRcnJXWFpCS0duNElkcjdobUUKajYxZUZrQmI1M21tMTJvZnJEWDhKSHBOQ1hvVlJoTFZXalVrYVF6UTZmMnIyUWwxWkM3R2hLbXByQ25EVlpsMwpLNjlLenVTbEF4N2hhYjNnWHgwQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLcFlzdXRKMFNuUkpZRHdqOUtlV0JTNTlRR0gKNENqZWJRMkROSEZGRWRYNy9iVHdabW9NeGE5VjRBaStpdFRBY21CNHdjQmhLb1gvd3lPYVphR3VRRUo2RjN3bQpEUHJJcjRiYkxWU0FCL2lhR0JnY0poeXo2WVlqaHZ2YUFsUUY0NkpvNUpQWlcrY0VEVWV6WEIrcTcrTGpNS1hPCjNiY0VzN0lXWVE3VDNGcjVtZVk1RFdydkZKYk5sdEJXcjhuQUJISVZqaFFZR09YNTVrT0dFUk51Z1A3d0dSeTAKZEpFMDRVdDYwV3pYZ3o1TEh6NU4ranJ5K2xIWjF6bVVkRXdkZGl2T2RsS1N1d0dZQUsvZnJQV3Vra0NUZTI0Vwo1VEYrM2lKYUx5dVZzTkhMNXJ5akF2K1ZIWlJrc3pHd0cwZldCMVA0RVdEak1FRkJLdlU4QnBpMTJicz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
        server: https://192.168.122.3:6443
      name: kubernetes
    contexts:
    - context:
        cluster: kubernetes
        user: kubernetes-admin
      name: kubernetes-admin@kubernetes
    current-context: kubernetes-admin@kubernetes
    kind: Config
    preferences: {}
    users:
    - name: kubernetes-admin
      user:
        client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM4akNDQWRxZ0F3SUJBZ0lJT2NDUk4zQ2phQlF3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TURBMU1qUXhNelE1TURkYUZ3MHlNVEExTWpReE16UTVNVEJhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTI1QTlqWGlUd2UreUhrWjcKcGVGbWg5b2MrZzF5N0h6TmNuemNEZFNHeGUvcEhFekh2dWk5cmkzaGoyQmgvVmVhRTZoRnVrR3QvbS9qOExiTApFbDBFVzZhOWFDVlhnRjBnajhmQ1FOUzVGcGlZWHVJT1o3dHFjRUNXcWpMUHIrSngraDRYVU5sVE8yd2V2TmhYCnl6TTVxcVpUeGZ0TnNicGpEdVIzMU9MUm5zU2JmUHphSDdpYzJad2NJcDF3dWtxZUdNSExrelRDcGVFc1VETzIKR1FKbVpucFdTa2xyeEpvZ0syQmNqMmxBeHYwais5M3lLTHJEbDY5YTMzT1FiaG5HUTdrbDUyZE0zRXhiZkx4TgpyaDNTQnc1NVZMRWJLR2lKaVdhcnI4MDh5bzBIOSt5SU5mWXREUTlwS0NFd0M2QUROZG8xTllhR0poajNadWJICkpKdWhzd0lEQVFBQm95Y3dKVEFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFGNmthMzZZd3F0ZkhpYXEyay9MK3piMGl2VUxoYkVwVzVCVgpoZXAxamx6eGVHRXpsckZZWWJqaU9zZU1DY2xmVmtiQWtIdGE4V1VrdElJU3lnRFJzNEF2ZHVxZDFCclppSEdoCktvdldaZ0NvWVFUeFFEOEZtRXQyMnBaaENsdnRKNXgwUWlFVjh6Njd0clZ0ak5ITStaaVRGM3QvendZRGtUWEYKaHZTTzFSRTI1Yno2a2V6NDFsS3JzaDRqSDJ5WVdnd0ltZmVreld2akVUaDI0WXhOTDcrTGhnaGtkSjRTdTNLcwpnWkIrUVRYdkcvZThlOU84OGtjZzY1ZWpPSlFsMWtwVmkrZ1B0cFZ4aUFDLzJqbmVtWlM4ZmhQM3RaejkyNGEvCitSY05Ia3RpcXJ2dXBtSzMxbS9iZXBVQ1VKU256Y29CclcvTXRmSHZkMHpyd1JmRTdVZz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
