K
Q

kubectl apply Error from server (Forbidden) Authentication required - Jenkins

1/3/2020

I installed Jenkins on Windows 10, minikube cluster is Virtual Box VM

On minikube cluster i created service account using this yaml:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: jenkins
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/log"]
  verbs: ["get","list","watch"]
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: jenkins
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: jenkins
subjects:
- kind: ServiceAccount
  name: jenkins

List sa:

kubectl get sa
NAME      SECRETS   AGE
default   1         128m
jenkins   1         99m

kubectl describe sa jenkins
Name:                jenkins
Namespace:           default
Labels:              <none>
Annotations:         kubectl.kubernetes.io/last-applied-configuration:
                       {"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"name":"jenkins","namespace":"default"}}
Image pull secrets:  <none>
Mountable secrets:   jenkins-token-rk2mg
Tokens:              jenkins-token-rk2mg
Events:              <none>

I used token from that account and configured Kubernetes plugin on Jenkins, connection is sucessfull

enter image description here

In Jenkins file i added stage to get kubectl version:

stage('Check kubectl version') {
         steps {
                 sh 'kubectl version'
          }
      }

And i'm getting:

+ kubectl version
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2019-12-07T21:20:10Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"windows/amd64"}
Error from server (Forbidden): <html><head><meta http-equiv='refresh' content='1;url=/login?from=%2Fversion%3Ftimeout%3D32s'/><script>window.location.replace('/login?from=%2Fversion%3Ftimeout%3D32s');</script></head><body style='background-color:white; color:white;'>


    Authentication required
    <!--
    You are authenticated as: anonymous
    Groups that you are in:

    Permission you need to have (but didn't): hudson.model.Hudson.Read
     ... which is implied by: hudson.security.Permission.GenericRead
     ... which is implied by: hudson.model.Hudson.Administer
    -->
-- overflowed
jenkins
kubectl
kubernetes
minikube

Similar Questions

Restrictions on selective kubernetes namespaces for non admins
Helm debug unknown field
kubelet.service: Unit entered failed state in not ready state node error from kubernetes cluster
Logging with istio

1 Answer

1/3/2020

You are authenticated as: anonymous

You must authenticate as the ServiceAccount jenkins that you created for Jenkins.

Use withCredentials in your Jenkinsfile step/stage and load the token that belongs to the ServiceAccount for jenkins. You must first identify the secret with the token that belongs to your generated ServiceAccount.

When using the kubectl command, specify that you want to authenticate with your token and possibly a server hostname for the ApiServer.

E.g. something like this:

kubectl apply -f <diretory-or-file> --token $TOKEN_FROM_WITH_CREDENTIALS --server apiserver.hostname.local
-- Jonas
Source: StackOverflow