jnlp kubernetes slave agent issue

11/3/2020

Hi I have been trying to investigate why a jnlp k8s agent hangs in offline and saw the below errors in master Jenkins:

WARNING: Error in provisioning; agent=KubernetesSlave name: k8s-inbound-agent-36bxc, template=PodTemplate{id='53e3acbf-d96b-4ec7-bc87-de4e200d98e5'inheritFrom='', name='k8s-inbound-agent', namespace='jenkins', hostNetwork=false, instanceCap=40, idleMinutes=10, activeDeadlineSeconds=120, label='k8s-agent', serviceAccount='jenkins', nodeSelector='', nodeUsageMode=EXCLUSIVE, workspaceVolume=EmptyDirWorkspaceVolume [memory=false], volumes=[HostPathVolume [mountPath=/var/run/docker.sock, hostPath=/var/run/docker.sock], EmptyDirVolume [mountPath=/opt/jenkins, memory=false], EmptyDirVolume [mountPath=/home/jenkins/.ssh, memory=false], HostPathVolume [mountPath=/tmp/jenkins-agent, hostPath=/tmp/jenkins-agent]], containers=[ContainerTemplate{name='inbound-agent', image='hmctspublic.azurecr.io/jenkins/build-agent:db6hu6', workingDir='/home/jenkins/agent', command='/tini --', args='/bin/sh -c cat', ttyEnabled=true, resourceRequestCpu='2000m', resourceRequestMemory='4Gi', resourceLimitCpu='4000m', resourceLimitMemory='12Gi', livenessProbe=org.csanchez.jenkins.plugins.kubernetes.ContainerLivenessProbe@5a6d394c}, ContainerTemplate{name='jnlp', image='hmctspublic.azurecr.io/jenkins/minimal-agent:db6hu6', workingDir='/home/jenkins/agent', command='/bin/sh -c', args='cat', resourceRequestCpu='1000m', resourceRequestMemory='1Gi', resourceLimitCpu='2000m', resourceLimitMemory='6Gi', livenessProbe=org.csanchez.jenkins.plugins.kubernetes.ContainerLivenessProbe@7919636d}]}
java.lang.IllegalStateException: Pod has terminated containers: jenkins/k8s-inbound-agent-36bxc (jnlp)
	at org.csanchez.jenkins.plugins.kubernetes.AllContainersRunningPodWatcher.periodicAwait(AllContainersRunningPodWatcher.java:133)
	at org.csanchez.jenkins.plugins.kubernetes.AllContainersRunningPodWatcher.periodicAwait(AllContainersRunningPodWatcher.java:154)
	at org.csanchez.jenkins.plugins.kubernetes.AllContainersRunningPodWatcher.await(AllContainersRunningPodWatcher.java:94)
	at org.csanchez.jenkins.plugins.kubernetes.KubernetesLauncher.launch(KubernetesLauncher.java:156)
	at hudson.slaves.SlaveComputer.lambda$_connect$0(SlaveComputer.java:294)
	at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)
	at jenkins.security.ImpersonatingExecutorService$2.call(ImpersonatingExecutorService.java:71)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:834)

Nov 03, 2020 2:22:00 PM org.csanchez.jenkins.plugins.kubernetes.KubernetesSlave _terminate
INFO: Terminating Kubernetes instance for agent k8s-inbound-agent-36bxc
Nov 03, 2020 2:22:00 PM org.csanchez.jenkins.plugins.kubernetes.KubernetesSlave deleteSlavePod

Any reasons for the error above ?

-- Avi
jenkins
jenkins-kubernetes
jnlp
kubernetes

1 Answer

11/4/2020

Go to http://your_server/configureSecurity/ and chose "random" option for "Agents:TCP port for JNLP agents" That might help.

jenkins JNLP tcp port docs

Jenkins can use a TCP port to communicate with inbound (formerly known as “JNLP”) agents, such as Windows-based agents. As of Jenkins 2.0, by default this port is disabled.

For administrators wishing to use inbound TCP agents, the two port options are:

1. Random: The TCP port is chosen at random to avoid collisions on the Jenkins master. The downside to randomized ports is that they are chosen during the boot of the Jenkins controller, making it difficult to manage firewall rules allowing TCP traffic.

2. Fixed: The port is chosen by the Jenkins administrator and is consistent across reboots of the Jenkins controller. This makes it easier to manage firewall rules allowing TCP-based agents to connect to the controller.

As of Jenkins 2.217, inbound agents may instead be configured to use WebSocket transport to connect to Jenkins. In this case no extra TCP port need be enabled and no special security configuration is needed.

Related questions: 1. Jenkins Kubernetes plugin failing to provision jnlp-slave pods

  1. Kubernetes - Jenkins slaves are offline
-- Vit
Source: StackOverflow