Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-71507

Failed to initialize Kubernetes secret provider

      Failed to initialize Kubernetes secret provider

      java.nio.file.AccessDeniedException: /root/.minikube/ca.crt at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90) at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106) at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:218) at java.base/java.nio.file.Files.newByteChannel(Files.java:380) at java.base/java.nio.file.Files.newByteChannel(Files.java:432) at java.base/java.nio.file.Files.readAllBytes(Files.java:3288) at io.fabric8.kubernetes.client.internal.CertUtils.getInputStreamFromDataOrFile(CertUtils.java:69) at io.fabric8.kubernetes.client.internal.CertUtils.createTrustStore(CertUtils.java:76) at io.fabric8.kubernetes.client.internal.SSLUtils.trustManagers(SSLUtils.java:149) at io.fabric8.kubernetes.client.internal.SSLUtils.trustManagers(SSLUtils.java:97) at io.fabric8.kubernetes.client.utils.HttpClientUtils.applyCommonConfiguration(HttpClientUtils.java:213) Caused: io.fabric8.kubernetes.client.KubernetesClientException: An error has occurred. at io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:129) at io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:122) at io.fabric8.kubernetes.client.utils.HttpClientUtils.applyCommonConfiguration(HttpClientUtils.java:223) at io.fabric8.kubernetes.client.okhttp.OkHttpClientFactory.newBuilder(OkHttpClientFactory.java:86) at io.fabric8.kubernetes.client.okhttp.OkHttpClientFactory.newBuilder(OkHttpClientFactory.java:30) at io.fabric8.kubernetes.client.KubernetesClientBuilder.getHttpClient(KubernetesClientBuilder.java:88) at io.fabric8.kubernetes.client.KubernetesClientBuilder.build(KubernetesClientBuilder.java:78) at com.cloudbees.jenkins.plugins.kubernetes_credentials_provider.KubernetesCredentialProvider.getKubernetesClient(KubernetesCredentialProvider.java:102) at com.cloudbees.jenkins.plugins.kubernetes_credentials_provider.KubernetesCredentialProvider.startWatchingForSecrets(KubernetesCredentialProvider.java:115) at com.cloudbees.jenkins.plugins.kubernetes_credentials_provider.KubernetesCredentialProvider$1.doRun(KubernetesCredentialProvider.java:171) at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:94) at jenkins.security.ImpersonatingScheduledExecutorService$1.run(ImpersonatingScheduledExecutorService.java:69) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:833)

          [JENKINS-71507] Failed to initialize Kubernetes secret provider

          aldo added a comment - - edited

          Thank you for providing such insightful knowledge. Your webpage is fantastic. It's amazing how much information there on your website. I had a great time reading your content and found it to be really beneficial. Please join me in playing cat mario if you have some free time. 

          aldo added a comment - - edited Thank you for providing such insightful knowledge. Your webpage is fantastic. It's amazing how much information there on your website. I had a great time reading your content and found it to be really beneficial. Please join me in playing cat mario if you have some free time. 

          Farid added a comment - - edited

          thank you for the your comment aldojackson . appreciate that. In Manage Jenkins on manage node Kubernetes. It can connect to the minikube but the problem still there when I restart the Jenkins.  heres the attachment

          Farid added a comment - - edited thank you for the your comment aldojackson . appreciate that. In Manage Jenkins on manage node Kubernetes. It can connect to the minikube but the problem still there when I restart the Jenkins.  heres the attachment

          James Nord added a comment - - edited

          75% guess your k8s config file is pointing at the ca cert in `/root/.minikube/ca.crt` and the user that Jenkins is running as has no access to that file.

          either way - for whatever reason we need read access to that file - I can not see how this is a bug in the `k8s-credential-provider` - possibly in the fabric8 library we use - but I doubt that.

          Check your environment is sane, ask on the minikube mailing list.

          Also - why are you using SystemD to start Jenkins in a container? - This seems like madness!

          James Nord added a comment - - edited 75% guess your k8s config file is pointing at the ca cert in `/root/.minikube/ca.crt` and the user that Jenkins is running as has no access to that file. either way - for whatever reason we need read access to that file - I can not see how this is a bug in the `k8s-credential-provider` - possibly in the fabric8 library we use - but I doubt that. Check your environment is sane, ask on the minikube mailing list. Also - why are you using SystemD to start Jenkins in a container? - This seems like madness!

            teilo James Nord
            mrfarid Farid
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: