HiveBrain v1.2.0
Get Started
← Back to all entries
patternkubernetesMinor

Control GKE CICD from a Jenkins in a lab with private network?

Submitted by: @import:stackexchange-devops··
0
Viewed 0 times
gkecontroljenkinswithnetworkprivatecicdfromlab

Problem

For a test purpose I need to use my locally provisioned Jenkins with Vagrant in order to connect to GKE and use pods to build. Is that possible, because from what I read K8s will need access to Jenkins as well. How can I achieve that?

Looks to be possible, but I am stuck on access rights for now:

o.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://xxxxxx/api/v1/namespaces/cicd/pods?labelSelector=jenkins%3Dslave. Message: pods is forbidden: User "system:anonymous" cannot list resource "pods" in API group "" in the namespace "cicd". Received status: Status(apiVersion=v1, code=403, details=StatusDetails(causes=[], group=null, kind=pods, name=null, retryAfterSeconds=null, uid=null, additionalProperties={}), kind=Status, message=pods is forbidden: User "system:anonymous" cannot list resource "pods" in API group "" in the namespace "cicd", metadata=ListMeta(_continue=null, resourceVersion=null, selfLink=null, additionalProperties={}), reason=Forbidden, status=Failure, additionalProperties={}).

Solution

Taking the url from cluster-info and creating a config file with jenkins and using at as secret did the trick to pass the connection.
I am still curious how to authenticate with a bearer token though. I have tried to use existing managed Jenkins secret, but it failed with it.

Update: The authentication happens, but after creating pods the job never runs.
Update: It looks like using jenkinsci docker image as a hardcoded podtemplate works, I try to work with Groovy provisioned yaml template that calls GCR and there I got the firstly mentioned error.

Context

StackExchange DevOps Q#11987, answer score: 2

Revisions (0)

No revisions yet.