zoro Jenkinsfile-online 文件如下 pipeline { agent { node { label 'maven' } } parameters { string(name:'TAG_NAME',defaultValue: '',description:'') } environment { DOCKER_CREDENTIAL_ID = 'harbor-id' GITLAB_CREDENTIAL_ID = 'gitlab-id' KUBECONFIG_CREDENTIAL_ID = 'demo-kubeconfig' REGISTRY = 'www.harbor.mobi' DOCKERHUB_NAMESPACE = 'zoro' GITLAB_ACCOUNT = 'zoro' APP_NAME = 'devops-java-sample' } stages { stage ('checkout scm') { steps { checkout(scm) } } stage ('unit test') { steps { container ('maven') { sh 'mvn clean -gs `pwd`/configuration/settings.xml test' } } } stage ('build & push') { steps { container ('maven') { sh 'mvn -Dmaven.test.skip=true -gs `pwd`/configuration/settings.xml clean package' sh 'docker build -f Dockerfile-online -t $REGISTRY/$DOCKERHUB_NAMESPACE/$APP_NAME:SNAPSHOT-$BRANCH_NAME-$BUILD_NUMBER .' withCredentials([usernamePassword(passwordVariable : 'DOCKER_PASSWORD' ,usernameVariable : 'DOCKER_USERNAME' ,credentialsId : "$DOCKER_CREDENTIAL_ID" ,)]) { sh 'echo "$DOCKER_PASSWORD" | docker login $REGISTRY -u "$DOCKER_USERNAME" --password-stdin' sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/$APP_NAME:SNAPSHOT-$BRANCH_NAME-$BUILD_NUMBER' } } } } stage('push latest'){ when{ branch 'master' } steps{ container ('maven') { sh 'docker tag $REGISTRY/$DOCKERHUB_NAMESPACE/$APP_NAME:SNAPSHOT-$BRANCH_NAME-$BUILD_NUMBER $REGISTRY/$DOCKERHUB_NAMESPACE/$APP_NAME:latest ' sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/$APP_NAME:latest ' } } } stage('deploy to dev') { when{ branch 'master' } steps { input(id: 'deploy-to-dev', message: 'deploy to dev?') kubernetesDeploy(configs: 'deploy/dev-ol/**', enableConfigSubstitution: true, kubeconfigId: "$KUBECONFIG_CREDENTIAL_ID") } } stage('push with tag'){ when{ expression{ return params.TAG_NAME =~ /v.*/ } } steps { container ('maven') { input(id: 'release-image-with-tag', message: 'release image with tag?') withCredentials([usernamePassword(credentialsId: "$GITHUB_CREDENTIAL_ID", passwordVariable: 'GIT_PASSWORD', usernameVariable: 'GIT_USERNAME')]) { sh 'git config --global user.email "kubesphere@yunify.com" ' sh 'git config --global user.name "kubesphere" ' sh 'git tag -a $TAG_NAME -m "$TAG_NAME" ' sh 'git push http://$GIT_USERNAME:$GIT_PASSWORD@192.168.10.251:9091/$GITHUB_ACCOUNT/devops-java-sample.git --tags --ipv4' } sh 'docker tag $REGISTRY/$DOCKERHUB_NAMESPACE/$APP_NAME:SNAPSHOT-$BRANCH_NAME-$BUILD_NUMBER $REGISTRY/$DOCKERHUB_NAMESPACE/$APP_NAME:$TAG_NAME ' sh 'docker push $REGISTRY/$DOCKERHUB_NAMESPACE/$APP_NAME:$TAG_NAME ' } } } stage('deploy to production') { when{ expression{ return params.TAG_NAME =~ /v.*/ } } steps { input(id: 'deploy-to-production', message: 'deploy to production?') kubernetesDeploy(configs: 'deploy/prod-ol/**', enableConfigSubstitution: true, kubeconfigId: "$KUBECONFIG_CREDENTIAL_ID") } } } } 前面的步骤都没有问题,但是到了deploy to dev 这里就报异常了,异常如下所示 Starting Kubernetes deployment Loading configuration: /home/jenkins/agent/workspace/sbp7m5_jenkinsfile-in-scm_master/deploy/dev-ol/devops-sample-svc.yaml ERROR: ERROR: java.lang.RuntimeException: io.kubernetes.client.openapi.ApiException: Forbidden hudson.remoting.ProxyException: java.lang.RuntimeException: io.kubernetes.client.openapi.ApiException: Forbidden at com.microsoft.jenkins.kubernetes.wrapper.ResourceManager.handleApiExceptionExceptNotFound(ResourceManager.java:180) at com.microsoft.jenkins.kubernetes.wrapper.V1ResourceManager$ServiceUpdater.getCurrentResource(V1ResourceManager.java:391) at com.microsoft.jenkins.kubernetes.wrapper.V1ResourceManager$ServiceUpdater.getCurrentResource(V1ResourceManager.java:379) at com.microsoft.jenkins.kubernetes.wrapper.ResourceManager$ResourceUpdater.createOrApply(ResourceManager.java:93) at com.microsoft.jenkins.kubernetes.wrapper.KubernetesClientWrapper.handleResource(KubernetesClientWrapper.java:289) at com.microsoft.jenkins.kubernetes.wrapper.KubernetesClientWrapper.apply(KubernetesClientWrapper.java:256) at com.microsoft.jenkins.kubernetes.command.DeploymentCommand$DeploymentTask.doCall(DeploymentCommand.java:172) at com.microsoft.jenkins.kubernetes.command.DeploymentCommand$DeploymentTask.call(DeploymentCommand.java:124) at com.microsoft.jenkins.kubernetes.command.DeploymentCommand$DeploymentTask.call(DeploymentCommand.java:106) at hudson.remoting.UserRequest.perform(UserRequest.java:212) at hudson.remoting.UserRequest.perform(UserRequest.java:54) at hudson.remoting.Request$2.run(Request.java:369) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:93) at java.lang.Thread.run(Thread.java:748) Suppressed: hudson.remoting.Channel$CallSiteStackTrace: Remote call to JNLP4-connect connection from 10.233.70.126/10.233.70.126:60162 at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1743) at hudson.remoting.UserRequest$ExceptionResponse.retrieve(UserRequest.java:357) at hudson.remoting.Channel.call(Channel.java:957) at hudson.FilePath.act(FilePath.java:1160) at com.microsoft.jenkins.kubernetes.command.DeploymentCommand.execute(DeploymentCommand.java:68) at com.microsoft.jenkins.kubernetes.command.DeploymentCommand.execute(DeploymentCommand.java:45) at com.microsoft.jenkins.azurecommons.command.CommandService.runCommand(CommandService.java:88) at com.microsoft.jenkins.azurecommons.command.CommandService.execute(CommandService.java:96) at com.microsoft.jenkins.azurecommons.command.CommandService.executeCommands(CommandService.java:75) at com.microsoft.jenkins.azurecommons.command.BaseCommandContext.executeCommands(BaseCommandContext.java:77) at com.microsoft.jenkins.kubernetes.KubernetesDeploy.perform(KubernetesDeploy.java:42) at com.microsoft.jenkins.azurecommons.command.SimpleBuildStepExecution.run(SimpleBuildStepExecution.java:54) at com.microsoft.jenkins.azurecommons.command.SimpleBuildStepExecution.run(SimpleBuildStepExecution.java:35) at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ... 1 more Caused by: hudson.remoting.ProxyException: io.kubernetes.client.openapi.ApiException: Forbidden at io.kubernetes.client.openapi.ApiClient.handleResponse(ApiClient.java:979) at io.kubernetes.client.openapi.ApiClient.execute(ApiClient.java:895) at io.kubernetes.client.openapi.apis.CoreV1Api.readNamespacedServiceWithHttpInfo(CoreV1Api.java:26889) at io.kubernetes.client.openapi.apis.CoreV1Api.readNamespacedService(CoreV1Api.java:26865) at com.microsoft.jenkins.kubernetes.wrapper.V1ResourceManager$ServiceUpdater.getCurrentResource(V1ResourceManager.java:388) ... 16 more Api call failed with code 403, detailed message: { "kind": "Status", "apiVersion": "v1", "metadata": { }, "status": "Failure", "message": "services \"ks-sample-dev\" is forbidden: User \"project-regular\" cannot get resource \"services\" in API group \"\" in the namespace \"kubesphere-sample-dev\"", "reason": "Forbidden", "details": { "name": "ks-sample-dev", "kind": "services" }, "code": 403 } Kubernetes deployment ended with HasError 我在DevOps 下也新建了如下工程,也创建了如下项目 kubesphere-sample-prod kubesphere-sample-dev demo-devops [流水线是在这个项目下创建的]