        client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBMjVBOWpYaVR3ZSt5SGtaN3BlRm1oOW9jK2cxeTdIek5jbnpjRGRTR3hlL3BIRXpICnZ1aTlyaTNoajJCaC9WZWFFNmhGdWtHdC9tL2o4TGJMRWwwRVc2YTlhQ1ZYZ0YwZ2o4ZkNRTlM1RnBpWVh1SU8KWjd0cWNFQ1dxakxQcitKeCtoNFhVTmxUTzJ3ZXZOaFh5ek01cXFaVHhmdE5zYnBqRHVSMzFPTFJuc1NiZlB6YQpIN2ljMlp3Y0lwMXd1a3FlR01ITGt6VENwZUVzVURPMkdRSm1abnBXU2tscnhKb2dLMkJjajJsQXh2MGorOTN5CktMckRsNjlhMzNPUWJobkdRN2tsNTJkTTNFeGJmTHhOcmgzU0J3NTVWTEViS0dpSmlXYXJyODA4eW8wSDkreUkKTmZZdERROXBLQ0V3QzZBRE5kbzFOWWFHSmhqM1p1YkhKSnVoc3dJREFRQUJBb0lCQUdoY0FNV3pZQmU0QkdOYgpnUDN4U3JpYnRWWXMra2pwY1FWUHo1QkxTZHZmRWwrL0p0blk2ZjlXRTNZQWk5TE14cEU5VkJjWmpNZjVDdENwCk1aQ0M0Y1ZtVlhTZyt4d3FKNFh2bnFjTjlRT0dlRFh4SUlPeGt2L1QwMGtHYWF6aDV1YkpVcSs4L0ZDc0xWZjUKUkpGeXdhQVkrb3lKeS80RDUzMTJublp6Y01zVEtxd3kyLy8zN3RFOVdra1ExVnlNRWpOcnV1OGtJWlh1UkdjTwp4ZkV2TFFZRXJMazE0alVoL0dydFJ5SVMrQVhieFFObHFIZmNlY2pwaDVjVXpldWZlWTBRK2tIdW1oWTVyN1R3CjhkaksxZFZleEZEUklKWS9ZdklIN3N0L1dZSWR1S25nZU1kaDI4UDhvY2lCNkF0VkMxQzVHcDFLdXZOOTNoTysKaVRQb1laRUNnWUVBN0xDeFRQN1RsbkNpbjUxQUNrYmh5Wkg4UVRZdS9oaHFvYVVlem4ydnFjUlZlTEVNTDN5SwpySjVxZTFlSGYwZXJNRTNWc0N0R3dTbXYxRzIzanlSYU54b3BpMUovdklxQVJEYUJYMlFma2J3YmRCSi94VGhjCmxVNHNYbWhLbmdSdFNPT2hCbUNhRXk4SlkyOHRESG1WTVZXSmlHUE8zRFBZeGVlWWJKcTBPTlVDZ1lFQTdYbmEKWGdPdjloUXhkUGtlWE1JaEIyc1h6WC9zMDlhT3pLSkhSbENUcU9JWjdkOHNBOE9jMTdsa0hwa04zdkhtdnNiNgpQUXZ0RVdSYkFkUXJnSzlFQXhvR0ptN2xaTnEzU0dHNUtFdkRRVXN3MzhEd25QK0w3NTRSK2VKOVhtRTFxcHBDCnBIZHZrYWlSaFlwZitaVExiMXR3TUlHSFZwZ3dHdit2OGtjWHRHY0NnWUE3Y1VpbDZKMmsrNWFyOVdjZTdaeEkKN2tQbThMK3VpdDFFeVY1S1I2QjFSMXliMmdNUWJmdTV6SE03bE1qdnUwVVA5WXhFR1NwRTJyNVE0RmtvTnQzOQpWckcyVHJyTDFCRFFrTXUrOUR0RmMzT0ZuQnZBb1I0SFZVR3BXQkhkUzRsU3MvQTkxTWI5S0dQNE4vU2RYRytPCm0wZldIQkxZbEtETld4T1p1dVNtSFFLQmdHZFVNZlBlWHQ0UUEwVUdjSE9qOUlNcDBmMlV3Qk9jdEIzT0xuMGwKNmxuOXA1S2RIS1cybzdRcDhxcHRwbDl2bWh0QXNQbUhDdXdhWW83MUpzaWplbEJ2TG1YaXN1V2pWVVNsWU05cgp4OVhOUmNMV1ROdkRSYnhKWjBEM2o5MVZKdWpJbmw2NXFVNFRydDRRUzVwcFordFlPZ1NoRjZaU0tmeFZiTlZhCm9iSFpBb0dBSUVETGR5elU1Sk5Pc1R3K09hWXJWWHg3K1YxUlJ5VC9ERHY4ems3K0c2dmxrOXVrQ0w3eEhoV20Ka3k0QTN2cFNHV2x0L0JpeDJPWlFUek1hQmR0bmZkNURaZHdua2FNTmg4dXNFSjNJWE5DVnFhK3JWZlg4Z0orNQpQckRXdFNyQkdjYlh4ZEdLcWFvNHBuVjc2dmhSSzRJU3QwUEoycXMrMU4vWG1RdmVod2M9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
    

    制作登录K8S集群的证书

    #将certificate-authority-data的内容复制出来在本地制作kube-ca.crt
    echo LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJd01EVXlOREV6TkRrd04xb1hEVE13TURVeU1qRXpORGt3TjFvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTlRBCnlYV1o0L1RrK0xUaTZEbmtLc0djNXhveWRvaStSWDdPWFc3VFFyTmlacVJ4TW1nYXFlaFYrKzFRY05JanZZcEsKR0JVU0E1T2JpVWVuSHdkYkNFNkMreUJUSU9NbGxkS2xiWVJaZ0tQY0prMFhKcFFyNkJWV3ViMzVKUnU0UTZLNQpDVTFrR0E3QjFBazY1V0VpcGR3d2NoekxOOGEzSGlzdmN1U2lGQ1dIL3pDQlZ3Tkl3TFY3YW9ySFp1MlBTcXl3CkJyRlNWZHk0dE1EQjhwcUllSnkvaGhlVkpaalZnU2xCS1pwMEp5bzhKZkRNZTFRcnJXWFpCS0duNElkcjdobUUKajYxZUZrQmI1M21tMTJvZnJEWDhKSHBOQ1hvVlJoTFZXalVrYVF6UTZmMnIyUWwxWkM3R2hLbXByQ25EVlpsMwpLNjlLenVTbEF4N2hhYjNnWHgwQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLcFlzdXRKMFNuUkpZRHdqOUtlV0JTNTlRR0gKNENqZWJRMkROSEZGRWRYNy9iVHdabW9NeGE5VjRBaStpdFRBY21CNHdjQmhLb1gvd3lPYVphR3VRRUo2RjN3bQpEUHJJcjRiYkxWU0FCL2lhR0JnY0poeXo2WVlqaHZ2YUFsUUY0NkpvNUpQWlcrY0VEVWV6WEIrcTcrTGpNS1hPCjNiY0VzN0lXWVE3VDNGcjVtZVk1RFdydkZKYk5sdEJXcjhuQUJISVZqaFFZR09YNTVrT0dFUk51Z1A3d0dSeTAKZEpFMDRVdDYwV3pYZ3o1TEh6NU4ranJ5K2xIWjF6bVVkRXdkZGl2T2RsS1N1d0dZQUsvZnJQV3Vra0NUZTI0Vwo1VEYrM2lKYUx5dVZzTkhMNXJ5akF2K1ZIWlJrc3pHd0cwZldCMVA0RVdEak1FRkJLdlU4QnBpMTJicz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= | base64 -d > ~/kube-cert/kube-ca.crt
    
    #将client-certificate-data的内容复制出来在本地制作kube-client.crt
    echo LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM4akNDQWRxZ0F3SUJBZ0lJT2NDUk4zQ2phQlF3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TURBMU1qUXhNelE1TURkYUZ3MHlNVEExTWpReE16UTVNVEJhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTI1QTlqWGlUd2UreUhrWjcKcGVGbWg5b2MrZzF5N0h6TmNuemNEZFNHeGUvcEhFekh2dWk5cmkzaGoyQmgvVmVhRTZoRnVrR3QvbS9qOExiTApFbDBFVzZhOWFDVlhnRjBnajhmQ1FOUzVGcGlZWHVJT1o3dHFjRUNXcWpMUHIrSngraDRYVU5sVE8yd2V2TmhYCnl6TTVxcVpUeGZ0TnNicGpEdVIzMU9MUm5zU2JmUHphSDdpYzJad2NJcDF3dWtxZUdNSExrelRDcGVFc1VETzIKR1FKbVpucFdTa2xyeEpvZ0syQmNqMmxBeHYwais5M3lLTHJEbDY5YTMzT1FiaG5HUTdrbDUyZE0zRXhiZkx4TgpyaDNTQnc1NVZMRWJLR2lKaVdhcnI4MDh5bzBIOSt5SU5mWXREUTlwS0NFd0M2QUROZG8xTllhR0poajNadWJICkpKdWhzd0lEQVFBQm95Y3dKVEFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFGNmthMzZZd3F0ZkhpYXEyay9MK3piMGl2VUxoYkVwVzVCVgpoZXAxamx6eGVHRXpsckZZWWJqaU9zZU1DY2xmVmtiQWtIdGE4V1VrdElJU3lnRFJzNEF2ZHVxZDFCclppSEdoCktvdldaZ0NvWVFUeFFEOEZtRXQyMnBaaENsdnRKNXgwUWlFVjh6Njd0clZ0ak5ITStaaVRGM3QvendZRGtUWEYKaHZTTzFSRTI1Yno2a2V6NDFsS3JzaDRqSDJ5WVdnd0ltZmVreld2akVUaDI0WXhOTDcrTGhnaGtkSjRTdTNLcwpnWkIrUVRYdkcvZThlOU84OGtjZzY1ZWpPSlFsMWtwVmkrZ1B0cFZ4aUFDLzJqbmVtWlM4ZmhQM3RaejkyNGEvCitSY05Ia3RpcXJ2dXBtSzMxbS9iZXBVQ1VKU256Y29CclcvTXRmSHZkMHpyd1JmRTdVZz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= | base64 -d > ~/kube-cert/kube-client.crt
    
    #将client-key-data的内容复制出来在本地制作kube-client.key
    echo LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBMjVBOWpYaVR3ZSt5SGtaN3BlRm1oOW9jK2cxeTdIek5jbnpjRGRTR3hlL3BIRXpICnZ1aTlyaTNoajJCaC9WZWFFNmhGdWtHdC9tL2o4TGJMRWwwRVc2YTlhQ1ZYZ0YwZ2o4ZkNRTlM1RnBpWVh1SU8KWjd0cWNFQ1dxakxQcitKeCtoNFhVTmxUTzJ3ZXZOaFh5ek01cXFaVHhmdE5zYnBqRHVSMzFPTFJuc1NiZlB6YQpIN2ljMlp3Y0lwMXd1a3FlR01ITGt6VENwZUVzVURPMkdRSm1abnBXU2tscnhKb2dLMkJjajJsQXh2MGorOTN5CktMckRsNjlhMzNPUWJobkdRN2tsNTJkTTNFeGJmTHhOcmgzU0J3NTVWTEViS0dpSmlXYXJyODA4eW8wSDkreUkKTmZZdERROXBLQ0V3QzZBRE5kbzFOWWFHSmhqM1p1YkhKSnVoc3dJREFRQUJBb0lCQUdoY0FNV3pZQmU0QkdOYgpnUDN4U3JpYnRWWXMra2pwY1FWUHo1QkxTZHZmRWwrL0p0blk2ZjlXRTNZQWk5TE14cEU5VkJjWmpNZjVDdENwCk1aQ0M0Y1ZtVlhTZyt4d3FKNFh2bnFjTjlRT0dlRFh4SUlPeGt2L1QwMGtHYWF6aDV1YkpVcSs4L0ZDc0xWZjUKUkpGeXdhQVkrb3lKeS80RDUzMTJublp6Y01zVEtxd3kyLy8zN3RFOVdra1ExVnlNRWpOcnV1OGtJWlh1UkdjTwp4ZkV2TFFZRXJMazE0alVoL0dydFJ5SVMrQVhieFFObHFIZmNlY2pwaDVjVXpldWZlWTBRK2tIdW1oWTVyN1R3CjhkaksxZFZleEZEUklKWS9ZdklIN3N0L1dZSWR1S25nZU1kaDI4UDhvY2lCNkF0VkMxQzVHcDFLdXZOOTNoTysKaVRQb1laRUNnWUVBN0xDeFRQN1RsbkNpbjUxQUNrYmh5Wkg4UVRZdS9oaHFvYVVlem4ydnFjUlZlTEVNTDN5SwpySjVxZTFlSGYwZXJNRTNWc0N0R3dTbXYxRzIzanlSYU54b3BpMUovdklxQVJEYUJYMlFma2J3YmRCSi94VGhjCmxVNHNYbWhLbmdSdFNPT2hCbUNhRXk4SlkyOHRESG1WTVZXSmlHUE8zRFBZeGVlWWJKcTBPTlVDZ1lFQTdYbmEKWGdPdjloUXhkUGtlWE1JaEIyc1h6WC9zMDlhT3pLSkhSbENUcU9JWjdkOHNBOE9jMTdsa0hwa04zdkhtdnNiNgpQUXZ0RVdSYkFkUXJnSzlFQXhvR0ptN2xaTnEzU0dHNUtFdkRRVXN3MzhEd25QK0w3NTRSK2VKOVhtRTFxcHBDCnBIZHZrYWlSaFlwZitaVExiMXR3TUlHSFZwZ3dHdit2OGtjWHRHY0NnWUE3Y1VpbDZKMmsrNWFyOVdjZTdaeEkKN2tQbThMK3VpdDFFeVY1S1I2QjFSMXliMmdNUWJmdTV6SE03bE1qdnUwVVA5WXhFR1NwRTJyNVE0RmtvTnQzOQpWckcyVHJyTDFCRFFrTXUrOUR0RmMzT0ZuQnZBb1I0SFZVR3BXQkhkUzRsU3MvQTkxTWI5S0dQNE4vU2RYRytPCm0wZldIQkxZbEtETld4T1p1dVNtSFFLQmdHZFVNZlBlWHQ0UUEwVUdjSE9qOUlNcDBmMlV3Qk9jdEIzT0xuMGwKNmxuOXA1S2RIS1cybzdRcDhxcHRwbDl2bWh0QXNQbUhDdXdhWW83MUpzaWplbEJ2TG1YaXN1V2pWVVNsWU05cgp4OVhOUmNMV1ROdkRSYnhKWjBEM2o5MVZKdWpJbmw2NXFVNFRydDRRUzVwcFordFlPZ1NoRjZaU0tmeFZiTlZhCm9iSFpBb0dBSUVETGR5elU1Sk5Pc1R3K09hWXJWWHg3K1YxUlJ5VC9ERHY4ems3K0c2dmxrOXVrQ0w3eEhoV20Ka3k0QTN2cFNHV2x0L0JpeDJPWlFUek1hQmR0bmZkNURaZHdua2FNTmg4dXNFSjNJWE5DVnFhK3JWZlg4Z0orNQpQckRXdFNyQkdjYlh4ZEdLcWFvNHBuVjc2dmhSSzRJU3QwUEoycXMrMU4vWG1RdmVod2M9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== | base64 -d > ~/kube-cert/kube-client.key
    
    #创建证书,创建证书需要设置密码,设置的密码不要忘记
    openssl pkcs12 -export -out ~/kube-cert/kube-cert.pfx -inkey ~/kube-cert/kube-client.key -in ~/kube-cert/kube-client.crt -certfile ~/kube-cert/kube-ca.crt
    

