k3s: Crash on startup after Helm apply

[IngwiePhoenix]

Describe the bug

I configured the Helm Chart into my k3s cluster and made sure to change only as little as needed to make sure it starts fine - I could then expand later. However, even with this approach, this isn't working out at all.

Excerpt:

2024-04-28 04:30:12.625+0000 [id=26]    SEVERE  jenkins.model.Jenkins$16#onTaskFailed: Failed IOHubProvider.cleanUp
java.lang.IllegalArgumentException: Unable to inject class jenkins.slaves.IOHubProvider
        at hudson.init.TaskMethodFinder.lookUp(TaskMethodFinder.java:130)
        at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:110)
        at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:185)
        at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305)
        at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221)
        at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120)
        at org.jvnet.hudson.reactor.Reactor$Node.runIfPossible(Reactor.java:142)
        at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:131)
        at org.jvnet.hudson.reactor.Reactor$Node.runIfPossible(Reactor.java:142)
        at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:284)
        at jenkins.model.Jenkins._cleanUpRunTerminators(Jenkins.java:3736)
        at jenkins.model.Jenkins.cleanUp(Jenkins.java:3659)
        at hudson.WebAppMain.contextDestroyed(WebAppMain.java:398)
        at org.eclipse.jetty.server.handler.ContextHandler.callContextDestroyed(ContextHandler.java:1059)
        at org.eclipse.jetty.servlet.ServletContextHandler.callContextDestroyed(ServletContextHandler.java:636)
        at org.eclipse.jetty.server.handler.ContextHandler.contextDestroyed(ContextHandler.java:1016)
        at org.eclipse.jetty.servlet.ServletHandler.doStop(ServletHandler.java:306)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132)
        at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182)
        at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205)
        at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97)
        at org.eclipse.jetty.security.SecurityHandler.doStop(SecurityHandler.java:412)
        at org.eclipse.jetty.security.ConstraintSecurityHandler.doStop(ConstraintSecurityHandler.java:413)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132)
        at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182)
        at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205)
        at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97)
        at org.eclipse.jetty.server.session.SessionHandler.doStop(SessionHandler.java:497)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132)
        at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182)
        at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205)
        at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97)
        at org.eclipse.jetty.server.handler.ContextHandler.stopContext(ContextHandler.java:1039)
        at org.eclipse.jetty.servlet.ServletContextHandler.stopContext(ServletContextHandler.java:399)
        at org.eclipse.jetty.webapp.WebAppContext.stopContext(WebAppContext.java:1311)
        at org.eclipse.jetty.server.handler.ContextHandler.doStop(ContextHandler.java:1087)
        at org.eclipse.jetty.servlet.ServletContextHandler.doStop(ServletContextHandler.java:312)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132)
        at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182)
        at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205)
        at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97)
        at org.eclipse.jetty.server.Server.doStop(Server.java:517)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132)
        at winstone.Launcher.shutdown(Launcher.java:442)
        at winstone.ShutdownHook.run(ShutdownHook.java:28)

Version of Helm and Kubernetes

- Helm: Depends on what k3s ships. Unfortunately, I can't easily figure it out. However, it does use Helm 3 (including 1 -> 2 -> 3 migration) from what I can tell in the logs.
- Kubernetes: 1.29.3+k3s1

Chart version

I didn't specify a version; so "latest" should apply. This was just to get started and get something running first.

What happened?

