Jenkins Kubernetes插件未能提供jnlp-从吊舱
我有一个Kubernetes 1.10.0,Docker 17.03.2-CE和Jenkins 2.107.1运行在Ubuntu 17.04 VM上,Jenkins安装了Kubernetes插件1.5。我有另外4个Ubuntu虚拟机成功地设置为集群中的节点,包括未受污染的master。我可以直接部署基于Nginx的服务,并且可以不受限制地访问仪表板。所以,Kubernetes本身似乎已经足够快乐了。
在你提到它之前,让我说,我们没有在Kubernetes内部运行Jenkins master的短期计划。所以,我更愿意让这个策略发挥作用。
Kubernetes云的插件配置如下:
“名字”:kubernetes
“Kubernetes URL”:https://172.20.43.30:6443
从
# kubectl describe pods/kube-apiserver-jenkins-kube-master --namespace=kube-system | grep Liveness
Liveness: http-get https://172.20.43.30:6443/healthz delay=15s timeout=15s period=10s #success=1 #failure=8
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
"reason": "Forbidden",
"details": {
},
"code": 403
}
# kubectl get pods/kube-apiserver-jenkins-kube-master -o yaml --namespace=kube-system | grep tls
- --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
- --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
# cat /etc/kubernetes/pki/apiserver.crt
-----BEGIN CERTIFICATE-----
MIIDZ******
*******************
****PP5wigl
-----END CERTIFICATE-----
创建jenkins-namespace.yaml并添加以下内容:
apiVersion: v1
kind: Namespace
metadata:
name: jenkins-slaves
labels:
name: jenkins-slaves
spec:
finalizers:
- kubernetes
然后
# kubectl create -f jenkins-namespace.yaml
namespace "jenkins-slaves" created
# kubectl -n jenkins-slaves create sa jenkins
serviceaccount "jenkins" created
# kubectl create role jenkins --verb=get,list,watch,create,patch,delete --resource=pods
role.rbac.authorization.k8s.io "jenkins" created
# kubectl create rolebinding jenkins --role=jenkins --serviceaccount=jenkins-slaves:jenkins
rolebinding.rbac.authorization.k8s.io "jenkins" created
# kubectl create clusterrolebinding jenkins --clusterrole cluster-admin --serviceaccount=jenkins-slaves:jenkins
clusterrolebinding.rbac.authorization.k8s.io "jenkins" created
添加了一个“秘密文本”的詹金斯凭据,使用从
# kubectl get -n jenkins-slaves sa/jenkins --template='{{range .secrets}}{{ .name }} {{end}}' | xargs -n 1 kubectl -n jenkins-slaves get secret --template='{{ if .data.token }}{{ .data.token }}{{end}}' | head -n 1 | base64 -d -
“测试连接”显示“连接测试成功”
应该注意的是,同样的令牌可以用于以完全访问权限登录Kubernetes仪表板。
“詹金斯网址”:http://172.20.43.30:8080
“Kubernetes吊舱模板:name”:jnlp slave
“Kubernetes吊舱模板:命名空间”:jenkins-slaves
“Kubernetes吊舱模板:标签”:詹金斯-奴隶
“Kubernetes Pod模板:Usage”:仅使用匹配此节点的标签表达式构建作业
“Kubernetes吊舱模板:容器模板:name”:jnlp-slave
“Kubernetes吊舱模板:容器模板:Docker图像”:Jenkins/JNLP-slave
“Kubernetes Pod Template:Container Template:Working Directory”:./.Jenkins-Agent
此时,如果我创建一个作业,并将该项目可以运行的位置“限制为”Jenkins-slaves“的”标签表达式“,我将得到:
Label jenkins-slaves is serviced by no nodes and 1 cloud. Permissions or other restrictions provided by plugins may prevent this job from running on those nodes.
