search

cloud-native-toolkit / planning

The is the planning repo to manage the cross project Epics and Issues. Tasks and Bugs
3 stars 1 forks source link

Jenkins install on IKS is failing with Job error and no userid and password created #150

Closed mjperrins closed 4 years ago

mjperrins commented 4 years ago

Describe the bug Jenkins install on IKS is failing with Job error and no userid and password created

After installation was green, igc credentials returns which contains no login credentials

jenkins: {
    host: 'jenkins.admin-services-cluster-7ec5d722a0ab3f463fdc90eeb94dbc70-0000.us-east.containers.appdomain.cloud',
    url: 'https://jenkins.admin-services-cluster-7ec5d722a0ab3f463fdc90eeb94dbc70-0000.us-east.containers.appdomain.cloud'
  },

Logging from Job

- Configuring Jenkins auth
Sun, 15 Mar 2020 14:51:48 GMT kubernetes-client deprecated getInCluster see https://github.com/godaddy/kubernetes-client/blob/master/merging-with-kubernetes.md#request-kubeconfig- at .npm-packages/lib/node_modules/@garage-catalyst/ibm-garage-cloud-cli/dist/api/kubectl/client.js:13:49
Sun, 15 Mar 2020 14:51:48 GMT kubernetes-client deprecated Request() without a .kubeconfig option, see https://github.com/godaddy/kubernetes-client/blob/master/merging-with-kubernetes.md at .npm-packages/lib/node_modules/@garage-catalyst/ibm-garage-cloud-cli/dist/api/kubectl/client.js:13:22
Error configuring Jenkins authentication { Error: secrets is forbidden: User "system:serviceaccount:tools:jenkins" cannot create resource "secrets" in API group "" in the namespace "tools"
    at _request (/home/devops/.npm-packages/lib/node_modules/@garage-catalyst/ibm-garage-cloud-cli/node_modules/kubernetes-client/backends/request/client.js:231:25)
    at Request.request [as _callback] (/home/devops/.npm-packages/lib/node_modules/@garage-catalyst/ibm-garage-cloud-cli/node_modules/kubernetes-client/backends/request/client.js:168:14)
    at Request.self.callback (/home/devops/.npm-packages/lib/node_modules/@garage-catalyst/ibm-garage-cloud-cli/node_modules/request/request.js:185:22)
    at Request.emit (events.js:193:13)
    at Request.<anonymous> (/home/devops/.npm-packages/lib/node_modules/@garage-catalyst/ibm-garage-cloud-cli/node_modules/request/request.js:1154:10)
    at Request.emit (events.js:193:13)
    at IncomingMessage.<anonymous> (/home/devops/.npm-packages/lib/node_modules/@garage-catalyst/ibm-garage-cloud-cli/node_modules/request/request.js:1076:12)
    at Object.onceWrapper (events.js:281:20)
    at IncomingMessage.emit (events.js:198:15)
    at endReadableNT (_stream_readable.js:1139:12) code: 403, statusCode: 403 }
Logs from to UTC

To Reproduce Steps to reproduce the behavior:

  1. Install iteration zero on IKS cluster to green
  2. run igc credentials no uid/pw for jenkins
  3. check Kubernetes and there is errors everywhere

Expected behavior expect to see the credentials for login, jenkins console is working

IBM Cloud Select the services and tools affected

Desktop (please complete the following information):

Additional context Add any other context about the problem here.

seansund commented 4 years ago

The problem was that the helm chart changed the way the Role was structured so our patch to give access to secret resources didn't work anymore. This fix updates the patch to create the security role properly so that the Jenkins service account has permission to work with secrets within the namespace