Jenkins 作为私有 GKE 集群中的 pod 运行。目前使用helm执行部署时,遇到如下错误。
用户“system:serviceaccount:jenkins:jenkins”无法列出命名空间“kube-system”中API组“”中的资源“pods”
用于部署的命令是
helm install --values=/values_env.yaml --name / --set image.repository= --set image.tag= --namespace
用户“system:serviceaccount:jenkins:jenkins”无法列出命名空间“kube-system”中API组“”中的资源“pods”
【问题讨论】:
标签: jenkins kubernetes google-cloud-platform
服务帐户 jenkins 没有列出 pod kube-system 的权限。 您必须创建具有这些权限的角色并将其与 ClusterRoleBinding / RoleBinding 以及 jenkins 服务帐户绑定。
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: jenkins
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
verbs:
- get
- list
- watch
- create
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- update
- create
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- delete
- list
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- list
- watch
- get
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- apps
- extensions
resources:
- deployments
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
namespace: jenkins
roleRef:
kind: ClusterRole
name: jenkins
apiGroup: rbac.authorization.k8s.io
【讨论】: