♥ Jenkins的分布式构建,在Jenkins的配置中叫做节点,分布式构建能够让同一套代码或项目在不同的环境(如:Windows和Linux系统)中编译、部署等。
♥ 将jenkins项目发布在不同服务器上(分布jenkins工作空间,部署项目到不同服务器)这就形成了jenkins的分布式。节点服务器不需要安装jenkins,只需要运行一个slave节点服务,构建事件的分发由master端(jenkins主服务)来执行。

一、缘起

CICD的思想目前对于每一个正规的软件开发团队基本都是必填项,那么一般来讲Jenkins的应用自然沦为了刚需。

Jenkins目前在单台Vm虚机上基于docker容器化部署,当Jenkins用了一段时间以后,发现每天的Jenkins 构建次数日益剧增,逐渐出现了Jenkins访问速度慢,卡顿,甚至直接终止服务响应的情况。由于底层是基于Vm,那么申请了一些物理资源,暂时解决了问题。

随后,随着几个项目组的构建需求频繁增长,每天Jenkins的构建次数会超过500次,此时显然原有部署结构已经不够支撑了。Jenkins服务各种卡死,无响应白屏频频发生。不过出现这个问题,也是意料之内,但是就是相对棘手了些。

由于现有服务器资源相对有限,直接开几台高配置Vm,可能会比较简单粗暴的解决问题,但成本相对较大,也不利于资源利用。因为Jenkins工作日时间也分忙时闲时。

二、解决思路

1. 痛点梳理

构建任务高峰期,Jenkins服务频发不可用状态
服务虚机资源有限,不能随意调用空闲资源
Jenkins 服务器宕机后需要人工手动重启

Jenkins通过kubernetes plugin连接K8s集群

一、Jenkins安装kubernetes plugin插件

1.1 点击左侧系统管理

1.2 点击插件管理

1.3 安装插件Kubernetes plugin

1.4 安装好后重启Jenkins

浏览器输入http://10.0.0.151:8080/restart,页面点击“是”重启Jenkins

二、进入配置页

2.1 左侧点击系统管理

2.2 点击节点管理

2.3 点击Configure Clouds

三、配置

3.1 下拉框选择Kubernetes

3.2 点击Kubernetes Cloud details…进入配置详情页

3.3 填入认证信息

需要填写红框内的4个内容

Kubernetes 地址

在集群里使用命令查看

https://10.0.0.151:6443就是地址[root@k8s151 ~]$ kubectl cluster-infoKubernetes control plane is running at https://10.0.0.151:6443KubeDNS is running at https://10.0.0.151:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

Kubernetes 服务证书 key

为/root/.kube/config中的certificate-authority-data部分,并通过base64加密

终端输入下面的命令查看certificate-authority-data:

