I have a problem
Question 1
There is no problem with kubectl accessing Tencent Cluster on Linux host. If you use Kubectl to access a docker container started by Jenkins on Linux host, the connection will timeout
Ping can only ping THROUGH IP. The docker container can ping with IP, because the container helps to remove the port directly.
Ping the domain name on a Linux host (without HTTPS :), Ping cls-igajfhjz.ccs.tencent-cloud.com Ping cls-igajfhjz.ccs.tencent-cloud.com (10.132.18.116) 56(84) bytes of data.64 bytes from cls-igajfhjz.ccs.tencent-cloud.com (10.132.18.116): Icmp_seq = 1 TTL = 54 time = 7.03 ms
The large network address resolved by domain name in the Docker container is also inaccessible on the Linux host, nC-Vz 81.69.157.133 443, and the IP address can be pinged through
Configure the Intranet address https://10.132.18.116 for the K8S cluster in the container
K8S cluster default port is 6443, but Tencent cloud is not ah, too pit.
Question 2
“Jenkins 403 No valid crumb was included in the request”
Reference: www.codenong.com/cs109265932…
Start adding Dhudson parameters. Security. CSRF. GlobalCrumbIssuerConfiguration. DISABLE_CSRF_PROTECTION = true
env: - name: JAVA_OPTS value: -XshowSettings:vm -Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 - Dhudson. Slaves. NodeProvisioner. MARGIN0 = 0.85 -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true -Duser.timezone=Asia/ShanghaiCopy the codeThe git repository cannot be accessed because the domain name cannot be resolved
Error:
Could not resolve host: git.XXXXXX.com
Copy the codeCluster dnsPolicy configuration and scenario description
Find the following information: help.aliyun.com/document_de… ACK supports configuring a different DNS policy for each Pod through the dnsPolicy field. Currently, THE ACK cluster supports four policies:
- ClusterFirst: uses CoreDNS to resolve domain names. The kube-DNS address configured in /etc/resolv.conf is the cluster DNS address. This policy is the default policy for cluster workloads.
- None: The cluster DNS policy is ignored. You need to provide the dnsConfig field to specify DNS configuration information.
- Default: Pod directly inherits the domain name resolution configuration of cluster nodes. That is, the ACK cluster directly uses the /etc/resolv.conf file of ECS (aliyun DNS service is configured in the file).
- ClusterFirstWithHostNet: Forces the ClusterFirst policy to be used in hostNetWork mode (Default policy is used by Default).
Jenkins belongs to the third case, yamL directly configure dnsPolicy: Default OK
Jenkins configures two ways to access the K8S cluster
plug-in
Jenkins downloaded the plug-in Kubernete CLI and then
{ agent any parameters { string(name: 'k8sCredentialsId', defaultValue: 'XXXXXX', description: 'K8S cluster configuration ID ') string(name: 'k8sServerUrl', defaultValue: 'XXXXXX', description: Steps {withKubeConfig([credentialsId: "${ams. K8sCredentialsId}",serverUrl: "${params.k8sServerUrl}"]) { } } } } }Copy the codeNon-plug-in mode
Configure the config file mode in /root/.kubectl
{agent any environment {K8S_CONFIG = credentials('XXXXXX')} stages {stage(' check code ') {steps{sh "mkdir -p /root/.kube" sh "echo ${K8S_CONFIG} | base64 -d > /root/.kube/config" sh "kubectl config --kubeconfig=/root/.kube/config get-contexts" sh "kubectl config --kubeconfig=/root/.kube/config use-context cls-igajfhjz-100021810018-context-default" } } } } }Copy the codeJenkins Deployment Recommendations
Jenkins got the hang of it, and recommended mldong’s series of blogs, which are awesome!
Walk you through k8S-Jenkins installation and assembly line
Walk you through k8S-Jenkins assembly line grammar
Take you hand in hand through the K8S-Jenkins assembly line to launch springboot project
Take you through the K8S-Jenkins assembly line to launch vUE projects