Insufficient Oauth scope when trying to deploy Jenkins click to deploy on an existing Google Kubernetes Engine cluster

8/8/2018

I have an existing Google Kubernetes Engine cluster where I want to deploy a Jenkins server.

GKE offers a marketplace with a click to deploy Jenkins image that I wanted to use but when I try to select my cluster it is marked as ineligible cluster with the message insufficient Oauth scope.

How can I work around this?

-- codependent
google-cloud-platform
google-kubernetes-engine
jenkins
kubernetes

1 Answer

8/13/2018

You get this error because of the node pool if your cluster doesn't have the right scopes to deploy the Jenkins server, Unfortunately you cannot stop the nodes to change their scopes, the IG will recreate these nodes with the old scopes.

To get around this problem you need to create another pool with the right scopes:

--scopes=https://www.googleapis.com/auth/cloud-platform

First create a new node pool:

gcloud container node-pools create adjust-node-scope \
   --cluster <YOUR_CLUSTER_NAME> --zone <YOUR_ZONE> \
   --num-nodes 3 \
   --scopes=https://www.googleapis.com/auth/cloud-platform

Second drain the old node pool:

kubectl cordon <NODE_NAME> #This will prevent new pods from being scheduled onto them
kubectl drain <NODE_NAME> --force #This will delete all the pods on that node.

Third delete the old node pool:

gcloud container node-pools delete default-pool \
   --cluster <YOUR_CLUSTER_NAME> --zone <YOUR_ZONE>

Then deploy your Jenkins server after. Another workaround but not safe is to create a new instance template almost the same that your cluster is using with the new scopes you can as well setup full API access. then in IG roll a new update and select the new instances template.

-- Alioua
Source: StackOverflow