Deploying jenkins into an existing kubernetes cluster fails dues to "Insufficient oath scopes"

9/21/2018

So am trying to deploy Jenkins into my existing k8s cluster, but then am getting this notification (insufficient OAuth scopes). what scope am I missing on my service account? storage admin and project owner scopes are already assigned to the given service account am using for this project

-- Dawei
google-cloud-platform
google-kubernetes-engine
google-oauth
jenkins
kubernetes

2 Answers

9/21/2018

This is a GCP issue.

Make sure that the user you are using to launch the service has Owner or Compute Admin privileges on your GCP project.

gcp

-- Rico
Source: StackOverflow

9/24/2018

By default Node pool are created with the following scopes which does not include the right scope:

"nodePools": [ { "name": "default-pool", "config": { "oauthScopes": [ "https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring", "https://www.googleapis.com/auth/servicecontrol", "https://www.googleapis.com/auth/service.management.readonly", "https://www.googleapis.com/auth/trace.append" ],

To fix the error:

If this is a GKE test Cluster, just recreate it with the right scope. You can create a new node pool with the required scopes and then migrate your workloads over to the new node pool. right scope

If you are using gcloud, add this scope:

--scopes=https://www.googleapis.com/auth/cloud-platform

If you decide to recreate the Node Pool, remember to drain and delete the old Node Pool afterwards. I think the following post will be helpful as it related to your case.

-- arp-sunny.
Source: StackOverflow