[JENKINS-40717] Enable authentication using Kubernetes service account token

Type: New Feature
Resolution: Unresolved
Priority: Minor
Component/s: kubernetes-credentials-plugin, kubernetes-plugin
Labels:
None

Similar Issues:
Powered by SuggestiMate

Show

The plugin allows to use service accounts only when running in Kubernetes. However, service accounts can be used to access a kubernetes cluster from outside as well. See [1].

To connect a Jenkins instance to an existing kubernetes cluster, it would be very natural for an admin to create a dedicated service account, assign it to a namespace and make use of it to configure the kubernetes plugin.

Since the functionality is already there, I guess the effort would not be to high. Or is there any reason not to do so?

[1] http://kubernetes.io/docs/admin/authentication/

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

Screen Shot 2018-08-28 at 12.03.43 PM.png
47 kB
2018-08-28 16:05
Screen Shot 2018-08-28 at 1.37.02 PM.png
189 kB
2018-08-28 17:38

is duplicated by

JENKINS-49660 Unable to configure plugin using ibm k8s

Resolved

Holger Partsch created issue - 2016-12-29 12:01

Carlos Sanchez added a comment - 2017-08-26 20:46

I think that adding a token field to https://github.com/jenkinsci/kubernetes-plugin/blob/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/ServiceAccountCredential.java should be enough. Read the file if field is empty

Carlos Sanchez added a comment - 2017-08-26 20:46 I think that adding a token field to https://github.com/jenkinsci/kubernetes-plugin/blob/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/ServiceAccountCredential.java should be enough. Read the file if field is empty

Carlos Sanchez made changes - 2017-08-26 20:47

Summary

Original: Enable usage of Kubernetes service accounts in general

New: Enable authentication using Kubernetes service account token

Carlos Sanchez made changes - 2017-08-26 20:47

Issue Type

Original: Improvement [ 4 ]

New: New Feature [ 2 ]

Carlos Sanchez made changes - 2018-01-04 13:31

Component/s

New: kubernetes-credentials-plugin [ 23230 ]

Carlos Sanchez added a comment - 2018-01-22 07:48

This is possible using OpenShift Oauth token (even in kubernetes)

Carlos Sanchez added a comment - 2018-01-22 07:48 This is possible using OpenShift Oauth token (even in kubernetes)

Carlos Sanchez made changes - 2018-01-22 07:48

Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Closed [ 6 ]

Carlos Sanchez made changes - 2018-02-20 23:21

Link

New: This issue is duplicated by ~~JENKINS-49660~~ [ ~~JENKINS-49660~~ ]

Nitin Padalia added a comment - 2018-04-16 15:20 - edited

Hi csanchez I am not able to see any token value which I can provide using this plugin.

It is automatically creating some token value. I am using latest version of kubernetes-credentials-plugin.

I Jenkins master is outside of Kubernetes cluster. Am I doing something wrong?

Nitin Padalia added a comment - 2018-04-16 15:20 - edited Hi csanchez I am not able to see any token value which I can provide using this plugin. It is automatically creating some token value. I am using latest version of kubernetes-credentials-plugin. I Jenkins master is outside of Kubernetes cluster. Am I doing something wrong?

Chris Denneen added a comment - 2018-08-28 16:04

csanchez I agree with nitinpadalia When you add this type of Kubernetes Service Account in the Jenkins UI there is no Value field so it shows "Secret text" and you have no control over the value to add the serviceaccount name used or add a token needed for that serviceaccount name.

Anyway to validate with 1.12.0 and 1.12.4 with LTS 2.121.3

Chris Denneen added a comment - 2018-08-28 16:04 csanchez I agree with nitinpadalia When you add this type of Kubernetes Service Account in the Jenkins UI there is no Value field so it shows "Secret text" and you have no control over the value to add the serviceaccount name used or add a token needed for that serviceaccount name. Anyway to validate with 1.12.0 and 1.12.4 with LTS 2.121.3

Chris Denneen made changes - 2018-08-28 16:04

Resolution	Original: Fixed [ 1 ]
Status	Original: Closed [ 6 ]	New: Reopened [ 4 ]

Assignee:: Unassigned

Reporter:: Holger Partsch

Votes:: 5 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2016-12-29 12:01

Updated:: 2021-01-07 16:02

Jenkins

Details

Description

Attachments

Attachments

Issue Links

Activity

Collapse comment: Carlos Sanchez added a comment - 2017-08-26 20:46

Expand comment: Carlos Sanchez added a comment - 2017-08-26 20:46

Collapse comment: Carlos Sanchez added a comment - 2018-01-22 07:48

Expand comment: Carlos Sanchez added a comment - 2018-01-22 07:48

Collapse comment: Nitin Padalia added a comment - 2018-04-16 15:20, Edited by Nitin Padalia - 2018-04-16 16:07

Expand comment: Nitin Padalia added a comment - 2018-04-16 15:20, Edited by Nitin Padalia - 2018-04-16 16:07

Collapse comment: Chris Denneen added a comment - 2018-08-28 16:04

Expand comment: Chris Denneen added a comment - 2018-08-28 16:04

People

Dates