Unable to configure kubernetes URL with kubernetes-Jenkins plugin












0















Am new to kubernetes and trying out Jenkins kubernetes plugin. I have created a K8s cluster and namespace called jenkins-pl in AWS. Below are my Jenkins deployment and service yaml files:



apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: jenkins
spec:
replicas: 1
template:
metadata:
labels:
app: jenkins
spec:
containers:
- name: jenkins
image: contactsai123/my-jenkins-image:1.0
env:
- name: JAVA_OPTS
value: -Djenkins.install.runSetupWizard=false
ports:
- name: http-port
containerPort: 8080
- name: jnlp-port
containerPort: 50000
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
volumes:
- name: jenkins-home
emptyDir: {}


Here is my jenkins-service.yaml file



apiVersion: v1
kind: Service
metadata:
name: jenkins
spec:
type: LoadBalancer
ports:
- port: 8080
targetPort: 8080
selector:
app: jenkins


Am able to launch Jenkins successfully, am unsure on what should I provide in kubernetes URL.



I gave "https://kubernetes.default.svc.cluster.local" and get the error message:



Error testing connection https://kubernetes.default.svc.cluster.local: Failure executing: GET at: https://kubernetes.default.svc.cluster.local/api/v1/namespaces/jenkins-pl/pods. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:serviceaccount:jenkins-pl:default" cannot list pods in the namespace "jenkins-pl".


I executed the command:



 $ kubectl cluster-info | grep master


and got the following output:



 https://api-selegrid-k8s-loca-m23tbb-1891259367.us-west-2.elb.amazonaws.com


I provided the above in Kubernetes URL, for which I get the similar error as before.



Not sure how to move forward?










share|improve this question

























  • When did you create the namespace jenkins-pl?

    – Shudipta Sharma
    Nov 26 '18 at 18:11


















0















Am new to kubernetes and trying out Jenkins kubernetes plugin. I have created a K8s cluster and namespace called jenkins-pl in AWS. Below are my Jenkins deployment and service yaml files:



apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: jenkins
spec:
replicas: 1
template:
metadata:
labels:
app: jenkins
spec:
containers:
- name: jenkins
image: contactsai123/my-jenkins-image:1.0
env:
- name: JAVA_OPTS
value: -Djenkins.install.runSetupWizard=false
ports:
- name: http-port
containerPort: 8080
- name: jnlp-port
containerPort: 50000
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
volumes:
- name: jenkins-home
emptyDir: {}


Here is my jenkins-service.yaml file



apiVersion: v1
kind: Service
metadata:
name: jenkins
spec:
type: LoadBalancer
ports:
- port: 8080
targetPort: 8080
selector:
app: jenkins


Am able to launch Jenkins successfully, am unsure on what should I provide in kubernetes URL.



I gave "https://kubernetes.default.svc.cluster.local" and get the error message:



Error testing connection https://kubernetes.default.svc.cluster.local: Failure executing: GET at: https://kubernetes.default.svc.cluster.local/api/v1/namespaces/jenkins-pl/pods. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:serviceaccount:jenkins-pl:default" cannot list pods in the namespace "jenkins-pl".


I executed the command:



 $ kubectl cluster-info | grep master


and got the following output:



 https://api-selegrid-k8s-loca-m23tbb-1891259367.us-west-2.elb.amazonaws.com


I provided the above in Kubernetes URL, for which I get the similar error as before.



Not sure how to move forward?










share|improve this question

























  • When did you create the namespace jenkins-pl?

    – Shudipta Sharma
    Nov 26 '18 at 18:11
















0












0








0








Am new to kubernetes and trying out Jenkins kubernetes plugin. I have created a K8s cluster and namespace called jenkins-pl in AWS. Below are my Jenkins deployment and service yaml files:



apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: jenkins
spec:
replicas: 1
template:
metadata:
labels:
app: jenkins
spec:
containers:
- name: jenkins
image: contactsai123/my-jenkins-image:1.0
env:
- name: JAVA_OPTS
value: -Djenkins.install.runSetupWizard=false
ports:
- name: http-port
containerPort: 8080
- name: jnlp-port
containerPort: 50000
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
volumes:
- name: jenkins-home
emptyDir: {}


Here is my jenkins-service.yaml file



apiVersion: v1
kind: Service
metadata:
name: jenkins
spec:
type: LoadBalancer
ports:
- port: 8080
targetPort: 8080
selector:
app: jenkins


Am able to launch Jenkins successfully, am unsure on what should I provide in kubernetes URL.



