-
Bug
-
Resolution: Incomplete
-
Minor
-
Jenkins in K8s
PS: Jenkins is deployed in K8s and not using openshift [do not intend to]
Provisioning of K8s pods from Kubernetes Jenkins plugin using the my cloud credentials is failing, hence created service account using below command:
kubectl -n mynamespace create serviceaccount jenkins
Then after selecting service account authentication credentials tried Test Connection in K8s-plugin cloud configuration page, but connection failed with below error:
Error testing connection https://api.k8s2.apac.cloud.net:6443: Failure executing: GET at: https://api.k8s2.apac.cloud.net:6443/api/v1/namespaces/mynamespace/pods. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:serviceaccount:mynamespace:default" cannot list resource "pods" in API group "" in the namespace "mynamespace": Unexpected user-id: system:serviceaccount:mynamespace:default.
Also when jenkins triggered to run in labeled k8s pods, fails with below error:
Failed to count the # of live instances on Kubernetes io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://api.k8s2.apac.cloud.net:6443/api/v1/namespaces/mynamespace/pods?labelSelector=jenkins%3Dslave. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:anonymous" cannot list resource "pods" in API group "" in the namespace "mynamespace": Unexpected user-id: system:anonymous. at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:472) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:409) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:381) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:344) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:328) at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:584) at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:49) at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud.addProvisionedSlave(KubernetesCloud.java:493) at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud.provision(KubernetesCloud.java:448) at hudson.slaves.NodeProvisioner$StandardStrategyImpl.apply(NodeProvisioner.java:715) at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:320) at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:61) at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:809) at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:72) at jenkins.security.ImpersonatingScheduledExecutorService$1.run(ImpersonatingScheduledExecutorService.java:58) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)
[JENKINS-57352] Test connection fails and also unable to get K8s pods via Jenkins using service account
Harsha GV
created issue -
Harsha GV
made changes -
| Description |
Original:
Provisioning of K8s pods from Kubernetes Jenkins plugin using the my cloud credentials is failing, hence created service account using below command: PS: Jenkins is deployed in K8s {code} kubectl -n mynamespace create serviceaccount jenkins {code} Then tried Test Connection from K8s-plugin, but connection failed with below error: {code} Error testing connection https://api.k8s2.apac.cloud.net:6443: Failure executing: GET at: https://api.k8s2.apac.cloud.net:6443/api/v1/namespaces/mynamespace/pods. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:serviceaccount:mynamespace:default" cannot list resource "pods" in API group "" in the namespace "mynamespace": Unexpected user-id: system:serviceaccount:mynamespace:default. {code} Also when jenkins triggered to run in labeled k8s pods, fails with below error: {code} Failed to count the # of live instances on Kubernetes io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://api.k8s2.apac.cloud.net:6443/api/v1/namespaces/mynamespace/pods?labelSelector=jenkins%3Dslave. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:anonymous" cannot list resource "pods" in API group "" in the namespace "mynamespace": Unexpected user-id: system:anonymous. at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:472) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:409) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:381) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:344) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:328) at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:584) at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:49) at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud.addProvisionedSlave(KubernetesCloud.java:493) at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud.provision(KubernetesCloud.java:448) at hudson.slaves.NodeProvisioner$StandardStrategyImpl.apply(NodeProvisioner.java:715) at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:320) at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:61) at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:809) at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:72) at jenkins.security.ImpersonatingScheduledExecutorService$1.run(ImpersonatingScheduledExecutorService.java:58) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) {code} |
New:
*PS: Jenkins is deployed in K8s and not using openshift [doe not intend to]* Provisioning of K8s pods from Kubernetes Jenkins plugin using the my cloud credentials is failing, hence created service account using below command: {code:java} kubectl -n mynamespace create serviceaccount jenkins {code} Then tried Test Connection from K8s-plugin, but connection failed with below error: {code:java} Error testing connection https://api.k8s2.apac.cloud.net:6443: Failure executing: GET at: https://api.k8s2.apac.cloud.net:6443/api/v1/namespaces/mynamespace/pods. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:serviceaccount:mynamespace:default" cannot list resource "pods" in API group "" in the namespace "mynamespace": Unexpected user-id: system:serviceaccount:mynamespace:default. {code} Also when jenkins triggered to run in labeled k8s pods, fails with below error: {code:java} Failed to count the # of live instances on Kubernetes io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://api.k8s2.apac.cloud.net:6443/api/v1/namespaces/mynamespace/pods?labelSelector=jenkins%3Dslave. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:anonymous" cannot list resource "pods" in API group "" in the namespace "mynamespace": Unexpected user-id: system:anonymous. at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:472) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:409) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:381) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:344) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:328) at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:584) at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:49) at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud.addProvisionedSlave(KubernetesCloud.java:493) at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud.provision(KubernetesCloud.java:448) at hudson.slaves.NodeProvisioner$StandardStrategyImpl.apply(NodeProvisioner.java:715) at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:320) at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:61) at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:809) at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:72) at jenkins.security.ImpersonatingScheduledExecutorService$1.run(ImpersonatingScheduledExecutorService.java:58) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) {code} |
Harsha GV
made changes -
| Description |
Original:
*PS: Jenkins is deployed in K8s and not using openshift [doe not intend to]* Provisioning of K8s pods from Kubernetes Jenkins plugin using the my cloud credentials is failing, hence created service account using below command: {code:java} kubectl -n mynamespace create serviceaccount jenkins {code} Then tried Test Connection from K8s-plugin, but connection failed with below error: {code:java} Error testing connection https://api.k8s2.apac.cloud.net:6443: Failure executing: GET at: https://api.k8s2.apac.cloud.net:6443/api/v1/namespaces/mynamespace/pods. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:serviceaccount:mynamespace:default" cannot list resource "pods" in API group "" in the namespace "mynamespace": Unexpected user-id: system:serviceaccount:mynamespace:default. {code} Also when jenkins triggered to run in labeled k8s pods, fails with below error: {code:java} Failed to count the # of live instances on Kubernetes io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://api.k8s2.apac.cloud.net:6443/api/v1/namespaces/mynamespace/pods?labelSelector=jenkins%3Dslave. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:anonymous" cannot list resource "pods" in API group "" in the namespace "mynamespace": Unexpected user-id: system:anonymous. at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:472) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:409) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:381) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:344) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:328) at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:584) at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:49) at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud.addProvisionedSlave(KubernetesCloud.java:493) at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud.provision(KubernetesCloud.java:448) at hudson.slaves.NodeProvisioner$StandardStrategyImpl.apply(NodeProvisioner.java:715) at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:320) at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:61) at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:809) at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:72) at jenkins.security.ImpersonatingScheduledExecutorService$1.run(ImpersonatingScheduledExecutorService.java:58) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) {code} |
New:
*PS: Jenkins is deployed in K8s and not using openshift [do not intend to]* Provisioning of K8s pods from Kubernetes Jenkins plugin using the my cloud credentials is failing, hence created service account using below command: {code:java} kubectl -n mynamespace create serviceaccount jenkins {code} Then tried Test Connection from K8s-plugin, but connection failed with below error: {code:java} Error testing connection https://api.k8s2.apac.cloud.net:6443: Failure executing: GET at: https://api.k8s2.apac.cloud.net:6443/api/v1/namespaces/mynamespace/pods. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:serviceaccount:mynamespace:default" cannot list resource "pods" in API group "" in the namespace "mynamespace": Unexpected user-id: system:serviceaccount:mynamespace:default. {code} Also when jenkins triggered to run in labeled k8s pods, fails with below error: {code:java} Failed to count the # of live instances on Kubernetes io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://api.k8s2.apac.cloud.net:6443/api/v1/namespaces/mynamespace/pods?labelSelector=jenkins%3Dslave. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:anonymous" cannot list resource "pods" in API group "" in the namespace "mynamespace": Unexpected user-id: system:anonymous. at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:472) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:409) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:381) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:344) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:328) at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:584) at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:49) at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud.addProvisionedSlave(KubernetesCloud.java:493) at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud.provision(KubernetesCloud.java:448) at hudson.slaves.NodeProvisioner$StandardStrategyImpl.apply(NodeProvisioner.java:715) at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:320) at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:61) at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:809) at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:72) at jenkins.security.ImpersonatingScheduledExecutorService$1.run(ImpersonatingScheduledExecutorService.java:58) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) {code} |
Harsha GV
made changes -
| Description |
Original:
*PS: Jenkins is deployed in K8s and not using openshift [do not intend to]* Provisioning of K8s pods from Kubernetes Jenkins plugin using the my cloud credentials is failing, hence created service account using below command: {code:java} kubectl -n mynamespace create serviceaccount jenkins {code} Then tried Test Connection from K8s-plugin, but connection failed with below error: {code:java} Error testing connection https://api.k8s2.apac.cloud.net:6443: Failure executing: GET at: https://api.k8s2.apac.cloud.net:6443/api/v1/namespaces/mynamespace/pods. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:serviceaccount:mynamespace:default" cannot list resource "pods" in API group "" in the namespace "mynamespace": Unexpected user-id: system:serviceaccount:mynamespace:default. {code} Also when jenkins triggered to run in labeled k8s pods, fails with below error: {code:java} Failed to count the # of live instances on Kubernetes io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://api.k8s2.apac.cloud.net:6443/api/v1/namespaces/mynamespace/pods?labelSelector=jenkins%3Dslave. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:anonymous" cannot list resource "pods" in API group "" in the namespace "mynamespace": Unexpected user-id: system:anonymous. at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:472) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:409) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:381) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:344) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:328) at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:584) at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:49) at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud.addProvisionedSlave(KubernetesCloud.java:493) at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud.provision(KubernetesCloud.java:448) at hudson.slaves.NodeProvisioner$StandardStrategyImpl.apply(NodeProvisioner.java:715) at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:320) at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:61) at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:809) at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:72) at jenkins.security.ImpersonatingScheduledExecutorService$1.run(ImpersonatingScheduledExecutorService.java:58) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) {code} |
New:
*PS: Jenkins is deployed in K8s and not using openshift [do not intend to]* Provisioning of K8s pods from Kubernetes Jenkins plugin using the my cloud credentials is failing, hence created service account using below command: {code:java} kubectl -n mynamespace create serviceaccount jenkins {code} Then after selecting service account authentication credentials tried *_Test Connection_* in K8s-plugin cloud configuration page, but connection failed with below error: {code:java} Error testing connection https://api.k8s2.apac.cloud.net:6443: Failure executing: GET at: https://api.k8s2.apac.cloud.net:6443/api/v1/namespaces/mynamespace/pods. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:serviceaccount:mynamespace:default" cannot list resource "pods" in API group "" in the namespace "mynamespace": Unexpected user-id: system:serviceaccount:mynamespace:default. {code} Also when jenkins triggered to run in labeled k8s pods, fails with below error: {code:java} Failed to count the # of live instances on Kubernetes io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://api.k8s2.apac.cloud.net:6443/api/v1/namespaces/mynamespace/pods?labelSelector=jenkins%3Dslave. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:anonymous" cannot list resource "pods" in API group "" in the namespace "mynamespace": Unexpected user-id: system:anonymous. at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:472) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:409) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:381) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:344) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:328) at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:584) at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:49) at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud.addProvisionedSlave(KubernetesCloud.java:493) at org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud.provision(KubernetesCloud.java:448) at hudson.slaves.NodeProvisioner$StandardStrategyImpl.apply(NodeProvisioner.java:715) at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:320) at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:61) at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:809) at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:72) at jenkins.security.ImpersonatingScheduledExecutorService$1.run(ImpersonatingScheduledExecutorService.java:58) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) {code} |
Harsha GV
added a comment - Using secret text by adding token string of service account Harsha GV
made changes -
| Comment |
[ K8s: Client v1.11.5 Server v1.13.5 Jenkins deployed in K8s. And also could you please point me to any documentation to get the minimum roles and rolebindings needs to be assigned to a Jenkins service account - used by k8s plugin to to dynamically provision a Jenkins agent, run a single build, then tear-down that agent. ] |
Harsha GV
added a comment - K8s:
Client v1.11.5
Server v1.13.5
Jenkins deployed in K8s.
Also could you please point me to any documentation to get the minimum roles and rolebindings needs to be assigned to a Jenkins service account - used by k8s plugin to to dynamically provision a Jenkins agent, run a single build, then tear-down that agent?
Harsha GV
added a comment - K8s:
Client v1.11.5
Server v1.13.5
Jenkins deployed in K8s.
Also could you please point me to any documentation to get the minimum roles and rolebindings needs to be assigned to a Jenkins service account - used by k8s plugin to to dynamically provision a Jenkins agent, run a single build, then tear-down that agent? what kubernetes ? EKS? GKE?...?
Roles are here
https://github.com/jenkinsci/kubernetes-plugin/blob/master/src/main/kubernetes/service-account.yml
looks like it is picking the default service account, but I've never seen the "Unexpected user-id" error
How do you configure the service account in jenkins?