-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Major
-
Component/s: kubernetes-plugin
After upgrading to the version Jenkins 2.462.1 pods in k8s have stopped connecting
Pods os ubuntu22
Picked up _JAVA_OPTIONS: -XX:-UsePerfDataSep WARNING: The "-jnlpUrl" argument is deprecated. Use "-url" and "-name" instead, potentially also passing in "-webSocket", "-tunnel", and/or work directory options as needed. 02, 2024 12:44:07 PM hudson.remoting.Launcher createEngineINFO: Setting up agent: job-name-11-8p1xh-2ph6sSep 02, 2024 12:44:07 PM hudson.remoting.Engine startEngineINFO: Using Remoting version: 3248.3250.v3277a_8e88c9b_Sep 02, 2024 12:44:07 PM hudson.remoting.Engine startEngineWARNING: No Working Directory. Using the legacy JAR Cache location: /home/jenkins/.jenkins/cache/jarsSep 02, 2024 12:44:08 PM hudson.remoting.Launcher$CuiListener statusINFO: Locating server among [https://jenkins-xxx.com/]Sep 02, 2024 12:44:09 PM org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver resolveINFO: Remoting server accepts the following protocols: [JNLP4-connect, Ping]Sep 02, 2024 12:44:09 PM org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver resolveINFO: Remoting TCP connection tunneling is enabled. Skipping the TCP Agent Listener Port availability checkSep 02, 2024 12:44:09 PM hudson.remoting.Launcher$CuiListener statusINFO: Agent discovery successful Agent address: jenkins-xxx.com Agent port: 50000 Identity: df:1d:61:39:1d:bc:f9:db:97:a7:c7:ed:ee:d7:b5:19Sep 02, 2024 12:44:09 PM hudson.remoting.Launcher$CuiListener statusINFO: HandshakingSep 02, 2024 12:44:09 PM hudson.remoting.Launcher$CuiListener statusINFO: Connecting to jenkins-xxx.com:50000Sep 02, 2024 12:44:09 PM hudson.remoting.Launcher$CuiListener statusINFO: Server reports protocol JNLP4-connect-proxy not supported, skippingSep 02, 2024 12:44:09 PM hudson.remoting.Launcher$CuiListener statusINFO: Trying protocol: JNLP4-connectSep 02, 2024 12:44:09 PM org.jenkinsci.remoting.protocol.impl.BIONetworkLayer$Reader runINFO: Waiting for ProtocolStack to start.Sep 02, 2024 12:44:09 PM org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer onRecvSEVERE: [JNLP4-connect connection to jenkins-xxx.com/hide_ip:50000] javax.net.ssl.SSLHandshakeException: Public key of the first certificate in chain (subject: C=US, OU=jenkins.io, O=instances, CN=36d8c2e4c768f70758506cb3496a7887) is not in the list of trusted keys at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:360) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:303) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:298) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1076) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1063) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1010) at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.processRead(SSLEngineFilterLayer.java:378) at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.onRecv(SSLEngineFilterLayer.java:119) at org.jenkinsci.remoting.protocol.ProtocolStack$Ptr.onRecv(ProtocolStack.java:677) at org.jenkinsci.remoting.protocol.impl.AckFilterLayer.onRecv(AckFilterLayer.java:256) at org.jenkinsci.remoting.protocol.ProtocolStack$Ptr.onRecv(ProtocolStack.java:677) at org.jenkinsci.remoting.protocol.NetworkLayer.onRead(NetworkLayer.java:137) at org.jenkinsci.remoting.protocol.impl.BIONetworkLayer.access$1400(BIONetworkLayer.java:51) at org.jenkinsci.remoting.protocol.impl.BIONetworkLayer$Reader.run(BIONetworkLayer.java:293) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:140) at java.base/java.lang.Thread.run(Thread.java:829)Caused by: java.security.cert.CertificateException: Public key of the first certificate in chain (subject: C=US, OU=jenkins.io, O=instances, CN=36d8c2e4c768f70758506cb3496a7887) is not in the list of trusted keys at org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager.checkPublicKey(PublicKeyMatchingX509ExtendedTrustManager.java:216) at org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager.checkServerTrusted(PublicKeyMatchingX509ExtendedTrustManager.java:262) at org.jenkinsci.remoting.protocol.cert.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:147) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ... 20 more Sep 02, 2024 12:44:09 PM hudson.remoting.Launcher$CuiListener statusINFO: Protocol JNLP4-connect encountered an unexpected exceptionjava.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: Public key of the first certificate in chain (subject: C=US, OU=jenkins.io, O=instances, CN=36d8c2e4c768f70758506cb3496a7887) is not in the list of trusted keys at org.jenkinsci.remoting.util.SettableFuture.get(SettableFuture.java:223) at hudson.remoting.Engine.innerRun(Engine.java:890) at hudson.remoting.Engine.run(Engine.java:574)Caused by: javax.net.ssl.SSLHandshakeException: Public key of the first certificate in chain (subject: C=US, OU=jenkins.io, O=instances, CN=36d8c2e4c768f70758506cb3496a7887) is not in the list of trusted keys at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:360) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:303) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:298) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1076) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1063) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1010) at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.processRead(SSLEngineFilterLayer.java:378) at org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.onRecv(SSLEngineFilterLayer.java:119) at org.jenkinsci.remoting.protocol.ProtocolStack$Ptr.onRecv(ProtocolStack.java:677) at org.jenkinsci.remoting.protocol.impl.AckFilterLayer.onRecv(AckFilterLayer.java:256) at org.jenkinsci.remoting.protocol.ProtocolStack$Ptr.onRecv(ProtocolStack.java:677) at org.jenkinsci.remoting.protocol.NetworkLayer.onRead(NetworkLayer.java:137) at org.jenkinsci.remoting.protocol.impl.BIONetworkLayer.access$1400(BIONetworkLayer.java:51) at org.jenkinsci.remoting.protocol.impl.BIONetworkLayer$Reader.run(BIONetworkLayer.java:293) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:140) at java.base/java.lang.Thread.run(Thread.java:829)Caused by: java.security.cert.CertificateException: Public key of the first certificate in chain (subject: C=US, OU=jenkins.io, O=instances, CN=36d8c2e4c768f70758506cb3496a7887) is not in the list of trusted keys at org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager.checkPublicKey(PublicKeyMatchingX509ExtendedTrustManager.java:216) at org.jenkinsci.remoting.protocol.cert.PublicKeyMatchingX509ExtendedTrustManager.checkServerTrusted(PublicKeyMatchingX509ExtendedTrustManager.java:262) at org.jenkinsci.remoting.protocol.cert.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:147) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ... 20 more Sep 02, 2024 12:44:09 PM hudson.remoting.Launcher$CuiListener statusINFO: reconnect rejected, sleeping 10s: java.lang.Exception: The server rejected the connection: None of the protocols were accepted at hudson.remoting.Engine.onConnectionRejected(Engine.java:969) at hudson.remoting.Engine.innerRun(Engine.java:916) at hudson.remoting.Engine.run(Engine.java:574)
Why did we start checking ssl for the jenkins tunnel.
I analyzed a little bit that the connection via websocket works correctly
Kubernetes plugin
Version: 4285.v50ed5f624918
I have a running Jenkins version 2.440.1 аnd I don't see any such problems there.
Picked up _JAVA_OPTIONS: -XX:-UsePerfDataWARNING: The "-jnlpUrl" argument is deprecated. Use "-url" and "-name" instead, potentially also passing in "-webSocket", "-tunnel", and/or work directory options as needed.Sep 02, 2024 12:33:11 PM hudson.remoting.Launcher createEngineINFO: Setting up agent: job-name-fdwtdSep 02, 2024 12:33:11 PM hudson.remoting.Engine startEngineINFO: Using Remoting version: 3206.vb_15dcf73f6a_9Sep 02, 2024 12:33:11 PM org.jenkinsci.remoting.engine.WorkDirManager initializeWorkDirINFO: Using /home/jenkins/agent/remoting as a remoting work directorySep 02, 2024 12:33:11 PM org.jenkinsci.remoting.engine.WorkDirManager setupLoggingINFO: Both error and output logs will be printed to /home/jenkins/agent/remotingSep 02, 2024 12:33:11 PM hudson.remoting.Launcher$CuiListener statusINFO: Locating server among [https://jenkins-xxx.com/]Sep 02, 2024 12:33:11 PM org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver resolveINFO: Remoting server accepts the following protocols: [JNLP4-connect, Ping]Sep 02, 2024 12:33:11 PM org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver resolveINFO: Remoting TCP connection tunneling is enabled. Skipping the TCP Agent Listener Port availability checkSep 02, 2024 12:33:11 PM hudson.remoting.Launcher$CuiListener statusINFO: Agent discovery successful Agent address: jenkins-xxx.com Agent port:   50000 Identity:    19:ba:eb:ac:c0:2c:66:b8:0b:79:ff:c0:26:7b:2a:05Sep 02, 2024 12:33:11 PM hudson.remoting.Launcher$CuiListener statusINFO: HandshakingSep 02, 2024 12:33:11 PM hudson.remoting.Launcher$CuiListener statusINFO: Connecting to jenkins-xxx.com:50000Sep 02, 2024 12:33:11 PM hudson.remoting.Launcher$CuiListener statusINFO: Server reports protocol JNLP4-connect-proxy not supported, skippingSep 02, 2024 12:33:11 PM hudson.remoting.Launcher$CuiListener statusINFO: Trying protocol: JNLP4-connectSep 02, 2024 12:33:11 PM org.jenkinsci.remoting.protocol.impl.BIONetworkLayer$Reader runINFO: Waiting for ProtocolStack to start.Sep 02, 2024 12:33:11 PM hudson.remoting.Launcher$CuiListener statusINFO: Remote identity confirmed: 19:ba:eb:ac:c0:2c:66:b8:0b:79:ff:c0:26:7b:2a:05Sep 02, 2024 12:33:11 PM hudson.remoting.Launcher$CuiListener statusINFO: Connected
Kubernetes plugin
Version: 4144.vfd176ec18694
Â
Â
