操作系统信息
虚拟机(1台node)+物理机(一台node,一台master),Ubuntu24.04,4C/16G
Kubernetes版本信息
将 kubectl version 命令执行结果贴在下方
Client Version: v1.31.2
Kustomize Version: v5.4.2
Server Version: v1.31.2
容器运行时
将 docker version / crictl version / nerdctl version 结果贴在下方
RuntimeName: containerd
RuntimeVersion: v1.7.13
RuntimeApiVersion: v1
KubeSphere版本信息
v4.1.2 离线安装,使用kk安装
另外harbor是独立安装的,不是在k8s中部署, harbor使用https
问题是什么
devops流水线中执行镜像build提示: x509: certificate signed by unknown authority
harbor的证书都已经根据harbor官方的教程生成并拷贝到所有节点的指定的目录,ca证书也已经拷贝到/etc/ssl/certs所有节点目录下
保密字典已配置了镜像服务信息,并验证通过,并创建新的工作负载可以搜索到私服的镜像,就是流水线执行docker build失败,提示 x509: certificate signed by unknown authority
另外coredns和nodelocaldns都配置了
流水线Jenkins配置如下
pipeline {
agent {
node {
label 'maven-jdk21'
}
}
stages {
stage('Clone repository') {
agent none
steps {
container('maven') {
git(url: 'http://192.168.1.135/student-job/student-job-admin.git', credentialsId: 'gitlab', branch: 'deploy', changelog: true, poll: false)
}
}
}
stage('Run clean') {
steps {
container('maven') {
sh '''
echo $M2_HOME
mvn -X help:effective-settings
mvn -v
java -version
ls
pwd
mvn clean
'''
}
}
}
stage('Run build') {
steps {
container('maven') {
sh '''
ls
pwd
mvn package
'''
stash name: 'maven-artifacts', includes: 'studentjob-server/target/*.jar'
stash name: 'dockerfile', includes: 'Dockerfile'
}
}
}
stage('Docker build') {
agent {
node {
label 'base'
}
}
steps {
container('base') {
unstash 'maven-artifacts' // 恢复 Maven 构建的产物
unstash 'dockerfile' // 恢复 Dockerfile
sh 'ls'
sh 'pwd'
sh 'docker build -t dockerhub.kubekey.local/company/student-job-backend:latest -f Dockerfile .'
}
}
}
}
}Dockerfile文件如下
FROM dockerhub.kubekey.local/library/eclipse-temurin:21-jre
RUN mkdir -p /app
WORKDIR /app
COPY studentjob-server.jar app.jar
ENV TZ=Asia/Shanghai
ENV JAVA_OPTS="-Xms512m -Xmx512m"
ENV ARGS=""
EXPOSE 8080
CMD java ${JAVA_OPTS} -jar app.jar $ARGS