【发布时间】:2021-05-12 04:23:56
【问题描述】:
请在下面找到我正在执行的操作序列,以针对 kubectl 进行授权和身份验证,以便能够在 EKS 集群上执行部署
- SAML 登录
- 从 Artifactory 下载正确的 kubeconfig
- 使用下载的 kubeconfig #这个阶段出现问题!
Jenkins执行日志如下:
Logged in as: arn:aws:sts::XXXXXXXXXXXX:assumed-role/dev-role/testusername
Your new access key pair has been stored in the AWS configuration
Note that it will expire at 2021-02-08 15:18:59 +0000 UTC
To use this credential, call the AWS CLI with the --profile option (e.g. aws --profile saml ec2 describe-instances).
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Compose Source Structure)
[Pipeline] sh
+ set -x
+ cat
+ kubectl config view
apiVersion: v1
clusters: []
contexts: []
current-context: ""
kind: Config
preferences: {}
users: []
+ rm -vf config
+ wget -nv --no-check-certificate https://testcompanyname.com.au/testrepo/jenkins/eks-nonprod-black-config
2021-02-08 14:19:35 URL:https://testcompanyname.com.au/testrepo/jenkins/eks-nonprod-black-config [2383/2383] -> "eks-nonprod-black-config" [1]
+ mv eks-nonprod-black-config config
+ pwd
/home/jenkins/agent/workspace/k8s-sync-from-cluster
+ ls -lrt
total 11640
-rwxrwxr-x 1 jenkins jenkins 11801948 Feb 28 2017 saml2aws
-rw-r--r-- 1 jenkins jenkins 2383 Jan 22 03:03 config
drwxr-xr-x 2 jenkins jenkins 4096 Feb 8 14:19 vars
drwxr-xr-x 3 jenkins jenkins 4096 Feb 8 14:19 test
drwxr-xr-x 3 jenkins jenkins 4096 Feb 8 14:19 src
-rw-r--r-- 1 jenkins jenkins 153 Feb 8 14:19 settings.gradle
drwxr-xr-x 9 jenkins jenkins 4096 Feb 8 14:19 resources
drwxr-xr-x 5 jenkins jenkins 4096 Feb 8 14:19 pipelines
-rw-r--r-- 1 jenkins jenkins 2841 Feb 8 14:19 gradlew.bat
-rwxr-xr-x 1 jenkins jenkins 5916 Feb 8 14:19 gradlew
drwxr-xr-x 3 jenkins jenkins 4096 Feb 8 14:19 gradle
drwxr-xr-x 3 jenkins jenkins 4096 Feb 8 14:19 csa-kubernetes-env
-rw-r--r-- 1 jenkins jenkins 1532 Feb 8 14:19 build.gradle
-rw-r--r-- 1 jenkins jenkins 208 Feb 8 14:19 README.md
+ cat config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
server: https://xxxxxxxxxxxxxxxxxxxxxxxxxx.gr7.ap-southeast-2.eks.amazonaws.com
name: arn:aws:eks:ap-southeast-2:XXXXXXXXXXXX:cluster/test-eks
contexts:
- context:
cluster: arn:aws:eks:ap-southeast-2:XXXXXXXXXXXX:cluster/test-eks
user: arn:aws:eks:ap-southeast-2:XXXXXXXXXXXX:cluster/test-eks
name: arn:aws:eks:ap-southeast-2:XXXXXXXXXXXX:cluster/test-eks
current-context: arn:aws:eks:ap-southeast-2:XXXXXXXXXXXX:cluster/test-eks
kind: Config
preferences: {}
users:
- name: arn:aws:eks:ap-southeast-2:XXXXXXXXXXXX:cluster/test-eks
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
args:
- --region
- ap-southeast-2
- eks
- get-token
- --cluster-name
- test-eks
command: aws
env:
- name: AWS_PROFILE
value: saml
+ kubectl config view --kubeconfig ./config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://7FE00E432DC6BEB1EB17DEF18DB1B926.gr7.ap-southeast-2.eks.amazonaws.com
name: arn:aws:eks:ap-southeast-2:XXXXXXXXXXXX:cluster/test-eks
contexts:
- context:
cluster: arn:aws:eks:ap-southeast-2:XXXXXXXXXXXX:cluster/test-eks
user: arn:aws:eks:ap-southeast-2:XXXXXXXXXXXX:cluster/test-eks
name: arn:aws:eks:ap-southeast-2:XXXXXXXXXXXX:cluster/test-eks
current-context: arn:aws:eks:ap-southeast-2:XXXXXXXXXXXX:cluster/test-eks
kind: Config
preferences: {}
users:
- name: arn:aws:eks:ap-southeast-2:XXXXXXXXXXXX:cluster/test-eks
user: {}
+ kubectl get namespaces --kubeconfig ./config
Please enter Username: Please enter Username: Please enter Username: error: EOF
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 1
Finished: FAILURE
因此,正如您所看到的,问题是当我 cat 文件时有用户信息,但是当我运行 kubectl 时,它不应该挑战凭据。
【问题讨论】:
标签: kubectl amazon-eks kubeconfig