본문 바로가기
시스템/쿠버네티스

[쿠버네티스] 젠킨스 플러그인 설치 & 깃랩연동

by cbwstar 2024. 1. 12.
728x90
반응형

1. 젠킨스 플러그인 설치

shell
닫기
1. Bitbucket Pipeline for Blue Ocean
2. Dashboard for Blue Ocean
3. Personalization for Blue Ocean
4. Display URL for Blue Ocean
5. Server Sent Events (SSE) Gateway
6. Events API for Blue Ocean
7. Blue Ocean Pipeline Editor
8. i18n for Blue Ocean
9. Autofavorite for Blue Ocean
10. Blue Ocean
11. NodeJS
12. GitLab
13. Generic Webhook Trigger
14. Gitlab Authentication
15. Gitlab API
16. GitLab Branch Source
17. Gitlab Merge Request Builder
18. Config File Provider
19. Docker
20. Docker Pipeline
21. docker-build-step
22. SSH Agent
23. Post build task

2. 깃랩 연결

  1) 깃랩 액세스 토큰 발행

2) 젠킨스 토큰 등록

 

3. 자바 인증서 오류 처리

mkdir -p /var/jenkins_home/cert

cd /var/jenkins_home/cert

curl -O https://gist.githubusercontent.com/lesstif/cd26f57b7cfd2cd55241b20e05b5cd93/raw/InstallCert.java

javac InstallCert.java

shell
닫기
root@jenkins:/var/jenkins_home/cert# java -cp ./ InstallCert invako.kro.kr:8090
Loading KeyStore /opt/java/openjdk/lib/security/cacerts...
Opening connection to invako.kro.kr:8090...
Starting SSL handshake...

javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
‌at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
‌at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:360)
‌at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:303)
‌at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:298)
‌at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357)
‌at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232)
‌at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175)
‌at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
‌at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
‌at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
‌at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:183)
‌at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
‌at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1511)
‌at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
‌at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:456)
‌at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:427)
‌at InstallCert.main(InstallCert.java:116)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
‌at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
‌at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
‌at java.base/sun.security.validator.Validator.validate(Validator.java:264)
‌at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
‌at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:233)
‌at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:110)
‌at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:199)
‌at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1492)
‌at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1341)
‌... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
‌at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)
‌at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129)
‌at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
‌at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
‌... 20 more

Server sent 1 certificate(s):

​1 Subject CN=invako.kro.kr, OU=Personal, O=invako, L=Osong, ST=South, C=CN
​​​Issuer  CN=invako.kro.kr, OU=Personal, O=invako, L=Osong, ST=Osong, C=CN
​​​sha1    50 e0 9d 5d d1 e0 98 18 bb e8 3c 82 7d 82 7e b8 af 8a 30 86 
​​​md5     3f 8a 70 cf d3 6a 36 1d b1 ca 23 7a 8e dd 0d 60 

Enter certificate to add to trusted keystore or 'q' to quit: [1]

1번 선택

shell
닫기
​​Algorithm: [SHA512withRSA]
​​Signature:
0000: B1 58 36 ED 91 98 A8 0D   1D 01 5E E9 A3 0F 86 41  .X6.......^....A
0010: A3 21 78 39 15 E1 68 3B   8C F2 0B B6 D4 53 74 3B  .!x9..h;.....St;
0020: 51 AC E3 41 8B 2E 5D 7D   4A B7 78 EC A7 CA 88 05  Q..A..].J.x.....
0030: 36 25 96 CA 54 1F A6 B4   6F F1 58 07 1F EC C7 2C  6%..T...o.X....,
0040: 11 C6 2A 96 73 0F 99 70   AA D7 B9 51 77 57 31 95  ..*.s..p...QwW1.
0050: 8E B7 AC 24 72 89 AE BD   A1 85 DF 97 F8 E7 E5 88  ...$r...........
0060: F1 1E 01 C2 E2 02 8E DA   34 66 B7 87 8E 05 98 DF  ........4f......
0070: F7 54 94 21 ED AF 27 86   8B C3 4C ED 58 29 11 C8  .T.!..'...L.X)..
0080: 66 0C 29 24 1B 36 CD 9E   4E 20 BE D7 30 A7 D9 9B  f.)$.6..N ..0...
0090: 17 A3 23 F3 30 CC 52 0B   86 D5 0B B4 2A 05 B3 01  ..#.0.R.....*...
00A0: 65 F1 AA D7 46 39 68 E6   53 C6 FB EA 75 02 F8 2D  e...F9h.S...u..-
00B0: AB 0D 1A F8 4D 11 2A 86   71 F3 53 AD CE FB 70 5E  ....M.*.q.S...p^
00C0: 26 5B 09 0D 6F E4 B2 CB   61 49 C6 C9 87 41 40 5E  &[..o...aI...A@^
00D0: 30 93 41 9C F0 38 E0 D2   93 83 67 46 40 82 BA A6  0.A..8....gF@...
00E0: 09 AE 0E 0A C7 48 16 1B   AE 3A 66 29 0A F0 4E DE  .....H...:f)..N.
00F0: 49 83 BD 01 C0 83 70 5B   F4 12 EC CF E1 8B F6 AE  I.....p[........
0100: DE 4B 35 BF 3B D6 DC 79   0C 1B FE 68 CF 27 35 00  .K5.;..y...h.'5.
0110: 70 A9 91 CB E7 F2 53 3C   32 37 D1 AE 2A 21 17 D6  p.....S<27..*!..
0120: F3 CF 45 D1 A3 53 98 53   7C 36 BB 57 24 8B 8E 5C  ..E..S.S.6.W$..\
0130: 08 46 20 6A 52 D1 17 B8   2F 1D 8A 5C 3C B3 21 A8  .F jR.../..\<.!.
0140: 38 A3 0B DE BB 9F 6E 3A   7B A7 61 DE 32 80 B3 A0  8.....n:..a.2...
0150: 87 AF 4C 5B F8 C7 13 B3   1F 02 3B 3E 46 C4 EB 94  ..L[......;>F...
0160: 6C B2 E2 F3 2E 7C 21 91   75 4A B6 19 B2 D1 FA B1  l.....!.uJ......
0170: D2 4F B4 27 17 7E FE 86   DF 77 E5 A9 1C EA 3A A9  .O.'.....w....:.
0180: C8 97 B5 E4 27 27 1C F3   7A 63 91 8A C1 CA 3B BC  ....''..zc....;.
0190: A4 98 1F FB 99 F4 D9 43   A0 E2 C0 78 47 29 78 6C  .......C...xG)xl
01A0: FF 11 8C 13 90 0D FF 7C   4D 7C 17 47 3B 2E F0 1A  ........M..G;...
01B0: 2A 21 A7 44 D6 32 28 B9   16 08 1E 4E 33 32 B5 64  *!.D.2(....N32.d
01C0: DD C9 CB 6A 86 EC 16 41   DE 16 78 A9 53 74 69 E8  ...j...A..x.Sti.
01D0: 2F 20 80 F6 3F 53 46 49   D4 34 B1 35 A8 43 25 85  / ..?SFI.4.5.C%.
01E0: 9F 6C 38 B2 C7 25 F0 41   EA 4A 9B E2 C8 7A 2A 47  .l8..%.A.J...z*G
01F0: C9 F9 5C 15 14 27 C6 C7   80 F5 6F 18 6F 53 61 85  ..\..'....o.oSa.

]

Added certificate to keystore 'jssecacerts' using alias 'invako.kro.kr-1'

 

$ keytool -exportcert -keystore jssecacerts -storepass changeit -file output.cert -alias invako.kro.kr-1
   Certificate stored in file <output.cert>
    root@jenkins:/var/jenkins_home/cert# 

 

$ keytool -importcert -keystore ${JAVA_HOME}/lib/security/cacerts -storepass changeit -file output.cert -alias letsencrypt

shell
닫기
Warning: use -cacerts option to access cacerts keystore
Owner: CN=invako.kro.kr, OU=Personal, O=invako, L=Osong, ST=South, C=CN
Issuer: CN=invako.kro.kr, OU=Personal, O=invako, L=Osong, ST=Osong, C=CN
Serial number: 61365f30bf5c20760ddb9544bb5719d7e7dde459
Valid from: Thu Jan 11 23:53:50 UTC 2024 until: Sun Jan 08 23:53:50 UTC 2034
Certificate fingerprints:
‌​SHA1: 50:E0:9D:5D:D1:E0:98:18:BB:E8:3C:82:7D:82:7E:B8:AF:8A:30:86
‌​SHA256: 22:90:D9:9A:26:44:9B:9D:44:C9:61:90:6A:BF:F2:8C:C0:33:EB:5C:EC:4D:02:74:4A:9C:ED:EB:72:48:87:B4
Signature algorithm name: SHA512withRSA
Subject Public Key Algorithm: 4096-bit RSA key
Version: 3

Extensions: 

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 9D 39 8F 17 58 A9 81 00   9B A5 9C F1 01 44 60 09  .9..X........D`.
0010: A0 96 71 11                                        ..q.
]
]

#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
​​CA:false
​​PathLen: undefined
]

#3: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
​​serverAuth
]

#4: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
​​DigitalSignature
​​Non_repudiation
​​Key_Encipherment
​​Data_Encipherment
]

#5: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
​​DNSName: invako.kro.kr
]

#6: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3C 64 12 AF C6 67 0B 58   C0 1D 10 E7 60 67 E1 1D  <d...g.X....`g..
0010: 80 13 55 B7                                        ..U.
]
]

Trust this certificate? [no]:  yes
Certificate was added to keystore

728x90
반응형
저작자표시 비영리 동일조건

'시스템 > 쿠버네티스' 카테고리의 다른 글

[쿠버네티스] gitlab 과 젠킨스 프로젝트 연동  (0) 2024.01.13
[쿠버네티스] erver certificate verification failed. CAfile: none CRLfile: none  (1) 2024.01.12
[쿠버네티스] 도커로 젠킨스 설치  (0) 2024.01.12
[쿠버네티스] Java PKIX path building failed: 에러 해결  (0) 2024.01.12
[쿠버네티스] 플러그인 패키지 매니저 krew설치  (0) 2024.01.12

관련글

댓글


"이 포스팅은 쿠팡 파트너스 활동의 일환으로, 이에 따른 일정액의 수수료를 제공받습니다."

티스토리툴바