As part of a Jenkins pipeline to build and deploy an app to Google's Kubernetes service (GKE), I've created a script to carry out the following deployment to GKE:

• checkout code
• setup authentication to gcloud and
• create the deployment and service using kubectl:

Detailed steps implemented by the script are as follows:

a) Create the docker registry authentication file (.json)
b) login to the google docker registry using the authentication file
c) initialise a git repo in the current directory
d) add the remote origin in prep for code pull
e) pull the source code for the microservice container
f) Create a kubectl configurtion file and directory to authenticate to the kubernetes cluster in Gcloud
g) Create a keyfile for a Gcloud service account that needs to authenticate to the container service
h) Activate the service account
i) Get the credentials for the container cluster from Gcloud
j) Run kubectl apply to create the kubernetes services

Full, tested, script at: https://pastebin.com/sZPrQuzD

If I put this sequence of steps in a scripts on an AWS EC2 instance and run it manually it works. However,the Jenkins build step fails at the the point kubectl is invoked to run the service, with the following error:

gcloud container clusters get-credentials jenkins-cd --zone europe-west1-b --project noon-prod
Fetching cluster endpoint and auth data.
ERROR: (gcloud.container.clusters.get-credentials) ResponseError:   code=403, message=Request had insufficient authentication scopes.
Build step 'Execute shell' marked build as failure

The full error dump from the Jenkins run is as follows:

https://pastebin.com/pSWPQ5Ei

My questions:

a) How to fix this? Surely it can't be that difficult to get authentication running from Jenkins?

b) Is this the correct way to authenticate to the gcloud container service from a Jenkins system which is not on Gcloud infrastructure at all?

Many thanks in advance for any help! Traiano