You need to create a bitbucket user that will be added to your project and has at least READ permissions, add this user to Jenkins credentials (username/pw). The plugin uses the bitbucket API to do everything.
Under Configure System look for Bitbucket Endpoints and enable "Manage Hooks"
The webhook address is: https://your.jenkins.tld/bitbucket-scmsource-hook/notify/
XOR or ⊕ - a type of logical disjunction on two operands that results in a value of true if the operands, or disjuncts, have opposite truth values. A simple way to state this is "one or the other but not both."
Saturday, February 10, 2018
Sunday, January 28, 2018
[Kubernetes] How to create a new restricted RBAC user in Kubernetes 1.9
- connect to any master node and get the ca.pem and ca-key.pem from /etc/kubernetes/ssl
- create new user, in this example we call this user "testuser"
openssl genrsa -out testuser.key 2048
openssl req -new -key testuser.key -out testuser.csr -subj "/CN=testuser/O=testuser"
openssl x509 -req -in testuser.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out testuser.crt -days 500- create role-deployment-manager.yaml :
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: office
name: deployment-manager
rules:
- apiGroups: ["", "extensions", "apps"]
resources: ["deployments", "replicasets", "pods"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] # You can also use ["*"] - create rolebinding-deployment-manager.yaml
$kubectl config set-credentials testuser --client-certificate=/home/testuser/.certs/testuser.crt --client-key=/home/testuser/.certs/testuser.key
$kubectl config set-context testuser-context --cluster=testcluster --namespace=office --user=testuser- kubectl create -f both files and then test with kubectl --context=testuser-context get pods, confirm restriction by changing adding -ndefault to see if default namespace access is denied
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: deployment-manager-binding
namespace: office
subjects:
- kind: User
name: testuser
apiGroup: ""
roleRef:
kind: Role
name: deployment-manager
apiGroup: ""
Subscribe to:
Posts (Atom)