From a9653d8da12e867dc2f0e9995f29540b24def70f Mon Sep 17 00:00:00 2001 From: dxin Date: Mon, 3 Nov 2025 09:25:50 +0800 Subject: [PATCH] =?UTF-8?q?jenkins=20=E7=94=A8=E6=88=B7=E5=87=AD=E8=AF=81c?= =?UTF-8?q?onfig?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- k8s_yaml/ServiceAccount/Jenkins.yaml | 34 +++++++++++++++++++ k8s_yaml/ServiceAccount/config-jenkins-test | 19 +++++++++++ .../ServiceAccount/jenkins-test-token.txt | 1 + 3 files changed, 54 insertions(+) create mode 100644 k8s_yaml/ServiceAccount/Jenkins.yaml create mode 100644 k8s_yaml/ServiceAccount/config-jenkins-test create mode 100644 k8s_yaml/ServiceAccount/jenkins-test-token.txt diff --git a/k8s_yaml/ServiceAccount/Jenkins.yaml b/k8s_yaml/ServiceAccount/Jenkins.yaml new file mode 100644 index 0000000..61a21a3 --- /dev/null +++ b/k8s_yaml/ServiceAccount/Jenkins.yaml @@ -0,0 +1,34 @@ +# 创建 ServiceAccount(放在任意命名空间,这里用 default 举例) +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jenkins-deployer + namespace: default # 明确 ServiceAccount 所在的命名空间(必填) +--- + +# 为 test-lessie 命名空间创建 Role(仅允许操作 test-lessie 下的资源) +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: jenkins-test-role + namespace: test-lessie # 绑定到 test-lessie 命名空间 +rules: +- apiGroups: ["", "apps", "extensions"] + resources: ["pods", "deployments", "services", "configmaps", "secrets"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +--- + +# 将 test-lessie 命名空间的 Role 绑定到 ServiceAccount +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: jenkins-test-binding + namespace: test-lessie # 与 Role 同命名空间 +subjects: +- kind: ServiceAccount + name: jenkins-deployer + namespace: default # 注意:这里是 SA 所在的命名空间(default) +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jenkins-test-role \ No newline at end of file diff --git a/k8s_yaml/ServiceAccount/config-jenkins-test b/k8s_yaml/ServiceAccount/config-jenkins-test new file mode 100644 index 0000000..a94465d --- /dev/null +++ b/k8s_yaml/ServiceAccount/config-jenkins-test @@ -0,0 +1,19 @@ +apiVersion: v1 +clusters: +- cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5akNDQWJLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQ0FYRFRJMU1UQXhNVEE1TWpFd09Wb1lEekl3TlRVeE1EQTBNRGt5TVRBNVdqQVZNUk13RVFZRApWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBCnpFNHZKbXFhLytkWnpDV01QN2RYb3RzREM2RU9Nb2VSSjFSZ3ZvS1F6cFpTLzBpakFqeGEwWHZoRGs5eS91Zi8KWUk3Ukw2WVhxWVQ3c1YyanN5U21JVFVRVXhscGptUHBPb0lQdmltMnRaelBwakI5RDF5d0llWVRzbU11K3loMwpBL1RpU1pQVnVQMFpKNHJCdyt1bU1HQ25FUjJXNVc0WmpuWGV2WndCOWk2WW5oc3FNWVA4azJ6N3RhdnJRSWpOClFuSXlGRUNac3ZMbHlRRlZnR3EyWU9WRERkRUNORXptQjU4Z3NQeFZaOGFTdTZjTVA1MzN4cTNObzJwTWN6cEUKSnRvTEFqZFNCYkU4ZFpBUUFtRXB5WkEwUzJXZnAxK0NYekg0UEhHT2pjVVI0eVQ1T0NQeE5nRGxsenFNVnExOApSQlkvNGI0U3lVbmxHV0luN2tNdWhRSURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DQXBRd0R3WURWUjBUCkFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFpM3lDWk9zbG1ScVh4eDRkY1BJaXp2K1QKWmRiT05hbHo5S3R2QmlFZHdVKytLRWRaZm5aWlpFMWFPbitxckxPSHpGcGdvblp1eTRKNFlodWRHakFYVE1McwpLWC9WUVZLcndYUVVUMXNybnZVR3FpV21teVZsd1dpUi8yT1A5aHdUVjRaYkVxMzZPMlAvOVJNUXVaYUZDbXZYCm5tcDNYUE5keVVSaHcyeWxVUWJQRGRFKyt0a1B4ZENPOXZlV3VJRUJpQXdaeC9zOFZCZVA2eWNXSjQxdmgrUVMKN2VUbXU1YVFwdllUcWNqMTFycTA1NnMzQlhYUU02TnAvV2tkVStFTHpzT2gwZzhXRU16Q0gvL1lNdFdVWGMyOQo1Z3AzcURNWW1LUW1JSHBIWEtHcEN2OEcvNmFhdWVvWGJnamtFVTRWVkhyWmg3Q1JLZGxsbkhjWU9OemY3UT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + server: https://10.0.10.125 + name: cls-pl1yhr34 +contexts: +- context: + cluster: cls-pl1yhr34 + user: jenkins-deployer-user + namespace: test-lessie + name: jenkins-context +current-context: jenkins-context +kind: Config +preferences: {} +users: +- name: jenkins-deployer-user + user: + token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjF5MjNtcUNOVzhsZTlFRUNfQ2NDQ3hjbi1TRV9wS09LYTBzUTA4UU1Yc00ifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoyMDc3MzUwMzExLCJpYXQiOjE3NjE5OTAzMTEsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwianRpIjoiZGY4ZDJkZGMtYjg0ZC00MWYzLTg0MzgtYWU0NTVhYjY2OGUwIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJkZWZhdWx0Iiwic2VydmljZWFjY291bnQiOnsibmFtZSI6ImplbmtpbnMtZGVwbG95ZXIiLCJ1aWQiOiI1Y2Q5ODczZC1kNzRhLTRlYzQtYmQ1NC0wNjI4NGMzOTg4YjYifX0sIm5iZiI6MTc2MTk5MDMxMSwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6amVua2lucy1kZXBsb3llciJ9.XANsClO-qYO2ooQZb_iVXwuERP2TpEC73WtGiS_fdgyMSAt3yrQlNFaRuHC-TrQEPn79gYMRJjvMXqKe1QkklQpQgLiRE4z0TZLylNjGR9D7O13tQf4l7lkEAoNQlJP7e_ITUTFEj7OOP7-z8YndZVs9zkNnMHZVoNl1sxCubtuCvj3vzfD_l-uclFkH1IWwT9Nnehr6JZU2HCu1H4pNRRrQ6hpPqPMyGwxC0ubdrVPFTnDXeP1iiPSUkv4BqfjpoPaEvdIPe8tm3uBx4446ELaNekkmVcJ23f8aHEGqyU-XQM5PSvt409bQnmOcG6MrkMOsHzv5IoFiKanhw-GzdQ \ No newline at end of file diff --git a/k8s_yaml/ServiceAccount/jenkins-test-token.txt b/k8s_yaml/ServiceAccount/jenkins-test-token.txt new file mode 100644 index 0000000..a70aa5f --- /dev/null +++ b/k8s_yaml/ServiceAccount/jenkins-test-token.txt @@ -0,0 +1 @@ +eyJhbGciOiJSUzI1NiIsImtpZCI6IjF5MjNtcUNOVzhsZTlFRUNfQ2NDQ3hjbi1TRV9wS09LYTBzUTA4UU1Yc00ifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoyMDc3MzUwMzExLCJpYXQiOjE3NjE5OTAzMTEsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwianRpIjoiZGY4ZDJkZGMtYjg0ZC00MWYzLTg0MzgtYWU0NTVhYjY2OGUwIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJkZWZhdWx0Iiwic2VydmljZWFjY291bnQiOnsibmFtZSI6ImplbmtpbnMtZGVwbG95ZXIiLCJ1aWQiOiI1Y2Q5ODczZC1kNzRhLTRlYzQtYmQ1NC0wNjI4NGMzOTg4YjYifX0sIm5iZiI6MTc2MTk5MDMxMSwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6amVua2lucy1kZXBsb3llciJ9.XANsClO-qYO2ooQZb_iVXwuERP2TpEC73WtGiS_fdgyMSAt3yrQlNFaRuHC-TrQEPn79gYMRJjvMXqKe1QkklQpQgLiRE4z0TZLylNjGR9D7O13tQf4l7lkEAoNQlJP7e_ITUTFEj7OOP7-z8YndZVs9zkNnMHZVoNl1sxCubtuCvj3vzfD_l-uclFkH1IWwT9Nnehr6JZU2HCu1H4pNRRrQ6hpPqPMyGwxC0ubdrVPFTnDXeP1iiPSUkv4BqfjpoPaEvdIPe8tm3uBx4446ELaNekkmVcJ23f8aHEGqyU-XQM5PSvt409bQnmOcG6MrkMOsHzv5IoFiKanhw-GzdQ \ No newline at end of file