何宇泽

jenkins连接k8s集群

发表于 更新于 分类于
本文字数: 13k 阅读时长 ≈ 11 分钟

1. jenkins连接k8s集群

适用于Jenkins连接二进制、kubeadm、rke等工具创建的K8S集群

1.1. jenkins配置

安装kubernetes插件

点击系统管理->系统设置-添加一个云,在下拉菜单中选择kubernets并添加,如下图所示:

Add a new cloud —-kubernetes

1.2. 获取验证文件

k8s-master服务器

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[root@k8s-master ~]# cat ~/.kube/config 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1EZ3pNREEzTlRJMU9Wb1hEVE14TURneU9EQTNOVEkxT1Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSzlLCnNBNnhZQ24zOVBZeitKWjNLd2tRYW00RytwSkdCTHRyRWFGVzYwam1rQkxCUVZCanJNZ2hVVWxjYUwwWTNybVAKbkpPbWsyRm1VSzFvZW01d21YQndERFppc08wT011bVI2QlJ4UWF5WlJoMW5GQnNWSHFFdXdFY3ROZkFpTThQagpUOVBQclBHbUN0Tm1qSnB6bDVNTnBaQ0htL2hHMUpaK3hlakhzblJDR3NzSzNFMyt6RFJmVk5qc1Vqamd3ME9FCm9vcGRlYUpRTlVZR01CazFJSDFoYW9wZDBFcjVTUDI3R1pzSXZnTFhmRTUvT2tWckN5WEk2UU9EM29LbytJaW8KL0ExNkg2QXZNR21PZXd5R3RzSEQ0YXlhbE5vQVd0cSt2SWx1S1A4ZTZkaC9jcStjb3llYmk1NTZiNWRRK3dIdwpyR0dFK1laeGVWNGxBR3dRMlhVQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFHZGQ0VGx5NDJGclZPOUw5NnV4Znc4Yk54a1MKS2xXdE9EdWpaaUtyMWIyLzluYTVnTlo5cmk0ekYrQ0JhdDVRcURKSmNmQmxPaXAzWm9UWkZnVnJOUTVhYTJGTQpPLzBkRTJ0WVY4MDUxOUFCVXBkWURNek5zVEwzemI3b1dxN0ErQkw1VjF6Z2ppSVBOU3JtVTh3eGhRdXo1YkYvCm41UWZCalJieDdDZGFWdzQ1OHRkaGdRTXpGU0JsdnVSdmZkWGNDbGIwaXBtc2Y3QWFhaGhxcEJva1FNVkZ2VjkKK2ttN3g0cC81QjRucFZSbzd6QWV2ZzJabkNEOHhtRHFWTjY5ZmVsaFZoYUxmakVFNXJtMDBJZTc3TG9ub1grZApIdGlsZGdtd3JPR2REeXhrdk5kb0lyOWFCUVV1WVdZQVpPZXVnMDZURkR1UC90YXhZZTIvRENFSjVLbz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
    server: https://192.168.101.201:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM4akNDQWRxZ0F3SUJBZ0lJUWg4eEgwNzV6NzR3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TVRBNE16QXdOelV5TlRsYUZ3MHlNakE0TXpBd056VXpNRFJhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTZ6dHA2RTNFenN5cjdQUngKZ2J0bUY1VnJ2cUxjUDJwdlM2Yjd3dk5Oc1BVUkkrZFNpc2RBLzA5OHBxY3JUTnhlSUpoODl2ZmlKeXdCN1lVbApJWG9WZC81bXA3R3F2bS94WWRJUHFNZFJPYmtZc2JrTkVBTFBxUllUZHJ0NnQ1TGJEWktETDd3alI2WGpCK3NxCkpldXV2TGM4UHp5ZDZRZmM3QndLTEdGcWgzRTkxUERzWFNSSnp1Y3NQM1IzOWhCWmd4QXBrWW5KMm13dFNuYmEKbkVSanN1S2ZteWVLcHBzdzRya3kyYUI1VzN3cUpZdE5BbU5LTmZDNi9MU2dLN0FVaThGTFFUYVMyTjBNMGRCOQo0UytnaFJvQkRFMlI2SzB5c0lIakRYRXRLWFpXV0VmQzdlRGo1ZkVRN3pBcGhrS2dKL095bEV1SVFOS0J2OEd5CnpodEFzd0lEQVFBQm95Y3dKVEFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFGRDRCUzVwcFp0Ui9tVVdtWG5CU1lvcTJNZkVFTGxEM0JaMQp6d2FFZFFxTWx1SmRWMytKYVlaWEJCWm5wNmgwR0JsSDZ0SGlXVHNxSVpqbGQ2WHRpb3ROWVhTdUtkUEVhYUw1CnA5ZURqdENnNHFsbnc0UHBsNDFTcE9iZFVybzU0cDN3S2lOdUl2ZEw0Yk5TNWhOYWpWdnJqZ0lBV1pBZHBRc1cKYVI0VGcxZWJ0a1RJT0lPcUZjOEV1RkZXa2FQaitlVVNrQzI1c1pUaTZrU0hzNGZleTVROU9YaXp0TGI3TEJUTQpQY2V2cE5NWHBkdFc1bEhCQXFmTmozT3BlV3dxdkozMmpodzFNLzdXcHdCT2p5dHI3amhyT0lWVFFBWHExUVpPCkRpUk5abEZWY3l1eUFKQVBSOGtBdmJka3MrUjlRNWllbzdBY0cxaHRndlA2TEFwTEtQcz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBNnp0cDZFM0V6c3lyN1BSeGdidG1GNVZydnFMY1AycHZTNmI3d3ZOTnNQVVJJK2RTCmlzZEEvMDk4cHFjclROeGVJSmg4OXZmaUp5d0I3WVVsSVhvVmQvNW1wN0dxdm0veFlkSVBxTWRST2JrWXNia04KRUFMUHFSWVRkcnQ2dDVMYkRaS0RMN3dqUjZYakIrc3FKZXV1dkxjOFB6eWQ2UWZjN0J3S0xHRnFoM0U5MVBEcwpYU1JKenVjc1AzUjM5aEJaZ3hBcGtZbkoybXd0U25iYW5FUmpzdUtmbXllS3Bwc3c0cmt5MmFCNVczd3FKWXROCkFtTktOZkM2L0xTZ0s3QVVpOEZMUVRhUzJOME0wZEI5NFMrZ2hSb0JERTJSNksweXNJSGpEWEV0S1haV1dFZkMKN2VEajVmRVE3ekFwaGtLZ0ovT3lsRXVJUU5LQnY4R3l6aHRBc3dJREFRQUJBb0lCQUR4VU9JMURwTDRFNy9NTgpuaTdQaVJkelV2YkpmZ01sb1BXZUZlT2gwc01YbHhYR05mMHhyUkhOcVFKMHpUNGhKbUxsdU9iK0hCby94eDdMCmp3Sk85VUtaRkdyZHZoU3BVUmJ0Y09hd2Q3eCtKRDh3WHBGRXAwMk9ROStucFlsL09INzZuSHFabmRLNlVNZXYKSUZncFlkODBmMWNZak1jL0pRSEpEekxpcVJlakRYVG5PbFJ0MU5kN0FhOVJhT3JRSjdTUXNadVh6K0Z2MzMreQo3LzhmeFd0SGorS3BaMURTdm1CUGRHWEdGRHJIQy9PZ1dIeWRTTU8xejRneGZlY3lWVWxLNFZIaklyaWFzeE9XCjV4Yk9UYjBwM1R3MWcrNHhlZHBRYitzbUxXR0tpSnlORlpYalRQUm1CbGVWSTNLZ3lJT2l1TkgvSkI3ZUJDUzIKQmRja3JNRUNnWUVBN3NXSjhmN1BEc1ZINmxoS3hVa2FKZkdrRUI5dU9rbjR4L1Yrd2xGSFp4OE5mQnNPcnhzcwpvSXN0OVB0Ym1ZbGtkUmdDbFMwN3BybVlhU2w2SUxJK2RzcGFpZUw3ZzFPZENtWGROeWhaL1NVRzdKcDcwZWd2ClljQmU3YlM4SjI5VFRlS2lRcWNSTGhPMExNUGE5M0pFYU5hdzUzNVRZMWxSWDlIMklKOGh3RWNDZ1lFQS9EUisKZ1pBTFFCTUJzUjBZQnM2eWFwSWxzeWFwcy9vM3JUcGVrcGg4ZmJCRTB1MENLZnJqNmhpME8zazRhbGp0VXV6dgpmbjAzSnkvWTBZMEhlU0M4WEtKVDgzOFB2QjdRODNYcFhhb0NTV1pMZFZlVWxMQ1plWVFsUFUybDU4SFFncEJkCnMyZ3ZFcXhNVXZiaXZFRi8wQ3J6cFp0a1gydk1KTzc3RFduby9qVUNnWUE5a1h4UGhUZlpCQy9XRXF3OUVPdUkKS3pYMTNsVHEvTllFb1ozczkwNWxIZEc1VmJURW5FbzJuNHpiSmRGcDFzNnJqdVJqbVFWUHFYM09hQjZRdmNWegpsaHdnZ0FJQXpCZXJiYmJNR1VDVEVQQW5KSEtYSHJyUkJ1eXplSzRuc1FJWERFQncxV21OcXhFRGxnRXBXektlCm9mVjl5OG91elFJNXBnZEVSQ1JNMHdLQmdRRFc5eGRzNzQzblMwd0IzcjUvN3VYOEdCMnlHWjVFSFY0ZmRNVHYKUnJHMW4rekpxK0pRVGR5OXg5aTNhSmRCYmhLNnYrRlNldi9ya3NqSHMrRk95U3hEK01oOW55dVdPTjM0NWVQSApSZ1UwOHRBV2NGUGdlTFlYOFI2Y3BmWm5GN2ZWMFo5TUw5MFBtWFJrc3JLSHEzeDV2bUoySVlEb0pFV1lwV212CkFUcnFrUUtCZ0h4MlNyeCtVbzZRZmtoeGlUTGxyYWJwRy9GSDFZeFBQeTNkVkNzTDVUVEtYSGM3Z0hFem9xSUkKbnJXUUc2dUJNMDRYRkdLWll1TlZ6OEhTSURvVVlPVkEvOUdya21SZ0tWSThIeWNxT1diVXcrMnMxbWQzWC9GTAphVjNkalk3Wmwwa1Y2SDV1UXVtQlVSWTBZdS9LdW5OY2cybW1BeHN3T1hPUDdlRmN1bG85Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
  • 生成ca.crt

获取~/.kube/config中certificate-authority-data的内容并转化成base64 encoded文件,生成:ca.crt

命令:echo xxxxxxxxx | base64 -d >ca.crt

1
[root@k8s-master cert]# echo LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1EZ3pNREEzTlRJMU9Wb1hEVE14TURneU9EQTNOVEkxT1Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSzlLCnNBNnhZQ24zOVBZeitKWjNLd2tRYW00RytwSkdCTHRyRWFGVzYwam1rQkxCUVZCanJNZ2hVVWxjYUwwWTNybVAKbkpPbWsyRm1VSzFvZW01d21YQndERFppc08wT011bVI2QlJ4UWF5WlJoMW5GQnNWSHFFdXdFY3ROZkFpTThQagpUOVBQclBHbUN0Tm1qSnB6bDVNTnBaQ0htL2hHMUpaK3hlakhzblJDR3NzSzNFMyt6RFJmVk5qc1Vqamd3ME9FCm9vcGRlYUpRTlVZR01CazFJSDFoYW9wZDBFcjVTUDI3R1pzSXZnTFhmRTUvT2tWckN5WEk2UU9EM29LbytJaW8KL0ExNkg2QXZNR21PZXd5R3RzSEQ0YXlhbE5vQVd0cSt2SWx1S1A4ZTZkaC9jcStjb3llYmk1NTZiNWRRK3dIdwpyR0dFK1laeGVWNGxBR3dRMlhVQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFHZGQ0VGx5NDJGclZPOUw5NnV4Znc4Yk54a1MKS2xXdE9EdWpaaUtyMWIyLzluYTVnTlo5cmk0ekYrQ0JhdDVRcURKSmNmQmxPaXAzWm9UWkZnVnJOUTVhYTJGTQpPLzBkRTJ0WVY4MDUxOUFCVXBkWURNek5zVEwzemI3b1dxN0ErQkw1VjF6Z2ppSVBOU3JtVTh3eGhRdXo1YkYvCm41UWZCalJieDdDZGFWdzQ1OHRkaGdRTXpGU0JsdnVSdmZkWGNDbGIwaXBtc2Y3QWFhaGhxcEJva1FNVkZ2VjkKK2ttN3g0cC81QjRucFZSbzd6QWV2ZzJabkNEOHhtRHFWTjY5ZmVsaFZoYUxmakVFNXJtMDBJZTc3TG9ub1grZApIdGlsZGdtd3JPR2REeXhrdk5kb0lyOWFCUVV1WVdZQVpPZXVnMDZURkR1UC90YXhZZTIvRENFSjVLbz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= | base64 -d >ca.crt
  • 生成client.crt

获取~/.kube/config中client-certificate-data的内容并转化成base64 encoded文件,生成:client.crt

命令:echo xxxxxxxxx | base64 -d >client.crt

1
[root@k8s-master cert]# echo LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM4akNDQWRxZ0F3SUJBZ0lJUWg4eEgwNzV6NzR3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TVRBNE16QXdOelV5TlRsYUZ3MHlNakE0TXpBd056VXpNRFJhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTZ6dHA2RTNFenN5cjdQUngKZ2J0bUY1VnJ2cUxjUDJwdlM2Yjd3dk5Oc1BVUkkrZFNpc2RBLzA5OHBxY3JUTnhlSUpoODl2ZmlKeXdCN1lVbApJWG9WZC81bXA3R3F2bS94WWRJUHFNZFJPYmtZc2JrTkVBTFBxUllUZHJ0NnQ1TGJEWktETDd3alI2WGpCK3NxCkpldXV2TGM4UHp5ZDZRZmM3QndLTEdGcWgzRTkxUERzWFNSSnp1Y3NQM1IzOWhCWmd4QXBrWW5KMm13dFNuYmEKbkVSanN1S2ZteWVLcHBzdzRya3kyYUI1VzN3cUpZdE5BbU5LTmZDNi9MU2dLN0FVaThGTFFUYVMyTjBNMGRCOQo0UytnaFJvQkRFMlI2SzB5c0lIakRYRXRLWFpXV0VmQzdlRGo1ZkVRN3pBcGhrS2dKL095bEV1SVFOS0J2OEd5CnpodEFzd0lEQVFBQm95Y3dKVEFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFGRDRCUzVwcFp0Ui9tVVdtWG5CU1lvcTJNZkVFTGxEM0JaMQp6d2FFZFFxTWx1SmRWMytKYVlaWEJCWm5wNmgwR0JsSDZ0SGlXVHNxSVpqbGQ2WHRpb3ROWVhTdUtkUEVhYUw1CnA5ZURqdENnNHFsbnc0UHBsNDFTcE9iZFVybzU0cDN3S2lOdUl2ZEw0Yk5TNWhOYWpWdnJqZ0lBV1pBZHBRc1cKYVI0VGcxZWJ0a1RJT0lPcUZjOEV1RkZXa2FQaitlVVNrQzI1c1pUaTZrU0hzNGZleTVROU9YaXp0TGI3TEJUTQpQY2V2cE5NWHBkdFc1bEhCQXFmTmozT3BlV3dxdkozMmpodzFNLzdXcHdCT2p5dHI3amhyT0lWVFFBWHExUVpPCkRpUk5abEZWY3l1eUFKQVBSOGtBdmJka3MrUjlRNWllbzdBY0cxaHRndlA2TEFwTEtQcz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= | base64 -d >client.crt
  • 生成client.key

