K
Q

Deploy to EKS using Jenkins

1/10/2022

I am trying to deploy k8s deployment(simple pod) to EKS. I am using Jenkins 2.319.1 and all plugins up to date and using Kubernetes cd plugin. I have an error that user system:anonymous cannot patch resource "pods" in API group in the namespace default. I am not sure what is the reason? I seared a lot, but didn't solve yet. Could someone help me

Starting Kubernetes deployment
Loading configuration: /var/lib/jenkins/workspace/eks/nginx.yaml
ERROR: ERROR: io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: POST at: https://0615cdb22445853e01165ad9c054a48f.gr7.us-east-1.eks.amazonaws.com/api/v1/namespaces/default/pods. Message: Forbidden! User arn:aws:eks:us-east-1:705746146520:cluster/my-eks-last doesn't have permission. pods is forbidden: User "system:anonymous" cannot create resource "pods" in API group "" in the namespace "default".
hudson.remoting.ProxyException: io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: POST at: https://0615cdb22445853e01165ad9c054a48f.gr7.us-east-1.eks.amazonaws.com/api/v1/namespaces/default/pods. Message: Forbidden! User arn:aws:eks:us-east-1:705746146520:cluster/my-eks-last doesn't have permission. pods is forbidden: User "system:anonymous" cannot create resource "pods" in API group "" in the namespace "default".
	at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:472)
	at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:409)
	at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:381)
	at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:344)
	at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleCreate(OperationSupport.java:227)
	at io.fabric8.kubernetes.client.dsl.base.BaseOperation.handleCreate(BaseOperation.java:780)
	at io.fabric8.kubernetes.client.dsl.base.BaseOperation.create(BaseOperation.java:349)
	at com.microsoft.jenkins.kubernetes.KubernetesClientWrapper$PodUpdater.createResource(KubernetesClientWrapper.java:806)
	at com.microsoft.jenkins.kubernetes.KubernetesClientWrapper$PodUpdater.createResource(KubernetesClientWrapper.java:775)
	at com.microsoft.jenkins.kubernetes.KubernetesClientWrapper$ResourceUpdater.createOrApply(KubernetesClientWrapper.java:377)
	at com.microsoft.jenkins.kubernetes.KubernetesClientWrapper.apply(KubernetesClientWrapper.java:183)
	at com.microsoft.jenkins.kubernetes.command.DeploymentCommand$DeploymentTask.doCall(DeploymentCommand.java:168)
	at com.microsoft.jenkins.kubernetes.command.DeploymentCommand$DeploymentTask.call(DeploymentCommand.java:122)
	at com.microsoft.jenkins.kubernetes.command.DeploymentCommand$DeploymentTask.call(DeploymentCommand.java:105)
	at hudson.FilePath.act(FilePath.java:1259)
	at com.microsoft.jenkins.kubernetes.command.DeploymentCommand.execute(DeploymentCommand.java:67)
	at com.microsoft.jenkins.kubernetes.command.DeploymentCommand.execute(DeploymentCommand.java:46)
	at com.microsoft.jenkins.azurecommons.command.CommandService.runCommand(CommandService.java:88)
	at com.microsoft.jenkins.azurecommons.command.CommandService.execute(CommandService.java:96)
	at com.microsoft.jenkins.azurecommons.command.CommandService.executeCommands(CommandService.java:75)
	at com.microsoft.jenkins.azurecommons.command.BaseCommandContext.executeCommands(BaseCommandContext.java:77)
	at com.microsoft.jenkins.kubernetes.KubernetesDeploy.perform(KubernetesDeploy.java:42)
	at com.microsoft.jenkins.azurecommons.command.SimpleBuildStepExecution.run(SimpleBuildStepExecution.java:54)
	at com.microsoft.jenkins.azurecommons.command.SimpleBuildStepExecution.run(SimpleBuildStepExecution.java:35)
	at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
-- Nur
amazon-eks
jenkins
kubernetes

Similar Questions

Kubernetes postgres PVC data
How do I make one kubernetes service talking to other kubernetes service?
Kubernetes with flannel: CNI config uninitialized
What is the use of a pause image in Kubernetes?
Unable to run kubectl command on MacOS

1 Answer

1/11/2022

...POST at: https://0615cdb22445853e01165ad9c054a48f.gr7.us-east-1.eks.amazonaws.com/api/v1/namespaces/default/pods...

You didn't setup the plugin credential correctly, as a result your job is making direct call to the cluster endpoint WITHOUT authenticate with the cluster. Typically, you need to run your job using an IAM user who has access to the cluster, and you set this up using secret file (actually it's the kubeconfig file).

-- gohm'c
Source: StackOverflow