K
Q

HELM install of Jenkins fails to connect to cluster

5/6/2020

I am using the latest HELM stable/jenkins charts installed on my single node cluster for testing.

  1. Install NFS provisioner.
helm repo add stable https://kubernetes-charts.storage.googleapis.com
helm install nfs-client-provisioner stable/nfs-client-provisioner --version 1.2.8 --set nfs.server=*** --set nfs.path=/k8snfs --set storageClass.name=nfs --wait
  1. Install stable/jenkins. Only custom values were serviceType and storageClass.
helm install jenkins stable/jenkins -f newJenkins.values -n jenkins

The newJenkins.values has the following.

master:
  adminPassword: admin
  serviceType: NodePort
  initContainerEnv:
    - name: http_proxy
      value: "http://***:80"
    - name: https_proxy
      value: "http://***:80"
    - name: no_proxy
      value: "***"
  containerEnv:
    - name: http_proxy
      value: "http://***:80"
    - name: https_proxy
      value: "http://***:80"
    - name: no_proxy
      value: "***"
  javaOpts: >-
    -Dhttp.proxyHost=***
    -Dhttp.proxyPort=80
    -Dhttps.proxyHost=***
    -Dhttps.proxyPort=80
persistence:
  storageClass: nfs
  1. Login to Jenkins and Create Jenkins credential of "Kubernetes Service Account".
  2. Under "Configure Clouds", I leave all defaults and press "Test Connection". Test fails.
  3. In the credentials dropdown, I chose 'secret-text' and pressed button again. Still fail.

The error reported was.

Error testing connection https://kubernetes.default: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

When I check in the pod logs, the only error I see it the following.

2020-05-06 01:35:13.173+0000 [id=19]    INFO    o.c.j.p.k.KubernetesClientProvider$SaveableListenerImpl#onChange: Invalidating Kubernetes client: kubernetes null

I've been googling for a while and many sites mention service account settings, but nothing works.

$ kubectl version --short
Client Version: v1.12.7+1.2.3.el7
Server Version: v1.12.7+1.2.3.el7
$ helm version --short
v3.1.0+gb29d20b

Is there another step?

-- Greg
jenkins
kubernetes
kubernetes-helm

Similar Questions

Python executes the kompose command and the kubectl command
Openshift: How many pods my springboot app need?
How do I scale Kafka Streams app running on kubernetes
UWSGI send logs to multiple locations

1 Answer

5/7/2020

That error is a common error message reported by the Java Virtual Machine. This is caused when the Java environment does not have information about the HTTPS server to verify that it is a valid website. Sometimes the certificate is provided by an internal Root CA or is a Self-Signed Certificate. This sometimes can confuse the JVM as it is not one of the ones on the Java “trusted” list who can provide these certificates.

Try to add your Java Options in values.yaml file should look like this:

  javaOpts: >-
    -Dhttp.proxyHost=***
    -Dhttp.proxyPort=80
    -Dhttps.proxyHost=***
    -Dhttps.proxyPort=80
    -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacert 
    -Djavax.net.ssl.trustStorePassword=changeit

Please take a look: certification-path-jenkins, adding-ca-cert, adding-path-certs.

-- MaggieO
Source: StackOverflow