-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Blocker
-
Component/s: kubernetes-plugin
-
Environment:Kubernetes plugin, Jenkins, Kubernetes all latest
I have a self hosted Gitea instance which has https secured via lets encrypt. Currently it is not possible for me to change the inbound agent to a more recent one, resulting in build failures.
Here is the log of a build
Branch indexing
Querying the current revision of branch v1...
Current revision of branch v1 is e6be5c4d63900e2ccf418b138ef23c9f0ab8ef5e
Obtained Jenkinsfile from e6be5c4d63900e2ccf418b138ef23c9f0ab8ef5e[Pipeline] Start of Pipeline[Pipeline] podTemplate[Pipeline] {[Pipeline] nodeCreated Pod: kubernetes dev-imanuel-jenkins/creastina-jinya-discord-webhook-v1-1-sf4lm-zpvct-5jzn3
[Normal][dev-imanuel-jenkins/creastina-jinya-discord-webhook-v1-1-sf4lm-zpvct-5jzn3][Scheduled] Successfully assigned dev-imanuel-jenkins/creastina-jinya-discord-webhook-v1-1-sf4lm-zpvct-5jzn3 to v220210587729153147
[Normal][dev-imanuel-jenkins/creastina-jinya-discord-webhook-v1-1-sf4lm-zpvct-5jzn3][Pulled] Container image "quay.imanuel.dev/dockerhub/library---docker:stable" already present on machine
[Normal][dev-imanuel-jenkins/creastina-jinya-discord-webhook-v1-1-sf4lm-zpvct-5jzn3][Created] Created container docker
[Normal][dev-imanuel-jenkins/creastina-jinya-discord-webhook-v1-1-sf4lm-zpvct-5jzn3][Started] Started container docker
[Normal][dev-imanuel-jenkins/creastina-jinya-discord-webhook-v1-1-sf4lm-zpvct-5jzn3][Pulled] Container image "jenkins/inbound-agent:4.3-4-jdk11" already present on machine
[Normal][dev-imanuel-jenkins/creastina-jinya-discord-webhook-v1-1-sf4lm-zpvct-5jzn3][Created] Created container jnlp
[Normal][dev-imanuel-jenkins/creastina-jinya-discord-webhook-v1-1-sf4lm-zpvct-5jzn3][Started] Started container jnlpAgent [creastina-jinya-discord-webhook-v1-1-sf4lm-zpvct-5jzn3|https://jenkins.imanuel.dev/computer/creastina-jinya-discord-webhook-v1-1-sf4lm-zpvct-5jzn3] is provisioned from template Creastina_jinya-discord-webhook_v1_1-sf4lm-zpvct
---
apiVersion: "v1"
kind: "Pod"
metadata:
annotations:
buildUrl: "[http://jenkins.dev-imanuel-jenkins.svc.cluster.local:8080/job/Creastina/job/jinya-discord-webhook/job/v1/1/]"
runUrl: "job/Creastina/job/jinya-discord-webhook/job/v1/1/"
labels:
jenkins/jenkins-jenkins-agent: "true"
jenkins/label-digest: "ef1473e7f33af8fc034b8d7758913a5c740bed2c"
jenkins/label: "Creastina_jinya-discord-webhook_v1_1-sf4lm"
name: "creastina-jinya-discord-webhook-v1-1-sf4lm-zpvct-5jzn3"
spec:
containers:
- command:
- "cat"
image: "quay.imanuel.dev/dockerhub/library---docker:stable"
name: "docker"
tty: true
volumeMounts:
- mountPath: "/var/run/docker.sock"
name: "docker-sock"
- mountPath: "/home/jenkins/agent"
name: "workspace-volume"
readOnly: false
- env:
- name: "JENKINS_SECRET"
value: "********"
- name: "JENKINS_TUNNEL"
value: "jenkins-agent.dev-imanuel-jenkins.svc.cluster.local:50000"
- name: "JENKINS_AGENT_NAME"
value: "creastina-jinya-discord-webhook-v1-1-sf4lm-zpvct-5jzn3"
- name: "JENKINS_NAME"
value: "creastina-jinya-discord-webhook-v1-1-sf4lm-zpvct-5jzn3"
- name: "JENKINS_AGENT_WORKDIR"
value: "/home/jenkins/agent"
- name: "JENKINS_URL"
value: "[http://jenkins.dev-imanuel-jenkins.svc.cluster.local:8080/]"
image: "jenkins/inbound-agent:4.3-4-jdk11"
name: "jnlp"
resources:
limits: {}
requests:
memory: "256Mi"
cpu: "100m"
volumeMounts:
- mountPath: "/home/jenkins/agent"
name: "workspace-volume"
readOnly: false
nodeSelector:
kubernetes.io/os: "linux"
restartPolicy: "Never"
volumes:
- hostPath:
path: "/var/run/docker.sock"
name: "docker-sock"
- emptyDir:
medium: ""
name: "workspace-volume"
Running on [creastina-jinya-discord-webhook-v1-1-sf4lm-zpvct-5jzn3|https://jenkins.imanuel.dev/computer/creastina%2Djinya%2Ddiscord%2Dwebhook%2Dv1%2D1%2Dsf4lm%2Dzpvct%2D5jzn3/] in /home/jenkins/agent/workspace/eastina_jinya-discord-webhook_v1[Pipeline] {[Pipeline] stage[Pipeline] { (Declarative: Checkout SCM)[Pipeline] checkoutThe recommended git tool is: NONE
Warning: CredentialId "gitea.imanuel.dev" could not be found.
