Kubernetes - Jenkins plugin - forbidden: User "system:anonymous" cannot list resource "pods" in API group
I'm trying to connect Jenkins to a fresh K8S cluster via (Kubernetes plugin), however, I'm seeing the following error when I attempt to test.
Then I have tried to add a secret file to Jenkins credentials of my ~/.kube/config I'm seeing this error.
k8s version is 1.15.4 and Jenkins 2.190.1
Any ideas?
Similar Questions
2 Answers
Jenkins has either not created its ServiceAccount or ClusterRoleBinding with permissions to access the kubernetes api. That is why you are seeing it cannot list the pod resources. Have you deployed jenkins using helm chart? If this is correct, then is your tiller service account correctly setup?
You need to use "Secret text" type of credentials with service account token. Create service account as Rodrigo Loza mentioned. Example creates namespace jenkins and service account with admin rights in it:
kubectl create namespace jenkins && kubectl create serviceaccount jenkins --namespace=jenkins && kubectl describe secret $(kubectl describe serviceaccount jenkins --namespace=jenkins | grep Token | awk '{print $2}') --namespace=jenkins && kubectl create rolebinding jenkins-admin-binding --clusterrole=admin --serviceaccount=jenkins:jenkins --namespace=jenkins