# connect-to-k8s-cluster

**Repository Path**: greghe/connect-to-k8s-cluster

## Basic Information

- **Project Name**: connect-to-k8s-cluster
- **Description**: 如何连接到现有k8s 集群，比如外部jenkins ，或者 指定用户（user，context）
- **Primary Language**: Unknown
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2021-11-28
- **Last Updated**: 2021-11-28

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

## jenkins 连接k8s的条件

1. k8s ca.crt

2. 用户（使用这个用户去连接k8s的）证书（需要k8s ca 签名的），这个证书格式.pfx

3. 配置用户在k8s的权限（role ，cluster role ）

#### 如何把签名后的crt 格式证书转换pfx 格式

例子：

```bash
openssl pkcs12 -export -out greg.pfx -inkey greg.key -in greg.crt -certfile /etc/kubernetes/ssl/kube-ca.pem
```

#### 用户greg 希望连接k8s 集群 cicd namespace 实现jenkins的ci

例子：

 ```yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   namespace: cicd
   name: greg-role
 rules:
 - apiGroups: ["","extensions","apps","batch","autoscaling"]
   resources: ["deployments","services","jobs","crontabs","daemonsets","replicasets","statefulsets","horizontalpodautoscalers","replicationcontrollers","cronjobs"]
   verbs: ["get","list","watch","create","update","patch","delete","exec"]
 - apiGroups: [""]
   resources: ["pods","pods/log","pods/exec","endpoints","secrets","persistentvolumeclaims","configmaps"]
   verbs: ["get","list","watch","create","update","patch","delete","exec"]
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   namespace: cicd
   name: greg-rolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: greg-role
 subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: User
   name: greg
 ```

```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: greg-ClusterRole
rules:
- apiGroups: ["","extensions","apps","batch","autoscaling","storage.k8s.io"]
  resources: ["*"]
  verbs: ["get","list","watch"]
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["patch"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: greg-ClusterRoleBinding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: greg-ClusterRole
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: greg
```
`注意：`
   1. 如果jenkins 50000 通过代理到其他端口时候 ， 请在Jenkins tunnel ，填写 代理暴露的端口