GithubHelp home page GithubHelp logo

xdxiaodao / kubernetes-cli-plugin Goto Github PK

View Code? Open in Web Editor NEW

This project forked from jenkinsci/kubernetes-cli-plugin

0.0 1.0 0.0 409 KB

Allows you to setup kubectl to access Kubernetes clusters from your Jenkins jobs.

License: Apache License 2.0

Java 96.65% HTML 0.72% Groovy 2.63%

kubernetes-cli-plugin's Introduction

Kubernetes CLI Plugin

Jenkins Plugin travis-ci coveralls Jenkins Plugin installs

Allows you to configure kubectl in your job to interact with Kubernetes clusters. Any tool built on top of kubectl can then be used from your pipelines to perform deployments, e.g. kubernetes-deploy.

Initially extracted and rewritten from the Kubernetes Plugin.

// Example when used in a pipeline
node {
  stage('Apply Kubernetes files') {
    withKubeConfig([credentialsId: 'user1', serverUrl: 'https://api.k8s.my-company.com']) {
      sh 'kubectl apply -f my-kubernetes-directory'
    }
  }
}

Prerequisites

  • A jenkins installation running version 2.60.3 or higher.
  • An executor with kubectl installed (tested against v1.10 to v1.15 included).
  • A Kubernetes cluster.

Supported credentials

The following types of credentials are supported and can be used to authenticate against Kubernetes clusters:

Quick usage guide

The parameters have a slightly different effect depending if a plain KubeConfig file is provided.

Parameters (without KubeConfig file)

Name Mandatory Description
credentialsId yes The Jenkins ID of the credentials.
serverUrl yes URL of the API server's.
caCertificate no Cluster Certificate Authority used to validate the API server's certificate. The validation is skipped if the parameter is not provided.
clusterName no Name of the generated Cluster configuration. (default: k8s)
namespace no Namespace for the Context.
contextName no Name of the generated Context configuration. (default: k8s)

Parameters (with KubeConfig file)

The plugin writes the plain KubeConfig file and doesn't change any other field if only credentialsId is filled. The recommended way to use a single KubeConfig file with multiples clusters, users, and default namespaces is to configure a Context for each of them, and use the contextName parameter to switch between them (see Kubernetes documentation).

Name Mandatory Description
credentialsId yes The Jenkins ID of the plain KubeConfig file.
serverUrl no URL of the API server's. This will create a new cluster block and modify the current Context to use it.
caCertificate no Cluster Certificate Authority used to validate the API server's certificate if a serverUrl was provided. The validation is skipped if the parameter is not provided.
clusterName no Modifies the Cluster of the current Context. Also used for the generated cluster block if a serverUrl was provided.
namespace no Modifies the Namespace of the current Context.
contextName no Switch the current Context to this name. The Context must already exist in the KubeConfig file.

Using the plugin in a Pipeline

The kubernetes-cli plugin provides the function withKubeConfig() for Jenkins Pipeline support. You can go to the Snippet Generator page under the Pipeline Syntax section in Jenkins, select withKubeConfig: Setup Kubernetes CLI from the Sample Step dropdown, and it will provide you configuration interface for the plugin. After filling the entries and click Generate Pipeline Script button, you will get the sample scripts which can be used in your Pipeline definition.

Example:

node {
  stage('List pods') {
    withKubeConfig([credentialsId: '<credential-id>',
                    caCertificate: '<ca-certificate>',
                    serverUrl: '<api-server-address>',
                    contextName: '<context-name>',
                    clusterName: '<cluster-name>',
                    namespace: '<namespace>'
                    ]) {
      sh 'kubectl get pods'
    }
  }
}

Using the plugin from the web interface

  1. Within the Jenkins dashboard, select a Job and then select "Configure"
  2. Scroll down and click the "Add build step" dropdown
  3. Select "Configure Kubernetes CLI (kubectl)"
  4. In the "Credential" dropdown, select the credentials to authenticate on the cluster or the kubeconfig stored in Jenkins.

webui

Generating Kubernetes credentials

The following example describes how you could use the token of a ServiceAccount to access the Kubernetes cluster from Jenkins. The result depends of course on the permissions you have.

# Create a ServiceAccount named `jenkins-robot` in a given namespace.
$ kubectl -n <namespace> create serviceaccount jenkins-robot

# The next line gives `jenkins-robot` administator permissions for this namespace.
# * You can make it an admin over all namespaces by creating a `ClusterRoleBinding` instead of a `RoleBinding`.
# * You can also give it different permissions by binding it to a different `(Cluster)Role`.
$ kubectl -n <namespace> create rolebinding jenkins-robot-binding --clusterrole=cluster-admin --serviceaccount=jenkins-robot

# Get the name of the token that was automatically generated for the ServiceAccount `jenkins-robot`.
$ kubectl -n <namespace> get serviceaccount jenkins-robot -o go-template --template='{{range .secrets}}{{.name}}{{"\n"}}{{end}}'
jenkins-robot-token-d6d8z

# Retrieve the token and decode it using base64.
$ kubectl -n <namespace> get secrets jenkins-robot-token-d6d8z -o go-template --template '{{index .data "token"}}' | base64 -D
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2V[...]

On Jenkins, navigate in the folder you want to add the token in, or go on the main page. Then click on the "Credentials" item in the left menu and find or create the "Domain" you want. Finally, paste your token into a Secret text credential. The ID is the credentialsId you need to use in the plugin configuration.

Development

Building and testing

To build the extension, run:

mvn clean package

and upload target/kubernetes-cli.hpi to your Jenkins installation.

To run the tests:

mvn clean test

Perform a release

mvn release:prepare release:perform

kubernetes-cli-plugin's People

Contributors

based2 avatar maxlaverse avatar nordri avatar schakko avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.