Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-76157

Kubernetes auto-configuration not used when Kubernetes URL provided

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • kubernetes-plugin
    • None
    • kubernetes:4355.v37e9e7c240e6

      This is a regression since Kubernetes 4355.v37e9e7c240e6 and more specifically since the jump from Kubernetes API Client past 6.13.2.

      Before this version, a user could configure a Kubernetes local endpoint such as https://kubernetes.default.svc.cluster.local/ and leave everything else empty. The Kubernetes Client would auto configure itself based on the environment in that case.

      Since version 6.13.2 onward, the client does not autoconfigure itself anymore. This is a changed of behavior and rather unexpected per the comment at https://github.com/jenkinsci/kubernetes-plugin/blob/4371.vb_33b_086d54a_1/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesFactoryAdapter.java#L178:

      Using Config.empty() disables autoconfiguration when both serviceAddress and auth are set

      How to Reproduce

      • Spin up Jenkins in Kubernetes in a namespace other than default
      • Configure a Kubernetes Cloud and set the Kubernetes URL to https://kubernetes.default.svc.cluster.local/
      • Try to provision a Kubernetes agent using the cloud
        --> The cloud tries to provision the agent in the default namespace. In general the controller does not have permissions there and the provisioning fails with:
      io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://kubernetes.default.svc.cluster.local/api/v1/namespaces/default/pods?labelSelector=jenkins%3Dslave%2Ckubernetes.jenkins.io%2Fcontroller%3Dhttp___jenkins_jenkins_svc_cluster_local_jenkinsx&resourceVersion=0. Message: pods is forbidden: User "system:serviceaccount:jenkins:jenkins" cannot list resource "pods" in API group "" in the namespace "default". Received status: Status(apiVersion=v1, code=403, details=StatusDetails(causes=[], group=null, kind=pods, name=null, retryAfterSeconds=null, uid=null, additionalProperties={}), kind=Status, message=pods is forbidden: User "system:serviceaccount:jenkins:jenkins" cannot list resource "pods" in API group "" in the namespace "default", metadata=ListMeta(_continue=null, remainingItemCount=null, resourceVersion=null, selfLink=null, additionalProperties={}), reason=Forbidden, status=Failure, additionalProperties={}).

      Note

      Changed of behavior since https://github.com/fabric8io/kubernetes-client/blob/main/CHANGELOG.md#6132-2024-08-09

            allan_burdajewicz Allan BURDAJEWICZ
            allan_burdajewicz Allan BURDAJEWICZ
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: