SEVERE c.c.j.p.k.KubernetesCredentialProvider#startWatchingForSecrets: Failed to initialise k8s secret provider, secrets from Kubernetes will not be available java.net.SocketException: Socket closed

48 views
Skip to first unread message

Zeke Santamaria

unread,
Apr 1, 2025, 11:02:21 AMApr 1
to Jenkins Users
I'm deploying a Jenkins instance using the Jenkins Operator.
My operator doesn't deploy a jenkins instance by default and I use CRs to create the Jenkins definitions. 
My CR is very vanilla in nature, only installing the base plugins, including the Kubernetes plugin and the Kubernetes-credentials-provider plugin.
My Kubernetes is behind a proxy. Using ENV variables does not work to download the plugins, however, passing parameters to the JAVA_OPTS to start jenkins does work well.

in other words:

env:
# - name: HTTP_PROXY
# - name: HTTPS_PROXY
# value: "https://proxy.example.com:443"
# - name: https_proxy
# value: "http://proxy.example.com:443"
# - name: http_proxy
# value: "https://proxy.example.com:443"
# - name: NO_PROXY
# value: "kubernetes.default.svc,10.0.0.0/8,127.0.0.1,localhost"

the above doesn't work...

- name: JAVA_OPTS
value: -Djava.awt.headless=true 
-Djenkins.install.runSetupWizard=false 
-Dhttp.proxyHost=proxy.example.com 
-Dhttp.proxyPort=443 
-Dhttps.proxyHost=proxy.example.com 
-Dhttps.proxyPort=443 
-Dhttps.nonProxyHost=kubernetes.default.svc

the above works... HOWEVER....

the Kubernetes-credentials-provider fails to connect to the cluster where the pod is running on.
I found a post describing exactly the issue I'm experiencing here:


Unfortunately, there's not clear remediation since I don't use the ENV variables the way they did and I'm still facing the same issue. 
Any help is appreciated.

James Nord

unread,
May 1, 2025, 4:52:44 PMMay 1
to Jenkins Users
The property should be `https.nonProxyHosts` (not the trailing s)

Hopefully that helps (you may need to duplicate this as http.nonProxy... as well)

James Nord

unread,
May 1, 2025, 4:54:09 PMMay 1
to Jenkins Users
> The property should be `https.nonProxyHosts` (not the trailing s)

Sorry for any confusion. It should say note the trailing s

The property should be `https.nonProxyHosts` (note the trailing s)

Reply all
Reply to author
Forward
0 new messages