K
Q

Unable to configure kubernetes URL with kubernetes-Jenkins plugin

11/26/2018

Am new to kubernetes and trying out Jenkins kubernetes plugin. I have created a K8s cluster and namespace called jenkins-pl in AWS. Below are my Jenkins deployment and service yaml files:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: jenkins
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: jenkins
    spec:
      containers:
        - name: jenkins
          image: contactsai123/my-jenkins-image:1.0
          env:
            - name: JAVA_OPTS
              value: -Djenkins.install.runSetupWizard=false
          ports:
            - name: http-port
              containerPort: 8080
            - name: jnlp-port
              containerPort: 50000
          volumeMounts:
            - name: jenkins-home
              mountPath: /var/jenkins_home
      volumes:
        - name: jenkins-home
          emptyDir: {}

Here is my jenkins-service.yaml file

apiVersion: v1
kind: Service
metadata:
  name: jenkins
spec:
  type: LoadBalancer
  ports:
    - port: 8080
      targetPort: 8080
  selector:
    app: jenkins

Am able to launch Jenkins successfully, am unsure on what should I provide in kubernetes URL.

I gave "https://kubernetes.default.svc.cluster.local" and get the error message:

Error testing connection https://kubernetes.default.svc.cluster.local: Failure executing: GET at: https://kubernetes.default.svc.cluster.local/api/v1/namespaces/jenkins-pl/pods. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:serviceaccount:jenkins-pl:default" cannot list pods in the namespace "jenkins-pl".

I executed the command:

 $ kubectl cluster-info | grep master

and got the following output:

 https://api-selegrid-k8s-loca-m23tbb-1891259367.us-west-2.elb.amazonaws.com

I provided the above in Kubernetes URL, for which I get the similar error as before.

Not sure how to move forward?

-- Sai
amazon-web-services
jenkins
kubernetes

Similar Questions

How to setup HTTPS load balancer in kubernetes
Istio Deployments Not happening
How share template value between subchart?
Script to continuously follow kubectl get pods

1 Answer

11/26/2018

Your cluster has RBAC enabled. You have to give your deployment necessary RBAC permission to list pods.

Consider your deployment as a user who need to perform some task in your cluster. So, you have to provide it necessary permission.

At first you have to create a role. It could be ClusterRole or Role. This role define what can be done under this role. A ClusterRole give permission to do some task in cluster scope where Role give permission only in a particular namespace.

Then, you have to create a Service Account. Consider service account as a user. It is for application instead of a person.

Finally, you have to bind Role or ClusterRole to the service account through RoleBinding or ClusterRoleBinding. This actually tell that which user/service can access permissions defined under which roles.

Check this nice post to understand RBAC: Configuring permissions in Kubernetes with RBAC

Also this video might help you to understand the basics: Role Based Access Control (RBAC) with Kubernetes

-- Emruz Hossain
Source: StackOverflow