获取~/.kube/config中client-key-data的内容并转化成base64 encoded文件,生成:client.key

命令:echo xxxxxxxxx | base64 -d >client.key

1
[root@k8s-master cert]# echo LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBNnp0cDZFM0V6c3lyN1BSeGdidG1GNVZydnFMY1AycHZTNmI3d3ZOTnNQVVJJK2RTCmlzZEEvMDk4cHFjclROeGVJSmg4OXZmaUp5d0I3WVVsSVhvVmQvNW1wN0dxdm0veFlkSVBxTWRST2JrWXNia04KRUFMUHFSWVRkcnQ2dDVMYkRaS0RMN3dqUjZYakIrc3FKZXV1dkxjOFB6eWQ2UWZjN0J3S0xHRnFoM0U5MVBEcwpYU1JKenVjc1AzUjM5aEJaZ3hBcGtZbkoybXd0U25iYW5FUmpzdUtmbXllS3Bwc3c0cmt5MmFCNVczd3FKWXROCkFtTktOZkM2L0xTZ0s3QVVpOEZMUVRhUzJOME0wZEI5NFMrZ2hSb0JERTJSNksweXNJSGpEWEV0S1haV1dFZkMKN2VEajVmRVE3ekFwaGtLZ0ovT3lsRXVJUU5LQnY4R3l6aHRBc3dJREFRQUJBb0lCQUR4VU9JMURwTDRFNy9NTgpuaTdQaVJkelV2YkpmZ01sb1BXZUZlT2gwc01YbHhYR05mMHhyUkhOcVFKMHpUNGhKbUxsdU9iK0hCby94eDdMCmp3Sk85VUtaRkdyZHZoU3BVUmJ0Y09hd2Q3eCtKRDh3WHBGRXAwMk9ROStucFlsL09INzZuSHFabmRLNlVNZXYKSUZncFlkODBmMWNZak1jL0pRSEpEekxpcVJlakRYVG5PbFJ0MU5kN0FhOVJhT3JRSjdTUXNadVh6K0Z2MzMreQo3LzhmeFd0SGorS3BaMURTdm1CUGRHWEdGRHJIQy9PZ1dIeWRTTU8xejRneGZlY3lWVWxLNFZIaklyaWFzeE9XCjV4Yk9UYjBwM1R3MWcrNHhlZHBRYitzbUxXR0tpSnlORlpYalRQUm1CbGVWSTNLZ3lJT2l1TkgvSkI3ZUJDUzIKQmRja3JNRUNnWUVBN3NXSjhmN1BEc1ZINmxoS3hVa2FKZkdrRUI5dU9rbjR4L1Yrd2xGSFp4OE5mQnNPcnhzcwpvSXN0OVB0Ym1ZbGtkUmdDbFMwN3BybVlhU2w2SUxJK2RzcGFpZUw3ZzFPZENtWGROeWhaL1NVRzdKcDcwZWd2ClljQmU3YlM4SjI5VFRlS2lRcWNSTGhPMExNUGE5M0pFYU5hdzUzNVRZMWxSWDlIMklKOGh3RWNDZ1lFQS9EUisKZ1pBTFFCTUJzUjBZQnM2eWFwSWxzeWFwcy9vM3JUcGVrcGg4ZmJCRTB1MENLZnJqNmhpME8zazRhbGp0VXV6dgpmbjAzSnkvWTBZMEhlU0M4WEtKVDgzOFB2QjdRODNYcFhhb0NTV1pMZFZlVWxMQ1plWVFsUFUybDU4SFFncEJkCnMyZ3ZFcXhNVXZiaXZFRi8wQ3J6cFp0a1gydk1KTzc3RFduby9qVUNnWUE5a1h4UGhUZlpCQy9XRXF3OUVPdUkKS3pYMTNsVHEvTllFb1ozczkwNWxIZEc1VmJURW5FbzJuNHpiSmRGcDFzNnJqdVJqbVFWUHFYM09hQjZRdmNWegpsaHdnZ0FJQXpCZXJiYmJNR1VDVEVQQW5KSEtYSHJyUkJ1eXplSzRuc1FJWERFQncxV21OcXhFRGxnRXBXektlCm9mVjl5OG91elFJNXBnZEVSQ1JNMHdLQmdRRFc5eGRzNzQzblMwd0IzcjUvN3VYOEdCMnlHWjVFSFY0ZmRNVHYKUnJHMW4rekpxK0pRVGR5OXg5aTNhSmRCYmhLNnYrRlNldi9ya3NqSHMrRk95U3hEK01oOW55dVdPTjM0NWVQSApSZ1UwOHRBV2NGUGdlTFlYOFI2Y3BmWm5GN2ZWMFo5TUw5MFBtWFJrc3JLSHEzeDV2bUoySVlEb0pFV1lwV212CkFUcnFrUUtCZ0h4MlNyeCtVbzZRZmtoeGlUTGxyYWJwRy9GSDFZeFBQeTNkVkNzTDVUVEtYSGM3Z0hFem9xSUkKbnJXUUc2dUJNMDRYRkdLWll1TlZ6OEhTSURvVVlPVkEvOUdya21SZ0tWSThIeWNxT1diVXcrMnMxbWQzWC9GTAphVjNkalk3Wmwwa1Y2SDV1UXVtQlVSWTBZdS9LdW5OY2cybW1BeHN3T1hPUDdlRmN1bG85Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== | base64 -d >client.key

查看生成的证书

1
2
3
4
5
[root@k8s-master cert]# ll
total 12
-rw-r--r-- 1 root root 1025 Oct 15 14:12 ca.crt
-rw-r--r-- 1 root root 1082 Oct 15 14:13 client.crt
-rw-r--r-- 1 root root 1675 Oct 15 14:15 client.key

生成Client P12认证文件cert.pfx,并下载至本地(注意自己生成证书的路径)

命令:openssl pkcs12 -export -out /root/cert/cert.pfx -inkey /root/cert/client.key -in /root/cert/client.crt -certfile /root/cert/ca.crt

1
2
3
[root@k8s-master cert]# openssl pkcs12 -export -out /root/cert/cert.pfx -inkey /root/cert/client.key -in /root/cert/client.crt -certfile /root/cert/ca.crt
Enter Export Password:
Verifying - Enter Export Password:

注:自定义一个密码并牢记:123456

查看证书

1
2
3
4
5
6
[root@k8s-master cert]# ll
total 16
-rw-r--r-- 1 root root 1025 Oct 15 14:12 ca.crt
-rw------- 1 root root 3117 Oct 15 14:27 cert.pfx
-rw-r--r-- 1 root root 1082 Oct 15 14:13 client.crt
-rw-r--r-- 1 root root 1675 Oct 15 14:15 client.key

将cert.pfx下载到本地备用。

1.3. 在Jenkins云kubernetes中添加凭证

添加凭证-》首先密码填写123456-》类型-》Certificate-》Upload PKCS#12 certificate-》上传证书-》选择文件-》cert-》打开-》上传-》添加-》选择凭证

注:Upload certificate上次刚生成并下载至本地的cert.pfx文件,Password值添加生成cert.pfx文件时输入的密钥

ID和描述自己随便填写即可,我这里都写了default-cluster

所有配置完成后点击确定即可看到我们配置的凭证

1.4. 配置kubernetes云

配置参数

  • 名称:kubernetes

  • Kubernetes 地址:https://192.168.101.201:6443;(Kubernetes 地址可以通过kuberctl cluster-info获取)

  • Kubernetes 服务证书 key:将前面生成的证书文件内容写入(ca.crt);(证书key就是前面生成的ca.crt)

  • Kubernetes 命名空间:kubernetes;(~/.kube/config中的 cluster: kubernetes)

  • 凭据:CN=…… ;(选择刚才添加的凭据即可)

  • jenkins地址:http://192.168.101.234;

  • 其它配置默认即可

所有配置填写完成后点击连接测试,出现Connected to Kubernetes 1.18表示成功。

-------------本文结束感谢您的阅读-------------