I gave "https://kubernetes.default.svc.cluster.local" and get the error message:



Error testing connection https://kubernetes.default.svc.cluster.local: Failure executing: GET at: https://kubernetes.default.svc.cluster.local/api/v1/namespaces/jenkins-pl/pods. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:serviceaccount:jenkins-pl:default" cannot list pods in the namespace "jenkins-pl".


I executed the command:



 $ kubectl cluster-info | grep master


and got the following output:



 https://api-selegrid-k8s-loca-m23tbb-1891259367.us-west-2.elb.amazonaws.com


I provided the above in Kubernetes URL, for which I get the similar error as before.



Not sure how to move forward?










share|improve this question
















Am new to kubernetes and trying out Jenkins kubernetes plugin. I have created a K8s cluster and namespace called jenkins-pl in AWS. Below are my Jenkins deployment and service yaml files:



apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: jenkins
spec:
replicas: 1
template:
metadata:
labels:
app: jenkins
spec:
containers:
- name: jenkins
image: contactsai123/my-jenkins-image:1.0
env:
- name: JAVA_OPTS
value: -Djenkins.install.runSetupWizard=false
ports:
- name: http-port
containerPort: 8080
- name: jnlp-port
containerPort: 50000
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
volumes:
- name: jenkins-home
emptyDir: {}


Here is my jenkins-service.yaml file



apiVersion: v1
kind: Service
metadata:
name: jenkins
spec:
type: LoadBalancer
ports:
- port: 8080
targetPort: 8080
selector:
app: jenkins


Am able to launch Jenkins successfully, am unsure on what should I provide in kubernetes URL.



I gave "https://kubernetes.default.svc.cluster.local" and get the error message:



Error testing connection https://kubernetes.default.svc.cluster.local: Failure executing: GET at: https://kubernetes.default.svc.cluster.local/api/v1/namespaces/jenkins-pl/pods. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:serviceaccount:jenkins-pl:default" cannot list pods in the namespace "jenkins-pl".


I executed the command:



 $ kubectl cluster-info | grep master


and got the following output:



 https://api-selegrid-k8s-loca-m23tbb-1891259367.us-west-2.elb.amazonaws.com


I provided the above in Kubernetes URL, for which I get the similar error as before.



Not sure how to move forward?







amazon-web-services jenkins kubernetes






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 26 '18 at 21:01









Shudipta Sharma

1,177413




1,177413










asked Nov 26 '18 at 17:20









Sai SivasailemSai Sivasailem

395




395













  • When did you create the namespace jenkins-pl?

    – Shudipta Sharma
    Nov 26 '18 at 18:11





















  • When did you create the namespace jenkins-pl?

    – Shudipta Sharma
    Nov 26 '18 at 18:11



















When did you create the namespace jenkins-pl?

– Shudipta Sharma
Nov 26 '18 at 18:11







When did you create the namespace jenkins-pl?

– Shudipta Sharma
Nov 26 '18 at 18:11














1 Answer
1






active

oldest

votes


















2














Your cluster has RBAC enabled. You have to give your deployment necessary RBAC permission to list pods.



Consider your deployment as a user who need to perform some task in your cluster. So, you have to provide it necessary permission.



At first you have to create a role. It could be ClusterRole or Role.
This role define what can be done under this role. A ClusterRole give permission to do some task in cluster scope where Role give permission only in a particular namespace.



Then, you have to create a Service Account. Consider service account as a user. It is for application instead of a person.



Finally, you have to bind Role or ClusterRole to the service account through RoleBinding or ClusterRoleBinding. This actually tell that which user/service can access permissions defined under which roles.



Check this nice post to understand RBAC: Configuring permissions in Kubernetes with RBAC



Also this video might help you to understand the basics: Role Based Access Control (RBAC) with Kubernetes






share|improve this answer

























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53486092%2funable-to-configure-kubernetes-url-with-kubernetes-jenkins-plugin%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    2














    Your cluster has RBAC enabled. You have to give your deployment necessary RBAC permission to list pods.



    Consider your deployment as a user who need to perform some task in your cluster. So, you have to provide it necessary permission.



    At first you have to create a role. It could be ClusterRole or Role.
    This role define what can be done under this role. A ClusterRole give permission to do some task in cluster scope where Role give permission only in a particular namespace.



    Then, you have to create a Service Account. Consider service account as a user. It is for application instead of a person.



    Finally, you have to bind Role or ClusterRole to the service account through RoleBinding or ClusterRoleBinding. This actually tell that which user/service can access permissions defined under which roles.



    Check this nice post to understand RBAC: Configuring permissions in Kubernetes with RBAC



    Also this video might help you to understand the basics: Role Based Access Control (RBAC) with Kubernetes






    share|improve this answer






























      2














      Your cluster has RBAC enabled. You have to give your deployment necessary RBAC permission to list pods.



      Consider your deployment as a user who need to perform some task in your cluster. So, you have to provide it necessary permission.



      At first you have to create a role. It could be ClusterRole or Role.
      This role define what can be done under this role. A ClusterRole give permission to do some task in cluster scope where Role give permission only in a particular namespace.



      Then, you have to create a Service Account. Consider service account as a user. It is for application instead of a person.



      Finally, you have to bind Role or ClusterRole to the service account through RoleBinding or ClusterRoleBinding. This actually tell that which user/service can access permissions defined under which roles.



      Check this nice post to understand RBAC: Configuring permissions in Kubernetes with RBAC



      Also this video might help you to understand the basics: Role Based Access Control (RBAC) with Kubernetes






      share|improve this answer




























        2












        2








        2







        Your cluster has RBAC enabled. You have to give your deployment necessary RBAC permission to list pods.



        Consider your deployment as a user who need to perform some task in your cluster. So, you have to provide it necessary permission.



        At first you have to create a role. It could be ClusterRole or Role.
        This role define what can be done under this role. A ClusterRole give permission to do some task in cluster scope where Role give permission only in a particular namespace.



        Then, you have to create a Service Account. Consider service account as a user. It is for application instead of a person.



        Finally, you have to bind Role or ClusterRole to the service account through RoleBinding or ClusterRoleBinding. This actually tell that which user/service can access permissions defined under which roles.



        Check this nice post to understand RBAC: Configuring permissions in Kubernetes with RBAC



        Also this video might help you to understand the basics: Role Based Access Control (RBAC) with Kubernetes






        share|improve this answer















        Your cluster has RBAC enabled. You have to give your deployment necessary RBAC permission to list pods.



        Consider your deployment as a user who need to perform some task in your cluster. So, you have to provide it necessary permission.



        At first you have to create a role. It could be ClusterRole or Role.
        This role define what can be done under this role. A ClusterRole give permission to do some task in cluster scope where Role give permission only in a particular namespace.



        Then, you have to create a Service Account. Consider service account as a user. It is for application instead of a person.



        Finally, you have to bind Role or ClusterRole to the service account through RoleBinding or ClusterRoleBinding. This actually tell that which user/service can access permissions defined under which roles.



        Check this nice post to understand RBAC: Configuring permissions in Kubernetes with RBAC



        Also this video might help you to understand the basics: Role Based Access Control (RBAC) with Kubernetes







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Nov 26 '18 at 18:36

























        answered Nov 26 '18 at 18:18









        Emruz HossainEmruz Hossain

        1,114310




        1,114310
































            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53486092%2funable-to-configure-kubernetes-url-with-kubernetes-jenkins-plugin%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            A CLEAN and SIMPLE way to add appendices to Table of Contents and bookmarks

            Calculate evaluation metrics using cross_val_predict sklearn

            Insert data from modal to MySQL (multiple modal on website)