Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-71168

Failed to set mounts and volumeMounts of jnlp container using yaml field in podtemplate

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • kubernetes-plugin
    • Jenkins: 2.375.3
      OS: Linux - 5.10.0-19-amd64
      Java: 11.0.18 - Eclipse Adoptium (OpenJDK 64-Bit Server VM)
      ---
      kubernetes:3927.v04b_e3630225d
      kubernetes-client-api:6.4.1-215.v2ed17097a_8e9
      kubernetes-credentials:0.10.0

      steps to reproduce:

      1. add new kubernetes , add a new pod template in settings-configure clouds
      2. set yaml field in the new pod template
      3. start a new pipeline, to see if the yaml is merged into the provisioned pod.

       

      yaml field:

      apiVersion: "v1"
      kind: "Pod"
      metadata:
        namespace: "qaci"
      spec:
        containers:
        - name: jnlp
          volumeMounts:
          - name: ssl-certs
            mountPath: /etc/ssl/certs
            readOnly: true
        volumes:
        - name: ssl-certs
          hostPath:
            path: /etc/ssl/certs

      pipeline:

      pipeline{
        agent {
          kubernetes {
            inheritFrom "test"
            yaml """
      apiVersion: v1
      kind: Pod
      spec:
        containers:
          - name: python
            image: docker.io/library/python:3.10
            tty: true
            resources:
              limits:
                cpu: 1
                memory: 1Gi
              requests:
                cpu: 100m
                memory: 128M
            """
          }
        }
        stages{
          stage('test') {
            steps {
              echo "hello"
            }
          }
        }
      }
      

      expect:

      jnlp container should have an extra mount named `ssl-certs`

       

      actual:

      jnlp container does not have an extra mount named `ssl-certs`, only workspace mount is present.

       

      Agent pipeline-test-temp-branch-12-s4tms-g0lz4-lj9cw is provisioned from template pipeline-test_temp-branch_12-s4tms-g0lz4
      ---
      apiVersion: "v1"
      kind: "Pod"
      metadata:
        annotations:
          buildUrl: "http://jenkins:8080/job/pipeline-test/job/temp-branch/12/"
          runUrl: "job/pipeline-test/job/temp-branch/12/"
        labels:
          jenkins: "slave"
          jenkins/label-digest: "0debecf5fa832b5f8b5e3dee52ddb51ad00b504c"
          jenkins/label: "pipeline-test_temp-branch_12-s4tms"
        name: "pipeline-test-temp-branch-12-s4tms-g0lz4-lj9cw"
        namespace: "qaci"
      spec:
        containers:
        - image: "docker.io/library/python:3.10"
          name: "python"
          resources:
            limits:
              cpu: "1"
              memory: "1Gi"
            requests:
              cpu: "100m"
              memory: "128M"
          tty: true
          volumeMounts:
          - mountPath: "/home/jenkins/agent"
            name: "workspace-volume"
            readOnly: false
        - env:
          - name: "JENKINS_SECRET"
            value: "********"
          - name: "JENKINS_TUNNEL"
            value: "jenkins-agent:50000"
          - name: "JENKINS_AGENT_NAME"
            value: "pipeline-test-temp-branch-12-s4tms-g0lz4-lj9cw"
          - name: "JENKINS_NAME"
            value: "pipeline-test-temp-branch-12-s4tms-g0lz4-lj9cw"
          - name: "JENKINS_AGENT_WORKDIR"
            value: "/home/jenkins/agent"
          - name: "JENKINS_URL"
            value: "http://jenkins:8080/"
          image: "jenkins/inbound-agent:3107.v665000b_51092-5"
          name: "jnlp"
          resources:
            requests:
              memory: "256Mi"
              cpu: "100m"
          volumeMounts:
          - mountPath: "/home/jenkins/agent"
            name: "workspace-volume"
            readOnly: false
        hostNetwork: false
        nodeSelector:
          kubernetes.io/os: "linux"
        restartPolicy: "Never"
        volumes:
        - emptyDir:
            medium: ""
          name: "workspace-volume" 

      extra volumeMounts is useful when injecting ca into the agent container, many service would require a ca mounted or installed, mounting it using hostPath would be a very convenient solution.

          [JENKINS-71168] Failed to set mounts and volumeMounts of jnlp container using yaml field in podtemplate

          Jesse Glick added a comment -

          Merge of global pod templates from settings with per-build YAML from the podTemplate step is tricky and does not always do what you want. Try deleting pod templates from the cloud and fully specify the desired YAML in the project.

          Jesse Glick added a comment - Merge of global pod templates from settings with per-build YAML from the podTemplate step is tricky and does not always do what you want. Try deleting pod templates from the cloud and fully specify the desired YAML in the project.

          Leo Quote added a comment -

          This is not practical. My goal is to create a container template for  everyone. Putting the code back into the project may cause unnecessary communication costs.
          If this cannot be supported by Jenkins, maybe it’s better with Kubernetes mutation webhook.

          Leo Quote added a comment - This is not practical. My goal is to create a container template for  everyone. Putting the code back into the project may cause unnecessary communication costs. If this cannot be supported by Jenkins, maybe it’s better with Kubernetes mutation webhook.

          Jesse Glick added a comment -

          In general inheritFrom is limited. If there is system-wide configuration which should be shared across projects, one option is to use Groovy libraries to capture the details, letting per-project configuration be much simpler and higher level. Something like Kyverno is also an option of course.

          Jesse Glick added a comment - In general inheritFrom is limited. If there is system-wide configuration which should be shared across projects, one option is to use Groovy libraries to capture the details, letting per-project configuration be much simpler and higher level. Something like Kyverno is also an option of course.

            Unassigned Unassigned
            leo_quote Leo Quote
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: