patternkubernetesMinor
Connect external Jenkins Master to GKE with Kubernetes plugin
Viewed 0 times
gkeconnectjenkinswithkubernetespluginmasterexternal
Problem
I find the documentation at https://github.com/jenkinsci/kubernetes-plugin quite unclear when it comes to step by step configuration of external Jenkins master.
What are the exact steps that need to be followed?
I have installed the Kubernetes plugin and I have tried to supply some cluster info, but I have got lost there.
For Name I have taken the output from kubectl config view --raw, specifically the context for the given cluster and the cluster name part.
For Kubernetes URL I have set the IP address from the Server field in the same output from above.
Kubernetes server certificate key - for this part I have initially tried to follow the same pattern from above and take the value of the certificate-authority-data field, but I got an "Error testing connection https://XX.XXX.XXX.XX: java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Empty input", so I have attempted to convert that value with echo "the field value here" | base64 -d > ca.crt and use that, but it failed again and I have also got it form the UI for GKE show cluster ceritficate section, all of them give me failure on testing connection with the error from above.
I couldn't really go past this point, but I see everything being quite unclear forward, so I would appreciate a step-by-step recommendation or any guide that I am missing.
What are the exact steps that need to be followed?
I have installed the Kubernetes plugin and I have tried to supply some cluster info, but I have got lost there.
For Name I have taken the output from kubectl config view --raw, specifically the context for the given cluster and the cluster name part.
For Kubernetes URL I have set the IP address from the Server field in the same output from above.
Kubernetes server certificate key - for this part I have initially tried to follow the same pattern from above and take the value of the certificate-authority-data field, but I got an "Error testing connection https://XX.XXX.XXX.XX: java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Empty input", so I have attempted to convert that value with echo "the field value here" | base64 -d > ca.crt and use that, but it failed again and I have also got it form the UI for GKE show cluster ceritficate section, all of them give me failure on testing connection with the error from above.
I couldn't really go past this point, but I see everything being quite unclear forward, so I would appreciate a step-by-step recommendation or any guide that I am missing.
Solution
It looks like you are missing the service account configurations bit. Refer to : https://devopscube.com/jenkins-build-agents-kubernetes/
If your Jenkins server is running outside the Kubernetes cluster, you need to specify the following.
can get the certificate from the pod location
/var/run/secrets/kubernetes.io/serviceaccount/ca.crt .If you dont have
the certificate, you can enable the “disable https certificate check”
option.
pods in the devops-tools namespace.
If your Jenkins server is running outside the Kubernetes cluster, you need to specify the following.
- Kubernetes URL: This is the Kubernete master API endpoint. If is it https enabled, use the https url.
- Kubernete Server Certificate key: If you have a the Kubernetes Cluster CA certificate, you can add it for secure connectivity. You
can get the certificate from the pod location
/var/run/secrets/kubernetes.io/serviceaccount/ca.crt .If you dont have
the certificate, you can enable the “disable https certificate check”
option.
- Credentials: For Jenkins to communitcate with the Kubernetes cluster, we need a service account token with permissions to deploy
pods in the devops-tools namespace.
Context
StackExchange DevOps Q#9074, answer score: 1
Revisions (0)
No revisions yet.