Cloning the remote Git repository
Cloning with configured refspecs honoured and without tags
Cloning repository [https://c5baf2f45567960fa3ec98325ec641de3296ed64@gitea.imanuel.dev/creastina/jinya-discord-webhook.git] > git init /home/jenkins/agent/workspace/eastina_jinya-discord-webhook_v1 # timeout=10
Fetching upstream changes from [https://c5baf2f45567960fa3ec98325ec641de3296ed64@gitea.imanuel.dev/creastina/jinya-discord-webhook.git] > git --version # timeout=10
> git --version # 'git version 2.20.1'
> git fetch --no-tags --force --progress -- [https://c5baf2f45567960fa3ec98325ec641de3296ed64@gitea.imanuel.dev/creastina/jinya-discord-webhook.git] +refs/heads/v1:refs/remotes/origin/v1 # timeout=10
ERROR: Error cloning remote repo 'origin'
hudson.plugins.git.GitException: Command "git fetch --no-tags --force --progress -- [https://c5baf2f45567960fa3ec98325ec641de3296ed64@gitea.imanuel.dev/creastina/jinya-discord-webhook.git] +refs/heads/v1:refs/remotes/origin/v1" returned status code 128:
stdout:
stderr: fatal: unable to access '[https://c5baf2f45567960fa3ec98325ec641de3296ed64@gitea.imanuel.dev/creastina/jinya-discord-webhook.git/]': server certificate verification failed. CAfile: none CRLfile: none
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2681)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2102)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$500(CliGitAPIImpl.java:86)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:624)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$2.execute(CliGitAPIImpl.java:853)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$GitCommandMasterToSlaveCallable.call(RemoteGitImpl.java:160)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$GitCommandMasterToSlaveCallable.call(RemoteGitImpl.java:153)
at hudson.remoting.UserRequest.perform(UserRequest.java:211)
at hudson.remoting.UserRequest.perform(UserRequest.java:54)
at hudson.remoting.Request$2.run(Request.java:369)
at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:117)
at java.base/java.lang.Thread.run(Thread.java:834)
Suppressed: hudson.remoting.Channel$CallSiteStackTrace: Remote call to JNLP4-connect connection from 10.1.88.229/10.1.88.229:44762
at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1797)
at hudson.remoting.UserRequest$ExceptionResponse.retrieve(UserRequest.java:356)
at hudson.remoting.Channel.call(Channel.java:1001)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:145)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:131)
at com.sun.proxy.$Proxy101.execute(Unknown Source)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1224)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1302)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:129)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:97)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:84)
at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)[Pipeline] }[Pipeline] // stage[Pipeline] }[Pipeline] // node[Pipeline] }[Pipeline] // podTemplate[Pipeline] End of PipelineERROR: Error cloning remote repo 'origin'
[Gitea] Notifying branch build status: FAILURE There was a failure building this commit
[Gitea] Notified
Finished: FAILURE
As seen in the log a really old version of the inbound agent is used, which doesn't know the new lets encrypt certificate. What confuses me is, that the plugin itself is configured to use the correct inbound agent. Here is the CASC:
clouds:
- kubernetes:
containerCap: 10
containerCapStr: "10"
jenkinsTunnel: "jenkins-agent.dev-imanuel-jenkins.svc.cluster.local:50000"
jenkinsUrl: "http://jenkins.dev-imanuel-jenkins.svc.cluster.local:8080"
name: "kubernetes"
namespace: "dev-imanuel-jenkins"
podLabels:
- key: "jenkins/jenkins-jenkins-agent"
value: "true"
serverUrl: "https://kubernetes.default"
templates:
- containers:
- alwaysPullImage: true
args: "^${computer.jnlpmac} ^${computer.name}"
envVars:
- envVar:
key: "JENKINS_URL"
value: "http://jenkins.dev-imanuel-jenkins.svc.cluster.local:8080/"
image: "quay.imanuel.dev/dockerhub/jenkins---inbound-agent:latest"
name: "jnlp"
resourceLimitCpu: "512m"
resourceLimitMemory: "512Mi"
resourceRequestCpu: "512m"
resourceRequestMemory: "512Mi"
workingDir: "/home/jenkins/agent"
id: "3d9ce69523ff840e4137bb13a2139042a40d64fb6ceaeb6d4c57ffdb081ee5eb"
label: "jenkins-jenkins-agent"
name: "default"
nodeUsageMode: NORMAL
podRetention: "never"
serviceAccount: "default"
slaveConnectTimeout: 100
slaveConnectTimeoutStr: "100"
yamlMergeStrategy: "override"
As seen in the config I used a docker proxy and a different version. If you need any more informations just give me a heads up.