[root@k8s151 ~]$ cat .kube/configapiVersion: v1clusters:- cluster:certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJek1ERXhNakExTVRJd00xb1hEVE16TURFd09UQTFNVEl3TTFvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTWtWClk5ZkxhWlpJYXdIOEpDUDVvdndHZU5uOHpaRUluZHhONjBnUVF5QXlSNXFHVkt2NTdUek1IVlY5bWtFMEF4QWgKRHJQbEFBVXVDaWJqbm1UeHJNSTduWkIrNDlObVJ4RmQ3OVhpanZWRmFoSklIUnd0SG8vZFhmNTA0NFFwT3A1ZQpZRHR2alAvL1lubXo5dUY0eFBQS1BWTjBRWWFTLzVsMnpFVkQ5N2JjUWFGd2pCWDFvbXpUQng1SkxNVVlpalRECmVKR2ZmZ0labHVUM3JpbFpuazN2amhsblpRdkFtQUR0ajRFRDVrcTZEUXdvaGU0TWxvQit0azgvL0cyeXB0SEEKMjhwQThVT0FPQjRUQ3dUSlRpYmVhM3dERGNVeDdrZ1JaRHZsTGJBRkpmL2MzcGozOElXNVJxVGFaVFB0YkZMYgpKMGRrczJMMXlXdmlRUHZkQTlzQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZDZ3JOV25tWkpsVm5UMmI5aUtjRE13YlRXL05NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDbE1LNDVJS3hpZDIzdDFzbldCN0w3UDh3UG5RWThheTlLZGFVbldQdTVtcFBCbnBMVQpGdUx6MVE1YjdVY0ltdCswZGN1T3FXKzhFTUU3cU80ekd2WHp1WFk3blU3eG9OU1RBOWxlSGNrMFlWRnpra0UvCnI3WHViU05GZHBacW5PTUtOTlBtRHBoQUx0VzkwYkl1SkE0a1dXUVRmVE15V2ZIL2NtRWlDaFVpSGR3UmF4RVQKeVNOZ2J1Wm1BNGpYSm93TndNejAxQ3FRYWJqWnhIOFZxaFRoMGJOakJ1MXArQVArTzVYemNNcllMSjF0cnV2RgptMVQxN0JuQW50M2xrRmZST3doMXlyQ3E3QTZVVzZUSWwrNHZDb0haVW1lZFlVT1JVNGk3bGRMb3ZCMEFDT3dLCkU0VEdwalJnc21RL0hCVTBKcEFQekxud0N3d2x0L2ZZWitYOQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==server: https://10.0.0.151:6443name: kubernetescontexts:- context:cluster: kubernetesuser: kubernetes-adminname: kubernetes-admin@kubernetescurrent-context: kubernetes-admin@kuberneteskind: Configpreferences: {}users:- name: kubernetes-adminuser:client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lJUEdFZ3Y5R3R5bGN3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TXpBeE1USXdOVEV5TUROYUZ3MHlOREF4TVRJd05URXlNRFJhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTZXVERMQWFVTnhQMmlwalkKS1ZvQTZwTUE4RDM5c1lQVU1FSHh5Mkp5QTRqQVBkUkRjNmJLZ3NibTlHMEdWSER4aGNrTmV6SWQ5aFI4aFJabwp2STl2dGY5c3VvZmJSUUphcDNTMjNrdmNlUHdlb25YSjhtYkc3VklrQUlqT0U2dW1EalZqaHJVOGgwaTJ2emlVCjhESFc2QnhPbWVXUGFxZ1pBUC81TkU1cEQwM3QzTTlpb2pCMU9mVzNLM056WGtrdzZWcFhRNkMwclR3MnNtMnIKelg3V1B2ZTdQV1V6Qi9GeFR2T21yVDNLSkZMTEo4OHQ2OFJ6VXZHV3lZaXdxalVudUpvV2VTLzRGRTJEVkhyOQpwSUJ4b2lKQzdTMHRqSmVqMGpUQVBYRGhDNmtwU2tWZk8yNEVIeFAzZkx2WndhK1FROUlPNFhQM21DUHNTTzl4CmNIeVBPd0lEQVFBQm8wZ3dSakFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0h3WURWUjBqQkJnd0ZvQVVLQ3MxYWVaa21WV2RQWnYySXB3TXpCdE5iODB3RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFMZk92UTA1YmJjYW5lS2dkWnV4TlVDcEdITnJVWCs4SkFrZ09rbW5FVGFuVTNLTGJnMUNrU0NECkxORFd0TWQ3c2tqb1dsUGprZ0dxekdKdStqbDZ5UmhwR0k4RVAveTlIcGdsRGZ4MjZWc01WcDFDa2J3Z2RnRGcKUVZDaFVoSXgrRnRKVnlQY3UraUsrSHdiclR0MVZjRUtaME52YmhYRGRoTTMyRmgvKzcrQWFmK3FNZ1JNVWRsYgpjY25VNklDRzQ0VGpQUks1dk5TQ204ek5kYU1kRFR0UkQwVHp3ZkpXMnZhb1kxb1FWd0dmN2FNdksxMGw5OFJTCnI2cmdNUGNoeXUrRGp6NU15Y1V0OVJEQTRIekdFVG1ySGpzUm5KVHpkV3NBU1FKTmRLREQ4RWIzYzV4ZVF0TEQKaHJTWGJRT0l3RmUrTGRJN3RqaTJuNFlyWkJnUzd3ND0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBNldURExBYVVOeFAyaXBqWUtWb0E2cE1BOEQzOXNZUFVNRUh4eTJKeUE0akFQZFJECmM2Yktnc2JtOUcwR1ZIRHhoY2tOZXpJZDloUjhoUlpvdkk5dnRmOXN1b2ZiUlFKYXAzUzIza3ZjZVB3ZW9uWEoKOG1iRzdWSWtBSWpPRTZ1bURqVmpoclU4aDBpMnZ6aVU4REhXNkJ4T21lV1BhcWdaQVAvNU5FNXBEMDN0M005aQpvakIxT2ZXM0szTnpYa2t3NlZwWFE2QzByVHcyc20ycnpYN1dQdmU3UFdVekIvRnhUdk9tclQzS0pGTExKODh0CjY4UnpVdkdXeVlpd3FqVW51Sm9XZVMvNEZFMkRWSHI5cElCeG9pSkM3UzB0akplajBqVEFQWERoQzZrcFNrVmYKTzI0RUh4UDNmTHZad2ErUVE5SU80WFAzbUNQc1NPOXhjSHlQT3dJREFRQUJBb0lCQUJQM3lmYnZUU2oxTFVlbwpVZjRmdENwZGoxditnY0Q1UFdNdmtTZE1jZUs1aFhFRXd3eVcvWVo0eS9PbmpENFhONkt4azlTeGNmekd2ZXlKCkFVYjRvcDhZamszYko3aGN2akxMZW9YRVNjV1VGRzdqMHZaSk1zWEZIRTFyWnU0cDVsZ2EyendBTDRDSGlSTU4KSFRqN21wNWJKYUpuRUlFWWhxTWVRMHpsVkhtNWtFWW80TFZQUnR3NUJoOU1OU3VJYkF6elkvZEgrSTViNWFZSApnbjlsR3FoQmR4eUN5YXUzVDhoc2t4TDROU2F6VjdCSWV4R0ZhcFdsSzhrYVhnOEg2cCtlcUZ5S2M0YUxLdzl5CjRlbWdaYndWWElRVUxweHVtblJJdThCdUY1b0swUnI4UUZLUGl0QmE2QUd2T2VzZzE3b0l4Q1dmOWttcUZqSVIKZTBtTkg3a0NnWUVBOEQ5eTFYekQ0T3QwWUVPbzdKVkd4SVZPdkZBK3ZBWVdUUjlpcFl2bVJ6OUtMbFdSdmJZLwpmOHdxTzJEZ2FSWng5NXcvSzYvY1l6bXUzQzZiS0hESmVKUit1aEg5TDNrM1ZpR3FFMndNKzBxWkE2RjJwK1c0CnlFcGFRekRoUDFwczRXM2hMN3cwVGRuanNHaDlBVE05VmlBZUE2QmtqT21PTmI0WkNrOG9ra2NDZ1lFQStMSkQKL21uR0Qwak5xWjhpcTFLamtSVUp5R1VHd1hBenA2WVRMRXNFL2ZtWmxObmNDSllYSklXbG1lTzBuK0g2cG90VApscEwva2s5cjJLNUhqNDZTamVETG1VRlB1aTJwQnpxcjlqU0NwazVEYVBYdjFnYXgrMUF3VW9qa2pYWEZTcEJQClpiOFBka04zWlNQbE1Yc0IwMTdsOEdQTTVlMkhiY0gxNDkwOEFXMENnWUJUWjdPV0tocFdtMmRyaEJIQkVKSGcKNStiTnVZNE4rSThGZHovbitRbVk4bi91VmdhaXRnS1ZlMnV0OFpQMjU3UHBJblZMMVdITmtOa0QxNnBGLytIeAoycHVrUFZxSWdLeVZXbHFSSTVIZUs2ZXpldnFXajBuM1B0alhPc0Q0SFl4dk5wWlczQi9NWnppRXBjSEFDT25pClhJUU8vai9xSzZzVFBVdTBLSWNOUVFLQmdHK29HYjd2M215ZVV6Z0VxcHdnemk4bE11ODE3SUtNemFSSGUvUTIKK2xiTTZaZGErTjhpQStIeDN4Zm9rLy8waFlTZ3FUYkJhTjFYcXlQdG0xTm92NFBUbVpXRkxUWjVxWm9GVFkrTQpvOXZtNTMwSWJsVzVTODk1Z1RpTkhaQWxnQjZxQy91eWZFNnNtNzVkRDFuWDBFb0dJVlo4ZUZJREF2clVTb0d6Cm9tMUJBb0dBSXZ4UzdTVU9BcXI3MFFIMEE1eFpHcHdjbFk1ZzJVMTdTK1ZRTXJjTlEzL01BdDBqUDBhcmFUUXUKNGF0KzBjZ1RNakRydDJTUEo3TC9GQy9mZTVaM0pOYlJTUGpNTW5ZZEtTUFJwcVVOV3JYZVJGenN0cXM2UVZLYgpKZHB6a3g2ZWk3Z0Z3eGtMVUhUVjBRdzBjN21iUlBLYlduakU3T1FjSEJuNnVsUTlLZWs9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==

