Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-66046

Can't override jnlp podTemplate & container - Jenkins declarative pipeline

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      I'm using jenkins on kubernetes cluster, installed with helm chart as below,

      helm repo add jenkinsci https://charts.jenkins.io
      helm repo update
      kubectl create ns jenkins
      kubectl apply -f https://raw.githubusercontent.com/nurhun/jenkisn_pvc/main/pvc_jks.yaml
      kubectl apply -f https://raw.githubusercontent.com/jenkins-infra/jenkins.io/master/content/doc/tutorials/kubernetes/installing-jenkins-on-kubernetes/jenkins-sa.yaml 
      helm install my-jenkins jenkinsci/jenkins -n jenkins \
      --set controller.serviceType=LoadBalancer \
      --set controller.servicePort=8888 \
      --set persistence.existingClaim=jenkins-pvc \
      --set persistence.accessMode=ReadWriteMany
      

      Also tried --set agent.enabled=false but also graps the default jnlp image

      And tried to override the jnlp agent by below pipeline, but it skip my definition and pull the default jenkins/inbound-agent:4.3-4 image.

      My pipeline:

      pipeline {
        
          agent {
              kubernetes {
                  cloud 'kubernetes'
                  label 'jnlp'
                  defaultContainer 'jnlp'
                  yaml """
                      apiVersion: v1
                      kind: Pod
                      metadata:
                      labels:
                          label: agent
                          jenkins: slave
                      name: jnlp
                      spec:
                      containers:
                      - name: jnlp
                        image: nurhun/my_custom_jenkins_inboud_agent:v1.0
                        args: ['\$(JENKINS_SECRET)', '\$(JENKINS_NAME)']
                        env:
                        - name: CONTAINER_ENV_VAR
                          value: jnlp
                        - name: JENKINS_AGENT_WORKDIR
                          value: /home/jenkins/agent
                        - name: JENKINS_URL
                          value: http://my-jenkins.jenkins.svc.cluster.local:8888/
                        - name: "JENKINS_TUNNEL"
                          value: "my-jenkins-agent.jenkins.svc.cluster.local:50000"
                        volumeMounts:
                        - mountPath: "/home/jenkins/agent"
                          name: "workspace-volume"
                          readOnly: false
                        - name: jenkins-docker-cfg
                          mountPath: /var/run/docker.sock
                      volumes:
                      - name: jenkins-docker-cfg
                        hostPath:
                          path: /var/run/docker.sock
                      - emptyDir:
                          medium: ""
                          name: "workspace-volume"
                  """
              }
          }
      
            
          stages {
      
              stage('Build') {
                  agent {
                      kubernetes {
                          label 'jnlp'
                          defaultContainer 'jnlp'
                      }
                  }
      
                  steps {
                      sh "docker build . -t custom_image:${IMAGE_TAG}"
                  }
              }
           }
      }
      

       

      I also tried to set the Defaults Provider Template Name as below, but still doesn't work.

       

      Any ideas ?

        Attachments

          Activity

          Hide
          mount986 Matthew added a comment -

          I am having a similar issue.  No matter what I set in my cloud settings, it's always using:

          jenkins/inbound-agent:4.3-4
          

          This is an issue, because 4.3-4 has 2 critical CVES (CVE-2021-20231 & CVE-2021-20232) which are stopping us from being able to deploy in our prod cluster.

          Show
          mount986 Matthew added a comment - I am having a similar issue.  No matter what I set in my cloud settings, it's always using: jenkins/inbound-agent:4.3-4 This is an issue, because 4.3-4 has 2 critical CVES (CVE-2021-20231 & CVE-2021-20232) which are stopping us from being able to deploy in our prod cluster.
          Hide
          mount986 Matthew added a comment -

          As a Major priority with a relatively simple fix, it's now been a few months.  Any chance of this getting resolved soon?

          Show
          mount986 Matthew added a comment - As a Major priority with a relatively simple fix, it's now been a few months.  Any chance of this getting resolved soon?
          Hide
          cghislai charly ghislain added a comment -

          I was having an issue with the default agent image "jenkins/inbound-agent:4.3-4" from kubernetes plugin version 1.30.1 that was used for my podTemplates. The new letsencrypt ca was apparently not in the truststore (not checked), and git clone was failing because it couldn't validate the certificate.

          I ran into this issue when I attempted to add a customer jnlp container spec in my podTemplate with the arguments as provided in the documentation page, which is:

           

          spec:
            containers:
            - name: jnlp
              image: 'jenkins/inbound-agent:4.7-1'
              args: ['\$(JENKINS_SECRET)', '\$(JENKINS_NAME)']
          

          For some reason, this appeared to be ignored. However, NOT specifying the container args worked as expected.

           

          To be explicit, a container spec like this one below was pulling my custom image, and resolved my issue:

           

          containers:
            - name: jnlp
              image: 'my/custom/image:myCustomImageTag'
          

           

           

          Show
          cghislai charly ghislain added a comment - I was having an issue with the default agent image "jenkins/inbound-agent:4.3-4" from kubernetes plugin version 1.30.1 that was used for my podTemplates. The new letsencrypt ca was apparently not in the truststore (not checked), and git clone was failing because it couldn't validate the certificate. I ran into this issue when I attempted to add a customer jnlp container spec in my podTemplate with the arguments as provided in the documentation page, which is:   spec: containers: - name: jnlp image: 'jenkins/inbound-agent:4.7-1' args: [ '\$(JENKINS_SECRET)' , '\$(JENKINS_NAME)' ] For some reason, this appeared to be ignored. However, NOT specifying the container args worked as expected.   To be explicit, a container spec like this one below was pulling my custom image, and resolved my issue:   containers: - name: jnlp image: 'my/custom/image:myCustomImageTag'    

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            nurhun Nurhun
            Votes:
            3 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated: