51工具盒子k8s jenkins 未运行
KubeSphere devops流水线未运行 {#articleContentId}
新建一个devops流水线运行的时候,提示账号 project-admin 不存在
2023-12-01 01:28:12.584+0000 [id=23] INFO hudson.WebAppMain$3#run: Jenkins is fully up and running
2023-12-01 01:28:46.966+0000 [id=19] WARNING i.k.j.d.a.KubesphereApiTokenAuthenticator#authenticate: API token matched for user project-admin but the impersonation failed
org.acegisecurity.userdetails.UsernameNotFoundException: User project-admin not found in directory.
at org.acegisecurity.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:126)
at hudson.security.LDAPSecurityRealm$LDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:1320)
at hudson.security.LDAPSecurityRealm$LDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:1273)
at org.acegisecurity.userdetails.UserDetailsService.lambda$toSpring$1(UserDetailsService.java:52)
Caused: org.springframework.security.core.userdetails.UsernameNotFoundException
at org.acegisecurity.userdetails.UsernameNotFoundException.toSpring(UsernameNotFoundException.java:51)
at org.acegisecurity.userdetails.UsernameNotFoundException.toSpring(UsernameNotFoundException.java:34)
at org.acegisecurity.userdetails.UserDetailsService.lambda$toSpring$1(UserDetailsService.java:54)
at jenkins.security.ImpersonatingUserDetailsService2.loadUserByUsername(ImpersonatingUserDetailsService2.java:29)
at hudson.model.User.getUserDetailsForImpersonation2(User.java:406)
at hudson.model.User.getUserDetailsForImpersonation(User.java:429)
Caused: org.acegisecurity.userdetails.UsernameNotFoundException: org.springframework.security.core.userdetails.UsernameNotFoundException: org.acegisecurity.userdetails.UsernameNotFoundException: User project-admin not found in directory.; nested exception is org.springframework.security.core.userdetails.UsernameNotFoundException: org.acegisecurity.userdetails.UsernameNotFoundException: User project-admin not found in directory.
at org.acegisecurity.userdetails.UsernameNotFoundException.fromSpring(UsernameNotFoundException.java:58)
at org.acegisecurity.AuthenticationException.fromSpring(AuthenticationException.java:98)
at hudson.model.User.getUserDetailsForImpersonation(User.java:431)
at io.kubesphere.jenkins.devops.auth.KubesphereApiTokenAuthenticator.authenticate(KubesphereApiTokenAuthenticator.java:47)
at jenkins.security.BasicHeaderAuthenticator.authenticate2(BasicHeaderAuthenticator.java:43)
at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:83)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:62)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:109)
问题原因:
LDAP will init data after startup, the error log is related to the startup sequence. The root cause of this issue is the invalid token used in devops-controller,
make sure the deployment devops-apiserver and devops-controller are using kubesphere/devops-tools:v3.2.1
make sure the command line parameters are jwt --output configmap --namespace kubesphere-devops-system or jwt --output configmap
解决方案, 新建一个用户就可以解决,估计是当时创建的时候,网络有问题吧。
