gpt4 book ai didi

Kubernetes 上的 Jenkins - 权限被拒绝

转载 作者:行者123 更新时间:2023-12-04 16:25:35 24 4
gpt4 key购买 nike

我正在尝试使用 Helm 3 并按照官方说明在 Kubernetes 上安装 Jenkins,但遇到了权限问题。

---

apiVersion: v1
kind: Namespace
metadata:
name: jenkins
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: jenkins-pv
namespace: jenkins
spec:
storageClassName: jenkins-pv
accessModes:
- ReadWriteOnce
capacity:
storage: 5Gi
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /data/jenkins-volume/
然后下拉 values.yaml文件: wget https://raw.githubusercontent.com/jenkinsci/helm-charts/main/charts/jenkins/values.yaml我调整了 adminPassword (这是一个演示系统): adminPassword: "mySecret"终于换了 storageClass:成为 storageClass: jenkins-pv输出/调试日志
$ kubectl logs -n jenkins jenkins-0 init
disable Setup Wizard
/var/jenkins_config/apply_config.sh: 4: /var/jenkins_config/apply_config.sh: cannot create /var/jenkins_home/jenkins.install.UpgradeWizard.state: Permission denied


$ kubectl describe pod -n jenkins jenkins-0

Name: jenkins-0
Namespace: jenkins
Priority: 0
Node: ip-172-31-40-127/172.31.40.127
Start Time: Mon, 30 Nov 2020 10:37:19 +0000
Labels: app.kubernetes.io/component=jenkins-controller
app.kubernetes.io/instance=jenkins
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=jenkins
controller-revision-hash=jenkins-57958b7d49
statefulset.kubernetes.io/pod-name=jenkins-0
Annotations: checksum/config: 2a4c2b3ea5dea271cb7c0b8e8582b682814d39f8e933e0348725b0b9a7dbf258
Status: Pending
IP: 10.42.0.44
IPs:
IP: 10.42.0.44
Controlled By: StatefulSet/jenkins
Init Containers:
init:
Container ID: containerd://64862ebd6791966db07981196d5dbd4c3b583d9e3e6543a31b252d19c2f9405b
Image: jenkins/jenkins:lts
Image ID: docker.io/jenkins/jenkins@sha256:980d55fd29a287d2d085c08c2bb6c629395ab2e3dd7547641035b4f126acc322
Port: <none>
Host Port: <none>
Command:
sh
/var/jenkins_config/apply_config.sh
State: Terminated
Reason: Error
Exit Code: 2
Started: Mon, 30 Nov 2020 10:53:41 +0000
Finished: Mon, 30 Nov 2020 10:53:41 +0000
Last State: Terminated
Reason: Error
Exit Code: 2
Started: Mon, 30 Nov 2020 10:48:29 +0000
Finished: Mon, 30 Nov 2020 10:48:29 +0000
Ready: False
Restart Count: 8
Limits:
cpu: 2
memory: 4Gi
Requests:
cpu: 50m
memory: 256Mi
Environment: <none>
Mounts:
/usr/share/jenkins/ref/plugins from plugins (rw)
/var/jenkins_config from jenkins-config (rw)
/var/jenkins_home from jenkins-home (rw)
/var/jenkins_plugins from plugin-dir (rw)
/var/run/secrets/kubernetes.io/serviceaccount from jenkins-token-zjzdt (ro)
Containers:
jenkins:
Container ID:
Image: jenkins/jenkins:lts
Image ID:
Ports: 8080/TCP, 50000/TCP
Host Ports: 0/TCP, 0/TCP
Args:
--httpPort=8080
State: Waiting
Reason: PodInitializing
Ready: False
Restart Count: 0
Limits:
cpu: 2
memory: 4Gi
Requests:
cpu: 50m
memory: 256Mi
Liveness: http-get http://:http/login delay=0s timeout=5s period=10s #success=1 #failure=5
Readiness: http-get http://:http/login delay=0s timeout=5s period=10s #success=1 #failure=3
Startup: http-get http://:http/login delay=0s timeout=5s period=10s #success=1 #failure=12