    此时我们创建了4个文件:kube-ca.crt、kube-cert.pfx、kube-client.crt、kube-client.key,其中kube-ca.crt的文件内容在创建Jenkins连接到kubernetes集群时需要用,kube-cert.pfx需要上传到Jenkins的凭据配置中:

    cat kube-ca.crt
    
    -----BEGIN CERTIFICATE-----
    MIICyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
    cm5ldGVzMB4XDTIwMDUyNDEzNDkwN1oXDTMwMDUyMjEzNDkwN1owFTETMBEGA1UE
    AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANTA
    yXWZ4/Tk+LTi6DnkKsGc5xoydoi+RX7OXW7TQrNiZqRxMmgaqehV++1QcNIjvYpK
    GBUSA5ObiUenHwdbCE6C+yBTIOMlldKlbYRZgKPcJk0XJpQr6BVWub35JRu4Q6K5
    CU1kGA7B1Ak65WEipdwwchzLN8a3HisvcuSiFCWH/zCBVwNIwLV7aorHZu2PSqyw
    BrFSVdy4tMDB8pqIeJy/hheVJZjVgSlBKZp0Jyo8JfDMe1QrrWXZBKGn4Idr7hmE
    j61eFkBb53mm12ofrDX8JHpNCXoVRhLVWjUkaQzQ6f2r2Ql1ZC7GhKmprCnDVZl3
    K69KzuSlAx7hab3gXx0CAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB
    /wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKpYsutJ0SnRJYDwj9KeWBS59QGH
    4CjebQ2DNHFFEdX7/bTwZmoMxa9V4Ai+itTAcmB4wcBhKoX/wyOaZaGuQEJ6F3wm
    DPrIr4bbLVSAB/iaGBgcJhyz6YYjhvvaAlQF46Jo5JPZW+cEDUezXB+q7+LjMKXO
    3bcEs7IWYQ7T3Fr5meY5DWrvFJbNltBWr8nABHIVjhQYGOX55kOGERNugP7wGRy0
    dJE04Ut60WzXgz5LHz5N+jry+lHZ1zmUdEwddivOdlKSuwGYAK/frPWukkCTe24W
    5TF+3iJaLyuVsNHL5ryjAv+VHZRkszGwG0fWB1P4EWDjMEFBKvU8Bpi12bs=
    -----END CERTIFICATE-----
    

    Jenkins连接到kubernetes集群

    打开Jenkins管理后台,选择左侧凭据,选择打开界面中的全局,点击左侧添加凭据菜单,在右侧打开界面中类型选择certificate,范围全局,证书选择Upload PKCS#12 certificate,下方密码框选择Change Password后输入创建证书时设置的密码
    ,下方描述填写为k8s,最后点击确定。

    Alt text
    Alt text

    回到Jenkins管理后台,选择左侧系统管理,选择右侧打开界面的系统配置,在最下方打开Cloud配置界面,在配置界面中点击add a new cloud选择kubernetes后,打开详细配置信息页:

    • Kubernetes 地址:kubernetes服务地址,也就是apiserver的地址,一般是master节点NodeIP+6443端口,证书里会含合法的地址列表,比如10.1.0.1, 192.168.122.3, centos7-k8s-master, kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local,我的Jenkins服务器和kubernetes集群不在一个网段,所以我在Host文件加入了192.168.0.10 centos7-k8s-master,然后在192.168.0.10里做了端口映射ssh -CfNg -L 6443:192.168.122.3:6443 root@127.0.0.1,才能验证通过。
    • Kubernetes 服务证书 key:kube-ca.crt文件的内容。
    • 凭据:刚才创建的certificate凭据。
    • Jenkins 地址:Agent连接Jenkins Master的地址,比如http://ops.bluersw.com:8080 注意:Jenkins-Slave运行在Pod里,使用DNS服务解析域名,修改宿主机HOST文件不管用的(还好我有DNS服务器)。

    其他都使用默认配置,点击连接测试,连接测试成功,点击Save存储。
    Alt text
    图中有个警告,返回系统管理界面,选择全局安全配置,将TCP port for inbound agents修改为随机选取,点击保存,警告就消失了。

    Alt text

    创建流水线测试任务

    Alt text

    在最下方Pipeline script中填写以下脚本:

    podTemplate {
        node(POD_LABEL) {
            stage('Run shell') {
                sh 'echo hello world'
            }
        }
    }
    

    保存运行,查看结果,Jenkins Console Output:

    Running in Durability level: MAX_SURVIVABILITY
    [Pipeline] Start of Pipeline
    [Pipeline] podTemplate
    [Pipeline] {
    [Pipeline] node
    Created Pod: default/jenkins-test-6-hl7zm-w0x58-845rm
    [Normal][default/jenkins-test-6-hl7zm-w0x58-845rm][Scheduled] Successfully assigned default/jenkins-test-6-hl7zm-w0x58-845rm to centos7-k8s-node1
    [Normal][default/jenkins-test-6-hl7zm-w0x58-845rm][Pulled] Container image "jenkins/jnlp-slave:4.0.1-1" already present on machine
    [Normal][default/jenkins-test-6-hl7zm-w0x58-845rm][Created] Created container jnlp
    [Normal][default/jenkins-test-6-hl7zm-w0x58-845rm][Started] Started container jnlp
    Still waiting to schedule task
    ‘jenkins-test-6-hl7zm-w0x58-845rm’ is offline
    Agent jenkins-test-6-hl7zm-w0x58-845rm is provisioned from template Jenkins-Test_6-hl7zm-w0x58
    ---
    apiVersion: "v1"
    kind: "Pod"
    metadata:
      annotations:
        buildUrl: "http://ops.bluersw.com:8080/job/Jenkins-Test/6/"
        runUrl: "job/Jenkins-Test/6/"
      labels:
        jenkins: "slave"
        jenkins/label: "Jenkins-Test_6-hl7zm"
      name: "jenkins-test-6-hl7zm-w0x58-845rm"
    spec:
      containers:
      - env:
        - name: "JENKINS_SECRET"
          value: "********"
        - name: "JENKINS_AGENT_NAME"
          value: "jenkins-test-6-hl7zm-w0x58-845rm"
        - name: "JENKINS_NAME"
          value: "jenkins-test-6-hl7zm-w0x58-845rm"
        - name: "JENKINS_AGENT_WORKDIR"
          value: "/home/jenkins/agent"
        - name: "JENKINS_URL"
          value: "http://ops.bluersw.com:8080/"
        image: "jenkins/jnlp-slave:4.0.1-1"
        name: "jnlp"
        resources:
          requests:
            cpu: "100m"
            memory: "256Mi"
        volumeMounts:
        - mountPath: "/home/jenkins/agent"
          name: "workspace-volume"
          readOnly: false
      nodeSelector:
        beta.kubernetes.io/os: "linux"
      restartPolicy: "Never"
      securityContext: {}
      volumes:
      - emptyDir:
          medium: ""
        name: "workspace-volume"
    
    Running on jenkins-test-6-hl7zm-w0x58-845rm in /home/jenkins/agent/workspace/Jenkins-Test
    [Pipeline] {
    [Pipeline] stage
    [Pipeline] { (Run shell)
    [Pipeline] sh
    + echo hello world
    hello world
    [Pipeline] }
    [Pipeline] // stage
    [Pipeline] }
    [Pipeline] // node
    [Pipeline] }
    [Pipeline] // podTemplate
    [Pipeline] End of Pipeline
    Finished: SUCCESS
    

    这个名为“jenkins-test-6-hl7zm-w0x58-845rm”的Pod自动由Jenkins创建,并在执行完构建脚本之后就会自动销毁,Pod内名为“jnlp”的容器是默认必须存在的,这是执行Agent程序与Jenkins Master连接,获取并执行脚本的默认容器,这个Pod内除了jnlp容器之外可以定义其他多个容器,并指定那个容器执行什么脚本,以上是最简单的例子。

  • 相关阅读:
    感想
    正则表达式
    推送、透传、MQ
    Spring集成Quartz定时任务 ---- 定时执行
    代码优化
    nginx配置详解、端口重定向和504
    JAVA实现EXCEL导出
    js 按需加载
    MyBatis使用(二)分页查询
    MyBatis使用(一)
  • 原文地址:https://www.cnblogs.com/bluersw/p/12990769.html
Copyright © 2020-2023  润新知