在执行下面的命令进行base64加密:

echo “certificate-authority-data冒号后面的内容” | base64 -d

[root@k8s151 ~]$ echo "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJek1ERXhNakExTVRJd00xb1hEVE16TURFd09UQTFNVEl3TTFvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTWtWClk5ZkxhWlpJYXdIOEpDUDVvdndHZU5uOHpaRUluZHhONjBnUVF5QXlSNXFHVkt2NTdUek1IVlY5bWtFMEF4QWgKRHJQbEFBVXVDaWJqbm1UeHJNSTduWkIrNDlObVJ4RmQ3OVhpanZWRmFoSklIUnd0SG8vZFhmNTA0NFFwT3A1ZQpZRHR2alAvL1lubXo5dUY0eFBQS1BWTjBRWWFTLzVsMnpFVkQ5N2JjUWFGd2pCWDFvbXpUQng1SkxNVVlpalRECmVKR2ZmZ0labHVUM3JpbFpuazN2amhsblpRdkFtQUR0ajRFRDVrcTZEUXdvaGU0TWxvQit0azgvL0cyeXB0SEEKMjhwQThVT0FPQjRUQ3dUSlRpYmVhM3dERGNVeDdrZ1JaRHZsTGJBRkpmL2MzcGozOElXNVJxVGFaVFB0YkZMYgpKMGRrczJMMXlXdmlRUHZkQTlzQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZDZ3JOV25tWkpsVm5UMmI5aUtjRE13YlRXL05NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDbE1LNDVJS3hpZDIzdDFzbldCN0w3UDh3UG5RWThheTlLZGFVbldQdTVtcFBCbnBMVQpGdUx6MVE1YjdVY0ltdCswZGN1T3FXKzhFTUU3cU80ekd2WHp1WFk3blU3eG9OU1RBOWxlSGNrMFlWRnpra0UvCnI3WHViU05GZHBacW5PTUtOTlBtRHBoQUx0VzkwYkl1SkE0a1dXUVRmVE15V2ZIL2NtRWlDaFVpSGR3UmF4RVQKeVNOZ2J1Wm1BNGpYSm93TndNejAxQ3FRYWJqWnhIOFZxaFRoMGJOakJ1MXArQVArTzVYemNNcllMSjF0cnV2RgptMVQxN0JuQW50M2xrRmZST3doMXlyQ3E3QTZVVzZUSWwrNHZDb0haVW1lZFlVT1JVNGk3bGRMb3ZCMEFDT3dLCkU0VEdwalJnc21RL0hCVTBKcEFQekxud0N3d2x0L2ZZWitYOQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" | base64 -d-----BEGIN CERTIFICATE-----MIIC5zCCAc+gAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJlcm5ldGVzMB4XDTIzMDExMjA1MTIwM1oXDTMzMDEwOTA1MTIwM1owFTETMBEGA1UEAxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMkVY9fLaZZIawH8JCP5ovwGeNn8zZEIndxN60gQQyAyR5qGVKv57TzMHVV9mkE0AxAhDrPlAAUuCibjnmTxrMI7nZB+49NmRxFd79XijvVFahJIHRwtHo/dXf5044QpOp5eYDtvjP//Ynmz9uF4xPPKPVN0QYaS/5l2zEVD97bcQaFwjBX1omzTBx5JLMUYijTDeJGffgIZluT3rilZnk3vjhlnZQvAmADtj4ED5kq6DQwohe4MloB+tk8//G2yptHA28pA8UOAOB4TCwTJTibea3wDDcUx7kgRZDvlLbAFJf/c3pj38IW5RqTaZTPtbFLbJ0dks2L1yWviQPvdA9sCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFCgrNWnmZJlVnT2b9iKcDMwbTW/NMA0GCSqGSIb3DQEBCwUAA4IBAQClMK45IKxid23t1snWB7L7P8wPnQY8ay9KdaUnWPu5mpPBnpLUFuLz1Q5b7UcImt+0dcuOqW+8EME7qO4zGvXzuXY7nU7xoNSTA9leHck0YVFzkkE/r7XubSNFdpZqnOMKNNPmDphALtW90bIuJA4kWWQTfTMyWfH/cmEiChUiHdwRaxETySNgbuZmA4jXJowNwMz01CqQabjZxH8VqhTh0bNjBu1p+AP+O5XzcMrYLJ1truvFm1T17BnAnt3lkFfROwh1yrCq7A6UW6TIl+4vCoHZUmedYUORU4i7ldLovB0ACOwKE4TGpjRgsmQ/HBU0JpAPzLnwCwwlt/fYZ+X9-----END CERTIFICATE-----

Kubernetes 命名空间

使用default默认就好

凭据

这地方需要添加一个凭借

在弹出的页面中类型选Secret text

下面的Secret通过终端添加:

  • 创建一个
[root@k8s151 ~]$ kubectl create sa jenkinsserviceaccount/jenkins created
  • 获取token名
[root@k8s151 ~]$ kubectl describe sa jenkinsName:jenkinsNamespace: defaultLabels:Annotations: Image pull secrets:Mountable secrets: jenkins-token-j5gd6 #这个就是token名Tokens:jenkins-token-j5gd6Events:

获取token值

[root@k8s151 ~]$ kubectl describe secrets jenkins-token-j5gd6 -n defaultName: jenkins-token-j5gd6Namespace:defaultLabels: Annotations:kubernetes.io/service-account.name: jenkinskubernetes.io/service-account.uid: 1363df30-acbc-4664-ab2f-4a311622c306Type:kubernetes.io/service-account-tokenData====ca.crt: 1066 bytesnamespace:7 bytestoken:eyJhbGciOiJSUzI1NiIsImtpZCI6IkFMcWtERjZsZzE2aXZZWWxkX3NrX2tzQllOejVkd2xEV2ZrM1lhRmliOVUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImplbmtpbnMtdG9rZW4tajVnZDYiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiamVua2lucyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjEzNjNkZjMwLWFjYmMtNDY2NC1hYjJmLTRhMzExNjIyYzMwNiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmplbmtpbnMifQ.M1k9MkA0iiy9LtFIueMQB3ZQmZYI0uYLGgHcM7jNIZTpgl6d53XohQtyCX3IURJlRL8sDleSsJYcBDMaStq4NsGIoEXF5NZDXd77aFDsfSozr4KpBtAZ49qKhFD1ebe-lXp80AlUw6puO6u7WkEoJAH34gVlMqOTujbCC52NVma_wp_Qrm682LKBYr8vFsp-Z4IB4IAK1UP2X17oCojAEGJpjBAH1yhZLGnbCGGN_39h5fcfIx77VpfWKz_3MrzSuIfYZmcrI51d1io82dRdzSunEWw2KKtbtvGVNJsM7EXxOB_zTRaHRRjJf79lJ3c_RPY5IroWQSYspS63RJeu2g

上图中的token即为Secret填入的内容

最后的描述可以随意填写

点击添加,凭据就好了

四、使用rbac授权

Jenkins通过kubernetes-plugin对k8s进行操作,需要在k8s内提前进行rbac授权。为方便管理,我们为其绑定cluster-admin角色。当然也可以进一步缩小使用权限。

k8s内置了很多集群角色

k8s 内置cluster role(集群角色) cluster-admin、admin、 edit、 view的作用范围及区别_学亮编程手记的博客-CSDN博客

#创建serviceaccountskubectl create sa jenkins #给k8s创建一个jenkins用户#对jenkins用户绑定cluster-admin角色(cluster-admin相当于内置的root用户)kubectl create clusterrolebinding jenkins --clusterrole=cluster-admin --serviceaccount=default:jenkins我们也可以创建一个角色,因为cluster-admin的角色权限比较高创建一个service-reader角色cat >service-reader.yaml<<'EOF'kind: ClusterRoleapiVersion: rbac.authorization.k8s.io/v1metadata:namespace: defaultname: service-readerrules:- apiGroups: [""]resources: ["services"]verbs: ["get", "watch", "list"]- apiGroups: [""]resources: ["pods"]verbs: ["get","list","patch","watch"]EOFkubectl apply -f service-reader.yaml#对jenkins用户绑定service-reader角色(cluster-admin相当于内置的root用户)kubectl create clusterrolebinding jenkins --clusterrole=service-reader --serviceaccount=default:jenkins

五、验证

点击连接测试,左侧显示k8s集群版本