如果我尝试构建作业,它将位于构建队列中,“构建执行器状态”将周期性地显示“jnlp-slave-######(脱机)(挂起)”,然后几秒钟后消失。
Apr 03, 2018 12:16:21 PM SEVERE org.csanchez.jenkins.plugins.kubernetes.KubernetesLauncher logLastLines
Error in provisioning; agent=KubernetesSlave name: jnlp-slave-t8004, template=PodTemplate{inheritFrom='', name='jnlp slave', namespace='jenkins-slaves', label='jenkins-slaves', nodeSelector='', nodeUsageMode=EXCLUSIVE, workspaceVolume=org.csanchez.jenkins.plugins.kubernetes.volumes.workspace.EmptyDirWorkspaceVolume@44dcba2d, containers=[ContainerTemplate{name='jnlp-slave', image='jenkins/jnlp-slave', workingDir='./.jenkins-agent', command='/bin/sh -c', args='cat', ttyEnabled=true, resourceRequestCpu='', resourceRequestMemory='', resourceLimitCpu='', resourceLimitMemory='', livenessProbe=org.csanchez.jenkins.plugins.kubernetes.ContainerLivenessProbe@58f0ceec}]}. Container jnlp exited with error 255. Logs: Warning: JnlpProtocol3 is disabled by default, use JNLP_PROTOCOL_OPTS to alter the behavior
Warning: SECRET is defined twice in command-line arguments and the environment variable
Warning: AGENT_NAME is defined twice in command-line arguments and the environment variable
Apr 03, 2018 4:16:16 PM hudson.remoting.jnlp.Main createEngine
INFO: Setting up agent: jnlp-slave-t8004
Apr 03, 2018 4:16:16 PM hudson.remoting.jnlp.Main$CuiListener <init>
INFO: Jenkins agent is running in headless mode.
Apr 03, 2018 4:16:16 PM hudson.remoting.Engine startEngine
INFO: Using Remoting version: 3.19
Apr 03, 2018 4:16:16 PM hudson.remoting.Engine startEngine
WARNING: No Working Directory. Using the legacy JAR Cache location: /home/jenkins/.jenkins/cache/jars
Apr 03, 2018 4:16:17 PM hudson.remoting.jnlp.Main$CuiListener status
INFO: Locating server among [http://172.20.43.30:8080/]
Apr 03, 2018 4:16:17 PM hudson.remoting.jnlp.Main$CuiListener error
SEVERE: http://172.20.43.30:8080/tcpSlaveAgentListener/ is invalid: 404 Not Found
java.io.IOException: http://172.20.43.30:8080/tcpSlaveAgentListener/ is invalid: 404 Not Found
at org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.resolve(JnlpAgentEndpointResolver.java:197)
at hudson.remoting.Engine.innerRun(Engine.java:518)
at hudson.remoting.Engine.run(Engine.java:469)
Apr 03, 2018 12:16:21 PM INFO org.csanchez.jenkins.plugins.kubernetes.KubernetesSlave _terminate
Terminating Kubernetes instance for agent jnlp-slave-t8004
Apr 03, 2018 12:16:21 PM WARNING io.fabric8.kubernetes.client.Config tryServiceAccount
Error reading service account token from: [/var/run/secrets/kubernetes.io/serviceaccount/token]. Ignoring.
Apr 03, 2018 12:16:21 PM INFO okhttp3.internal.platform.Platform log
ALPN callback dropped: HTTP/2 is disabled. Is alpn-boot on the boot class path?
Apr 03, 2018 12:16:21 PM INFO org.csanchez.jenkins.plugins.kubernetes.KubernetesSlave _terminate
Terminated Kubernetes instance for agent jenkins-slaves/jnlp-slave-t8004
Apr 03, 2018 12:16:21 PM INFO org.csanchez.jenkins.plugins.kubernetes.KubernetesSlave _terminate
Disconnected computer jnlp-slave-t8004
Apr 03, 2018 12:16:25 PM INFO org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud provision
Excess workload after pending Kubernetes agents: 1
Apr 03, 2018 12:16:25 PM INFO org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud provision
Template: Kubernetes Pod Template
Apr 03, 2018 12:16:25 PM WARNING io.fabric8.kubernetes.client.Config tryServiceAccount
Error reading service account token from: [/var/run/secrets/kubernetes.io/serviceaccount/token]. Ignoring.
Apr 03, 2018 12:16:25 PM INFO okhttp3.internal.platform.Platform log
ALPN callback dropped: HTTP/2 is disabled. Is alpn-boot on the boot class path?
Apr 03, 2018 12:16:25 PM INFO hudson.slaves.NodeProvisioner$StandardStrategyImpl apply
Started provisioning Kubernetes Pod Template from kubernetes with 1 executors. Remaining excess workload: 0
Apr 03, 2018 12:16:35 PM WARNING io.fabric8.kubernetes.client.Config tryServiceAccount
Error reading service account token from: [/var/run/secrets/kubernetes.io/serviceaccount/token]. Ignoring.
