0

我在我的 k8s 集群中使用helm chart设置了一个 jenkins ,在签出代码时,它说

hudson.plugins.git.GitException: Command "git fetch --no-tags --force --progress https://someghe.com/***/***.git +refs/heads/feat/***:refs/remotes/origin/feat/***" returned status code 128:
stdout: 
stderr: fatal: unable to access 'https://github.xxx.com/xxx/xxx.git/': SSL certificate problem: self signed certificate in certificate chain

    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2042)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1761)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$400(CliGitAPIImpl.java:72)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:442)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$2.execute(CliGitAPIImpl.java:655)
    at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:153)
    at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:146)
    at hudson.remoting.UserRequest.perform(UserRequest.java:212)
    at hudson.remoting.UserRequest.perform(UserRequest.java:54)
    at hudson.remoting.Request$2.run(Request.java:369)
    at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:93)
    at java.lang.Thread.run(Thread.java:748)

我尝试使用自己的图像在 master 和 agent 中添加证书。

  1. 在 dockerfile 中,我COPY将证书转换为图像并更新了证书update-ca-certificate
  2. 在jenkins的pod模板设置中,将图片修改为我的自定义图片。

但是错误仍然存​​在,我尝试同时使用docker run和运行代理映像kubectl run,它们都可以 git clone 成功。

然后我尝试使用更新 git configgit config --global http.sslCAInfo /etc/ssl/certs/ca-certificates.crt但仍然无法正常工作。

主码头文件

FROM jenkins/jenkins:lts

COPY some_ca.crt $JAVA_HOME/jre/lib/security
COPY some_ca.crt /usr/local/share/ca-certificates/CA.crt
USER root
RUN cd $JAVA_HOME/jre/lib/security \
    && keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias some_ca -file some_ca.crt && update-ca-certificates
ARG user=jenkins
USER ${user}

代理 dockerfile

FROM jenkins/jnlp-slave:3.27-1

COPY some_ca.crt $JAVA_HOME/jre/lib/security
COPY some_ca.crt /usr/local/share/ca-certificates/Douban_CA.crt
USER root
RUN cd $JAVA_HOME/jre/lib/security \
    && keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias some_ca -file some_ca.crt && update-ca-certificates && \
    git config --global http.sslCAInfo /etc/ssl/certs/ca-certificates.crt && git config --global http.sslVerify false
ARG user=jenkins
USER ${user}
4

0 回答 0