Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jenkins slave still does not run with jenkins SA on latest master #78

Closed
clemensutschig opened this issue May 2, 2019 · 6 comments · Fixed by #79
Closed

jenkins slave still does not run with jenkins SA on latest master #78

clemensutschig opened this issue May 2, 2019 · 6 comments · Fixed by #79
Assignees
@michaelsauter
Labels
bug Something isn't working
Projects
OpenDevStack 1.1.0

Comments

@clemensutschig
Copy link
Member

clemensutschig commented May 2, 2019
edited
Loading

from the logs

[@containerTemplate(name=jnlp,image=docker-registry.default.svc:5000/cd/jenkins-slave-base,workingDir=/tmp,alwaysPullImage=true,args=${computer.jnlpmac} ${computer.name},*serviceAccount=jenkins*)], 

‘Jenkins’ doesn’t have label ‘pod-a3baadd4-edd5-4b7b-8238-ebadc8eda50d’
Agent jenkins-slave-xklpg-x6dk3 is provisioned from template Kubernetes Pod Template
Agent specification [Kubernetes Pod Template] (pod-a3baadd4-edd5-4b7b-8238-ebadc8eda50d): 
* [jnlp] docker-registry.default.svc:5000/cd/jenkins-slave-base

Running on jenkins-slave-xklpg-x6dk3 in /tmp/workspace/ods26-cd/ods26-cd-dockerplain-master

[ods26-cd-dockerplain-master] Running shell script
+ oc whoami
system:serviceaccount:ods26-cd:default
@clemensutschig clemensutschig added the bug Something isn't working label May 2, 2019
@clemensutschig
Copy link
Member Author

https://github.com/opendevstack/ods-jenkins-shared-library/blob/master/src/org/ods/OdsPipeline.groovy#L50-L54

does not look like it would take the SA into account. this breaks current master (and me from pushing this to production(

@clemensutschig
Copy link
Member Author

clemensutschig commented May 2, 2019
edited
Loading

this should have been fixed with #70 and also looks correct according to
https://github.com/jenkinsci/kubernetes-plugin/blob/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/PodTemplate.java#L95

@clemensutschig
Copy link
Member Author

I took a look into the pod def of the spun up pod

  restartPolicy: Never
  schedulerName: default-scheduler
  securityContext:
    fsGroup: 1002070000
    seLinuxOptions:
      level: 's0:c46,c0'
  serviceAccount: default
  serviceAccountName: default
  terminationGracePeriodSeconds: 30
  volumes:

so clearly this thing does NOT run as jenkins

@clemensutschig
Copy link
Member Author

https://jenkins.io/doc/pipeline/steps/kubernetes/

shows that serviceAccount needs to be * on the same level* as name while alwayPullImage is UNDER containers

@michaelsauter
Copy link
Member

Oh no - sorry! I'll update in an hour, but then need to run through the steps to check if things still work ....

@clemensutschig
Copy link
Member Author

clemensutschig commented May 3, 2019 via email

@michaelsauter michaelsauter mentioned this issue May 3, 2019
Merged
@clemensutschig clemensutschig moved this from To Do to Done in OpenDevStack 1.1.0 May 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaelsauter michaelsauter

Labels
bug Something isn't working
Projects
No open projects
OpenDevStack 1.1.0
Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Move serviceAccount config to podTemplate BIX-Digital/ods-jenkins-shared-library
2 participants
@michaelsauter @clemensutschig