Kubernetes Plugin - How to configure service account when master is not deployed in K8S?

155 views
Skip to first unread message

andret...@gmail.com

unread,
Dec 11, 2018, 10:49:26 AM12/11/18
to Jenkins Users
Hello all,

I'm having issues with the Kubernetes Plugin: https://github.com/jenkinsci/kubernetes-plugin

I configured it successfully with Minikube, but once I moved to a real cluster, I couldn't make it work. The plugin documentation assumes we are deploying the Jenkins master in the same K8S cluster, which is not my case. Jenkins is on another environment, not even in K8S.

I created a service account for the namespace I am trying to use. I can do a CURL and use the header "Authorization: Bearer TOKEN". It works correctly, so the K8S namespace is ok. But I can't get it to work with Jenkins.

Which type of credential should I use? I tried basically every credential, including secret text, but I cannot get a successful connection. I always receive a:

Error testing connection https://<endpoint_was_replaced>: Failure executing: GET at:  https://<endpoint_was_replaced>/api/v1/namespaces/team-release-management-automation-hackathon/pods. Message: Unauthorized. Received status: Status(apiVersion=v1, code=401, details=null, kind=Status, message=Unauthorized, metadata=ListMeta(_continue=null, resourceVersion=null, selfLink=null, additionalProperties={}), reason=Unauthorized, status=Failure, additionalProperties={}).

How can I use a service account and authenticate using a token?

Thank you very much.

Carlos Sanchez

unread,
Dec 11, 2018, 10:55:11 AM12/11/18
to jenkins...@googlegroups.com
secret text it is

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/790b111c-5f60-4317-8628-18ef1b6fcf19%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

andret...@gmail.com

unread,
Dec 11, 2018, 10:58:35 AM12/11/18
to Jenkins Users
Hi Carlos,

Thank you for your response. Could you elaborate a bit more, like giving me an example?

Like I said before, I couldn't get it to work. I just pasted the token after base64 decoding it. I receive a 401 while doing a curl with the same token value works properly.

Thank you very much for your fast response.

Regards

Carlos Sanchez

unread,
Dec 14, 2018, 6:39:21 AM12/14/18
to jenkins...@googlegroups.com
That sounds right. Do you have the right permissions in that service account? List pods at least

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/57f90dec-e266-46f3-aa13-dacefc59c7ed%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages