问题描述
在本地Kubernetes集群中使用Helm从repo stable/jenkins:lts部署Jenkins时,遇到了一个问题。部署后,他得到了一个状态为“pod has unbound immediate PersistentVolumeClaims”的pod。PVC的状态是“bound”,没有任何错误。
用户的环境是在安装了microk8s的Linux Ubuntu 18.x虚拟机上。在部署时,他只更改了节点类型和持久性大小。
Helm chart配置如下:
NAME: inclined-eagle
REVISION: 1
RELEASED: Fri Jan 11 21:35:47 2019
CHART: jenkins-0.28.6
USER-SUPPLIED VALUES:
Master:
ServiceType: NodePort
Persistence:
Size: 4Gi
COMPUTED VALUES:
Agent:
AlwaysPullImage: false
Component: jenkins-slave
CustomJenkinsLabels: []
Enabled: true
Image: jenkins/jnlp-slave
ImageTag: 3.27-1
NodeSelector: {}
PodRetention: Never
Privileged: false
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 200m
memory: 256Mi
volumes: null
Master:
AdditionalConfig: {}
AdminUser: admin
CLI: false
CSRF:
DefaultCrumbIssuer:
Enabled: true
ProxyCompatability: true
Component: jenkins-master
CustomConfigMap: false
DisabledAgentProtocols:
- JNLP-connect
- JNLP2-connect
ExtraPorts: null
HealthProbeLivenessFailureThreshold: 12
HealthProbeReadinessPeriodSeconds: 10
HealthProbes: true
HealthProbesLivenessTimeout: 90
HealthProbesReadinessTimeout: 60
HostNetworking: false
Image: jenkins/jenkins
ImagePullPolicy: Always
ImageTag: lts
Ingress:
Annotations: {}
ApiVersion: extensions/v1beta1
TLS: null
InitScripts: null
InstallPlugins:
- kubernetes:1.14.0
- workflow-job:2.31
- workflow-aggregator:2.6
- credentials-binding:1.17
- git:3.9.1
LoadBalancerSourceRanges:
- 0.0.0.0/0
Name: jenkins-master
NodeSelector: {}
NumExecutors: 0
OverwriteConfig: false
PodAnnotations: {}
ServiceAnnotations: {}
ServiceLabels: {}
ServicePort: 8080
ServiceType: NodePort
SlaveListenerPort: 50000
SlaveListenerServiceAnnotations: {}
SlaveListenerServiceType: ClusterIP
Tolerations: {}
UsePodSecurityContext: true
UseSecurity: true
resources:
limits:
cpu: 2000m
memory: 2048Mi
requests:
cpu: 50m
memory: 256Mi
NetworkPolicy:
ApiVersion: networking.k8s.io/v1
Enabled: false
Persistence:
AccessMode: ReadWriteOnce
Annotations: {}
Enabled: true
Size: 4Gi
mounts: null
volumes: null
backup:
annotations:
iam.amazonaws.com/role: jenkins
destination: s3://nuvo-jenkins-data/backup
enabled: false
env:
- name: AWS_REGION
value: us-east-1
extraArgs: []
image:
repository: nuvo/kube-tasks
tag: 0.1.2
resources:
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 1
memory: 1Gi
schedule: 0 2 * * *
rbac:
install: false
roleBindingKind: ClusterRoleBinding
roleKind: ClusterRole
roleRef: cluster-admin
serviceAccountName: default
HOOKS:
---
# inclined-eagle-ui-test-1mhfp
apiVersion: v1
kind: Pod
metadata:
name: "inclined-eagle-ui-test-1mhfp"
annotations:
"helm.sh/hook": test-success
spec:
initContainers:
- name: "test-framework"
image: "dduportal/bats:0.4.0"
command:
- "bash"
- "-c"
- |
set -ex
# copy bats to tools dir
cp -R /usr/local/libexec/ /tools/bats/
volumeMounts:
- mountPath: /tools
name: tools
containers:
- name: inclined-eagle-ui-test
image: jenkins/jenkins:lts
command: ["/tools/bats/bats", "-t", "/tests/run.sh"]
volumeMounts:
- mountPath: /tests
name: tests
readOnly: true
- mountPath: /tools
name: tools
volumes:
- name: tests
configMap:
name: inclined-eagle-jenkins-tests
- name: tools
emptyDir: {}
restartPolicy: Never
MANIFEST:
---
# Source: jenkins/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: inclined-eagle-jenkins
labels:
app: inclined-eagle-jenkins
chart: "jenkins-0.28.6"
release: "inclined-eagle"
heritage: "Tiller"
type: Opaque
data:
jenkins-admin-password: "enkyZlZqdVdqMw=="
jenkins-admin-user: "YWRtaW4="
---
# Source: jenkins/templates/config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: inclined-eagle-jenkins
data:
config.xml: |-
<?xml version='1.0' encoding='UTF-8'?>
<hudson>
<disabledAdministrativeMonitors/>
<version>lts</version>
<numExecutors>0</numExecutors>
<mode>NORMAL</mode>
<useSecurity>true</useSecurity>
<authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
<denyAnonymousReadAccess>true</denyAnonymousReadAccess>
</authorizationStrategy>
<securityRealm class="hudson.security.LegacySecurityRealm"/>
<disableRememberMe>false</disableRememberMe>
<projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
<workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
<buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
<markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
<jdks/>
<viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
<myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
<clouds>
<org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud plugin="kubernetes@1.14.0">
<name>kubernetes</name>
<templates>
<org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
<inheritFrom></inheritFrom>
<name>default</name>
<instanceCap>2147483647</instanceCap>
<idleMinutes>0</idleMinutes>
<label>inclined-eagle-jenkins-slave </label>
<nodeSelector></nodeSelector>
<nodeUsageMode>NORMAL</nodeUsageMode>
<volumes>
</volumes>
<containers>
<org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
<name>jnlp</name>
<image>jenkins/jnlp-slave:3.27-1</image>
<privileged>false</privileged>
<alwaysPullImage>false</alwaysPullImage>
<workingDir>/home/jenkins</workingDir>
<command></command>
<args>${computer.jnlpmac} ${computer.name}</args>
<ttyEnabled>false</ttyEnabled>
# Resources configuration is a little hacky. This was to prevent breaking
# changes, and should be cleanned up in the future once everybody had
# enough time to migrate.
<resourceRequestCpu>200m</resourceRequestCpu>
<resourceRequestMemory>256Mi</resourceRequestMemory>
<resourceLimitCpu>200m</resourceLimitCpu>
<resourceLimitMemory>256Mi</resourceLimitMemory>
<envVars>
<org.csanchez.jenkins.plugins.kubernetes.ContainerEnvVar>
<key>JENKINS_URL</key>
<value>http://inclined-eagle-jenkins:8080</value>
</org.csanchez.jenkins.plugins.kubernetes.ContainerEnvVar>
</envVars>
</org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
</containers>
<envVars/>
<annotations/>
<imagePullSecrets/>
<nodeProperties/>
<podRetention class="org.csanchez.jenkins.plugins.kubernetes.pod.retention.Default"/>
</org.csanchez.jenkins.plugins.kubernetes.PodTemplate></templates>
<serverUrl>https://kubernetes.default</serverUrl>
<skipTlsVerify>false</skipTlsVerify>
<namespace>default</namespace>
<jenkinsUrl>http://inclined-eagle-jenkins:8080</jenkinsUrl>
<jenkinsTunnel>inclined-eagle-jenkins-agent:50000</jenkinsTunnel>
<containerCap>10</containerCap>
<retentionTimeout>5</retentionTimeout>
<connectTimeout>0</connectTimeout>
<readTimeout>0</readTimeout>
<podRetention class="org.csanchez.jenkins.plugins.kubernetes.pod.retention.Never"/>
</org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud>
</clouds>
<quietPeriod>5</quietPeriod>
<scmCheckoutRetryCount>0</scmCheckoutRetryCount>
<views>
<hudson.model.AllView>
<owner class="hudson" reference="../../.."/>
<name>All</name>
<filterExecutors>false</filterExecutors>
<filterQueue>false</filterQueue>
<properties class="hudson.model.View$PropertyList"/>
</hudson.model.AllView>
</views>
<primaryView>All</primaryView>
<slaveAgentPort>50000</slaveAgentPort>
<disabledAgentProtocols>
<string>JNLP-connect</string>
<string>JNLP2-connect</string>
</disabledAgentProtocols>
<label></label>
<crumbIssuer class="hudson.security.csrf.DefaultCrumbIssuer">
<excludeClientIPFromCrumb>true</excludeClientIPFromCrumb>
</crumbIssuer>
<nodeProperties/>
<globalNodeProperties/>
<noUsageStatistics>true</noUsageStatistics>
</hudson>
jenkins.model.JenkinsLocationConfiguration.xml: |-
<?xml version='1.1' encoding='UTF-8'?>
<jenkins.model.JenkinsLocationConfiguration>
<adminAddress></adminAddress>
<jenkinsUrl>http://inclined-eagle-jenkins:8080</jenkinsUrl>
</jenkins.model.JenkinsLocationConfiguration>
jenkins.CLI.xml: |-
<?xml version='1.1' encoding='UTF-8'?>
<jenkins.CLI>
<enabled>false</enabled>
</jenkins.CLI>
apply_config.sh: |-
mkdir -p /usr/share/jenkins/ref/secrets/;
echo "false" > /usr/share/jenkins/ref/secrets/slave-to-master-security-kill-switch;
yes n | cp -i /var/jenkins_config/config.xml /var/jenkins_home;
yes n | cp -i /var/jenkins_config/jenkins.CLI.xml /var/jenkins_home;
yes n | cp -i /var/jenkins_config/jenkins.model.JenkinsLocationConfiguration.xml /var/jenkins_home;
# Install missing plugins
cp /var/jenkins_config/plugins.txt /var/jenkins_home;
rm -rf /usr/share/jenkins/ref/plugins/*.lock
/usr/local/bin/install-plugins.sh `echo $(cat /var/jenkins_home/plugins.txt)`;
# Copy plugins to shared volume
yes n | cp -i /usr/share/jenkins/ref/plugins/* /var/jenkins_plugins/;
plugins.txt: |-
kubernetes:1.14.0
workflow-job:2.31
workflow-aggregator:2.6
credentials-binding:1.17
git:3.9.1
pod的日志如下:
container "inclined-eagle-jenkins" in pod "inclined-eagle-jenkins-65c8f989d-lglfc" is waiting to start: PodInitializing
在事件中还有一个警告消息:
AssumePod failed: pod 6bf15a11-168a-11e9-b322-0800277359c7 is in the cache, so can't be assumed
用户还提到了两个问题:
1. 你能添加你尝试部署的修改后的Helm chart和日志吗?
2. 默认值的Persistence.Size(8Gi)也有相同的问题。
解决方案
请注意以下操作注意版本差异及修改前做好备份。
方案
根据用户的描述,问题可能是由于iptables FORWARD策略被禁用导致的。用户可以通过运行以下命令解决这个问题:
sudo iptables -P FORWARD ACCEPT
然后重新部署Jenkins。
请注意,这个解决方案是基于用户的描述和最佳回答。如果问题仍然存在,请尝试检查其他可能的原因,并根据需要采取适当的措施。
希望这个解决方案对你有帮助!
正文完