Environment:
POD_NAME: jenkins-0 (v1:metadata.name)
JAVA_OPTS: -Dcasc.reload.token=$(POD_NAME)
JENKINS_OPTS:
JENKINS_SLAVE_AGENT_PORT: 50000
CASC_JENKINS_CONFIG: /var/jenkins_home/casc_configs
Mounts:
/run/secrets/chart-admin-password from admin-secret (ro,path="jenkins-admin-password")
/run/secrets/chart-admin-username from admin-secret (ro,path="jenkins-admin-user")
/usr/share/jenkins/ref/plugins/ from plugin-dir (rw)
/var/jenkins_config from jenkins-config (ro)
/var/jenkins_home from jenkins-home (rw)
/var/jenkins_home/casc_configs from sc-config-volume (rw)
/var/run/secrets/kubernetes.io/serviceaccount from jenkins-token-zjzdt (ro)
config-reload:
Container ID:
Image: kiwigrid/k8s-sidecar:0.1.275
Image ID:
Port: <none>
Host Port: <none>
State: Waiting
Reason: PodInitializing
Ready: False
Restart Count: 0
Environment:
POD_NAME: jenkins-0 (v1:metadata.name)
LABEL: jenkins-jenkins-config
FOLDER: /var/jenkins_home/casc_configs
NAMESPACE: jenkins
REQ_URL: http://localhost:8080/reload-configuration-as-code/?casc-reload-token=$(POD_NAME)
REQ_METHOD: POST
REQ_RETRY_CONNECT: 10
Mounts:
/var/jenkins_home from jenkins-home (rw)
/var/jenkins_home/casc_configs from sc-config-volume (rw)
/var/run/secrets/kubernetes.io/serviceaccount from jenkins-token-zjzdt (ro)
Conditions:
Type Status
Initialized False
Ready False
ContainersReady False
PodScheduled True
Volumes:
plugins:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
jenkins-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: jenkins
Optional: false
plugin-dir:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
jenkins-home:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: jenkins
ReadOnly: false
sc-config-volume:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
admin-secret:
Type: Secret (a volume populated by a Secret)
SecretName: jenkins
Optional: false
jenkins-token-zjzdt:
Type: Secret (a volume populated by a Secret)
SecretName: jenkins-token-zjzdt
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled <unknown> default-scheduler Successfully assigned jenkins/jenkins-0 to ip-172-31-40-127
Normal Pulled 15m (x4 over 16m) kubelet, ip-172-31-40-127 Successfully pulled image "jenkins/jenkins:lts"
Normal Created 15m (x4 over 16m) kubelet, ip-172-31-40-127 Created container init
Normal Started 15m (x4 over 16m) kubelet, ip-172-31-40-127 Started container init
Normal Pulling 14m (x5 over 16m) kubelet, ip-172-31-40-127 Pulling image "jenkins/jenkins:lts"
Warning BackOff 74s (x71 over 16m) kubelet, ip-172-31-40-127 Back-off restarting failed container

最佳答案

我看到使用 hostPath 时会发生这种情况Minikube 单节点集群,如文档中所述。问题是因为 /data/jenkins-volume Minikube 节点中的文件夹是用 root 创建的所有权。
所以,如果你不想以 root 身份运行 runAsUser: 0您可以更改 /data/jenkins-volume 中的权限进入节点:

$ minikube ssh

$ sudo chown -R 1000:1000 /data/jenkins-volume
一旦你这样做了,你就可以创建 pv并使用带有值的 Helm 部署 Jenkins:
runAsUser: 1000
fsGroup: 1000
它对我有用。

关于Kubernetes 上的 Jenkins - 权限被拒绝,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/65072209/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com