Test connection fails and also unable to get K8s pods via Jenkins using service account

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

      PS: Jenkins is deployed in K8s and not using openshift [do not intend to]

      Provisioning of K8s pods from Kubernetes Jenkins plugin using the my cloud credentials is failing, hence created service account using below command:

      kubectl  -n mynamespace create serviceaccount jenkins

      Then after selecting service account authentication credentials tried Test Connection in K8s-plugin cloud configuration page, but connection failed with below error:

      Error testing connection https://api.k8s2.apac.cloud.net:6443: Failure executing: GET at: https://api.k8s2.apac.cloud.net:6443/api/v1/namespaces/mynamespace/pods. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:serviceaccount:mynamespace:default" cannot list resource "pods" in API group "" in the namespace "mynamespace": Unexpected user-id: system:serviceaccount:mynamespace:default.

      Also when jenkins triggered to run in labeled k8s pods, fails with below error:

      Failed to count the # of live instances on Kubernetes
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://api.k8s2.apac.cloud.net:6443/api/v1/namespaces/mynamespace/pods?labelSelector=jenkins%3Dslave. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:anonymous" cannot list resource "pods" in API group "" in the namespace "mynamespace": Unexpected user-id: system:anonymous.
	at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:472)
	at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:409)
	at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:381)
	at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:344)
	at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:328)
	at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:584)
	at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:49)
	at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud.addProvisionedSlave(KubernetesCloud.java:493)
	at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud.provision(KubernetesCloud.java:448)
	at hudson.slaves.NodeProvisioner$StandardStrategyImpl.apply(NodeProvisioner.java:715)
	at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:320)
	at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:61)
	at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:809)
	at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:72)
	at jenkins.security.ImpersonatingScheduledExecutorService$1.run(ImpersonatingScheduledExecutorService.java:58)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)

            Assignee:
            Carlos Sanchez
            Reporter:
            Harsha GV
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: