When configuring a Kubernetes cloud, depending on the kind of credentials provided, the validation is inconsistent. With invalid credentials, sometimes it errors out, sometimes it fall backs to injected credentials, which lead to a false impression of a valid configuration.

Expected behaviour

• if no credential is provided, the plugin should use injected credentials from its environment, such as service account when Jenkins is running inside of a Kubernetes pod.

• if a credential (of whatever supported type) is provided, it is expected to be used, and not fallback to injected credentials. If it fails to authenticate, a validation error should be raised.
  • Username/password (user/password credentials)
  • Certificate (docker server credentials)
  • Keystore (certificate credentials)
  • Kubeconfig (secret file)
  • Token (google robot credentials or secret text)

As this could possibly break configurations that are currently invalid but falling back to injected credentials, this should be mentioned in the release notes.