I have an existing Google Kubernetes Engine cluster where I want to deploy a Jenkins server.
GKE offers a marketplace with a click to deploy Jenkins image that I wanted to use but when I try to select my cluster it is marked as ineligible cluster with the message insufficient Oauth scope.
How can I work around this?
You get this error because of the node pool if your cluster doesn't have the right scopes to deploy the Jenkins server, Unfortunately you cannot stop the nodes to change their scopes, the IG will recreate these nodes with the old scopes.
To get around this problem you need to create another pool with the right scopes:
--scopes=https://www.googleapis.com/auth/cloud-platformFirst create a new node pool:
gcloud container node-pools create adjust-node-scope \
--cluster <YOUR_CLUSTER_NAME> --zone <YOUR_ZONE> \
--num-nodes 3 \
--scopes=https://www.googleapis.com/auth/cloud-platformSecond drain the old node pool:
kubectl cordon <NODE_NAME> #This will prevent new pods from being scheduled onto them
kubectl drain <NODE_NAME> --force #This will delete all the pods on that node.Third delete the old node pool:
gcloud container node-pools delete default-pool \
--cluster <YOUR_CLUSTER_NAME> --zone <YOUR_ZONE>Then deploy your Jenkins server after. Another workaround but not safe is to create a new instance template almost the same that your cluster is using with the new scopes you can as well setup full API access. then in IG roll a new update and select the new instances template.