Apr 03, 2018 12:16:35 PM INFO hudson.slaves.NodeProvisioner$2 run
Kubernetes Pod Template provisioning successfully completed. We have now 2 computer(s)
Apr 03, 2018 12:16:35 PM INFO org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud provision
Excess workload after pending Kubernetes agents: 0
Apr 03, 2018 12:16:35 PM INFO org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud provision
Template: Kubernetes Pod Template
Apr 03, 2018 12:16:35 PM INFO okhttp3.internal.platform.Platform log
ALPN callback dropped: HTTP/2 is disabled. Is alpn-boot on the boot class path?
Apr 03, 2018 12:16:35 PM INFO org.csanchez.jenkins.plugins.kubernetes.KubernetesLauncher launch
Created Pod: jnlp-slave-bnz94 in namespace jenkins-slaves
Apr 03, 2018 12:16:35 PM INFO org.csanchez.jenkins.plugins.kubernetes.KubernetesLauncher launch
共有1个答案
我转到http://172.20.43.30:8080/configuresecurity/并将“agents:TCP端口for JNLP agents”设置为“random”
然后,我得到了一个“jnlp-slave-ttm5v(挂起)”,该“jnlp-slave-ttm5v”保持在“build Executor状态”
日志上说:
Container is waiting jnlp-slave-ttm5v [jnlp-slave]:
ContainerStateWaiting(message=Error response from daemon: the working directory './.jenkins-agent' is invalid, it needs to be an absolute path, reason=CreateContainerError, additionalProperties={})
在将“工作目录”设置为“/home/jenkins”后,我看到一个豆荚实际上在K8S上被创建:
# kubectl get pods --namespace=jenkins-slaves
NAME READY STATUS RESTARTS AGE
jnlp-slave-1ds27 2/2 Running 0 42s
我的工作成功运行了!
Started by user Buildguy
Agent jnlp-slave-1ds27 is provisioned from template Kubernetes Pod Template
Agent specification [Kubernetes Pod Template] (jenkins-slaves):
* [jnlp-slave] jenkins/jnlp-slave(resourceRequestCpu: , resourceRequestMemory: , resourceLimitCpu: , resourceLimitMemory: )
Building remotely on jnlp-slave-1ds27 (jenkins-slaves) in workspace
/home/jenkins/workspace/maven-parent-poms
-
这个问题更侧重于理解maven的生命周期,而不是解决一个真正的问题。 我们有一个包含几个maven模块的项目。Jacoco和Surefire插件都是在父pom中配置的。xml格式如下: 这种配置运行良好,jacoco。执行常见目标时,会在目标目录上创建exec文件,例如: 或 但如果我们执行以下命令,jacoco。未创建exec文件: 通过使用-X选项分析日志,surefire插件表明它将按照预期
-
我已经写了功能文件,我已经使用了示例关键字。其中一个输入没有传递到输入字段。 提供了多个用户名和密码,许多用户应该能够登录到newtours 场景大纲:使用凭据登录到帐户 给定用户导航到“ 和用户单击注册按钮 然后用户输入“”名字 然后用户输入“”lastname 和用户输入“”电话 然后用户输入“”emailaddress 和用户输入“”地址 和用户输入“”城市 并且用户进入“”状态 用户输入“
-
当在OS X上使用Chrome或Safari访问此控制器方法时,开发人员工具报告请求被取消--没有收到响应,无论是200还是404。我已经确认了SimpleResponse实际上是由这个控制器操作在请求上返回的。我希望它能提供一个好的响应,但是Play不能完成响应,或者我的浏览器不能接受它。我是在这里做了什么错误的回应,还是在框架中偶然发现了一个bug? 我的游戏版本是2.1.3。
-
问题内容: 我只是熟悉Apache JackRabbit。我已经完成了一些用于文档管理的多用户存储库。 如果有人同时使用它们,您能回答这些问题吗? ModeShape是否以某种方式链接到JBoss?我对JBoss AS或任何其他JBoss工具没有太多经验。我看到了对tomcat的支持,但是有很多JBossy的东西 文档说将来的发行版应该具有UI集成,这还有很长的路要走吗?它将是什么样的UI集成?是
-
我正在尝试使用Spring Security SAML扩展将SAML SSO与Spring Security集成。之前,我成功地运行了一个在这里找到的概念验证:https://github.com/vdenotaris/spring-boot-security-saml-sample。不幸的是,将配置移动到我的项目后,它无法正常工作。 在分析日志之后,我发现我的应用程序(SP)从提供的URL正确下
-
我制作了一个customer-pod(包括一个运行在端口8080上的Spring Boot应用程序的映像)。 我可以用“$kubectl get pods commands-o wide”来检查它 ================================================================= 名称就绪状态重新启动老化IP节点