Full log (jenkins/pods/jenkins-0)

``` PS Z:\Work\Homelab> kubectl logs -f -n jenkins pods/jenkins-0 Defaulted container "jenkins" out of: jenkins, config-reload, config-reload-init (init), init (init) Running from: /usr/share/jenkins/jenkins.war 2024-04-28 04:28:20.529+0000 [id=1] INFO winstone.Logger#logInternal: Beginning extraction from war file 2024-04-28 04:28:20.709+0000 [id=1] WARNING o.e.j.s.handler.ContextHandler#setContextPath: Empty contextPath 2024-04-28 04:28:20.830+0000 [id=1] INFO org.eclipse.jetty.server.Server#doStart: jetty-10.0.20; built: 2024-01-29T20:46:45.278Z; git: 3a745c71c23682146f262b99f4ddc4c1bc41630c; jvm 17.0.10+7 2024-04-28 04:28:21.257+0000 [id=1] INFO o.e.j.w.StandardDescriptorProcessor#visitServlet: NO JSP Support for /, did not find org.eclipse.jetty.jsp.JettyJspServlet 2024-04-28 04:28:21.363+0000 [id=1] INFO o.e.j.s.s.DefaultSessionIdManager#doStart: Session workerName=node0 2024-04-28 04:28:22.310+0000 [id=1] INFO hudson.WebAppMain#contextInitialized: Jenkins home directory: /var/jenkins_home found at: EnvVars.masterEnvVars.get("JENKINS_HOME") 2024-04-28 04:28:22.650+0000 [id=1] INFO o.e.j.s.handler.ContextHandler#doStart: Started w.@4d8539de{Jenkins v2.440.3,/,file:///var/jenkins_cache/war/,AVAILABLE}{/var/jenkins_cache/war} 2024-04-28 04:28:22.705+0000 [id=1] INFO o.e.j.server.AbstractConnector#doStart: Started ServerConnector@609db43b{HTTP/1.1, (http/1.1)}{0.0.0.0:8080} 2024-04-28 04:28:22.717+0000 [id=1] INFO org.eclipse.jetty.server.Server#doStart: Started Server@2bfc268b{STARTING}[10.0.20,sto=0] @3127ms 2024-04-28 04:28:22.717+0000 [id=25] INFO winstone.Logger#logInternal: Winstone Servlet Engine running: controlPort=disabled 2024-04-28 04:28:23.311+0000 [id=33] INFO jenkins.InitReactorRunner$1#onAttained: Started initialization 2024-04-28 04:30:12.602+0000 [id=26] INFO winstone.Logger#logInternal: JVM is terminating. Shutting down Jetty 2024-04-28 04:30:12.603+0000 [id=26] INFO org.eclipse.jetty.server.Server#doStop: Stopped Server@2bfc268b{STOPPING}[10.0.20,sto=0] 2024-04-28 04:30:12.607+0000 [id=26] INFO o.e.j.server.AbstractConnector#doStop: Stopped ServerConnector@609db43b{HTTP/1.1, (http/1.1)}{0.0.0.0:8080} 2024-04-28 04:30:12.610+0000 [id=26] INFO hudson.lifecycle.Lifecycle#onStatusUpdate: Stopping Jenkins 2024-04-28 04:30:12.623+0000 [id=26] INFO jenkins.model.Jenkins$16#onAttained: Started termination 2024-04-28 04:30:12.625+0000 [id=26] SEVERE jenkins.model.Jenkins$16#onTaskFailed: Failed IOHubProvider.cleanUp java.lang.IllegalArgumentException: Unable to inject class jenkins.slaves.IOHubProvider at hudson.init.TaskMethodFinder.lookUp(TaskMethodFinder.java:130) at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:110) at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:185) at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305) at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221) at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120) at org.jvnet.hudson.reactor.Reactor$Node.runIfPossible(Reactor.java:142) at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:131) at org.jvnet.hudson.reactor.Reactor$Node.runIfPossible(Reactor.java:142) at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:284) at jenkins.model.Jenkins._cleanUpRunTerminators(Jenkins.java:3736) at jenkins.model.Jenkins.cleanUp(Jenkins.java:3659) at hudson.WebAppMain.contextDestroyed(WebAppMain.java:398) at org.eclipse.jetty.server.handler.ContextHandler.callContextDestroyed(ContextHandler.java:1059) at org.eclipse.jetty.servlet.ServletContextHandler.callContextDestroyed(ServletContextHandler.java:636) at org.eclipse.jetty.server.handler.ContextHandler.contextDestroyed(ContextHandler.java:1016) at org.eclipse.jetty.servlet.ServletHandler.doStop(ServletHandler.java:306) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.security.SecurityHandler.doStop(SecurityHandler.java:412) at org.eclipse.jetty.security.ConstraintSecurityHandler.doStop(ConstraintSecurityHandler.java:413) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.server.session.SessionHandler.doStop(SessionHandler.java:497) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.server.handler.ContextHandler.stopContext(ContextHandler.java:1039) at org.eclipse.jetty.servlet.ServletContextHandler.stopContext(ServletContextHandler.java:399) at org.eclipse.jetty.webapp.WebAppContext.stopContext(WebAppContext.java:1311) at org.eclipse.jetty.server.handler.ContextHandler.doStop(ContextHandler.java:1087) at org.eclipse.jetty.servlet.ServletContextHandler.doStop(ServletContextHandler.java:312) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.server.Server.doStop(Server.java:517) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at winstone.Launcher.shutdown(Launcher.java:442) at winstone.ShutdownHook.run(ShutdownHook.java:28) 2024-04-28 04:30:12.626+0000 [id=26] SEVERE jenkins.model.Jenkins$16#onTaskFailed: Failed NioChannelSelector.cleanUp java.lang.IllegalArgumentException: Unable to inject class jenkins.slaves.NioChannelSelector at hudson.init.TaskMethodFinder.lookUp(TaskMethodFinder.java:130) at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:110) at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:185) at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305) at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221) at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120) at org.jvnet.hudson.reactor.Reactor$Node.runIfPossible(Reactor.java:142) at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:131) at org.jvnet.hudson.reactor.Reactor$Node.runIfPossible(Reactor.java:142) at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:284) at jenkins.model.Jenkins._cleanUpRunTerminators(Jenkins.java:3736) at jenkins.model.Jenkins.cleanUp(Jenkins.java:3659) at hudson.WebAppMain.contextDestroyed(WebAppMain.java:398) at org.eclipse.jetty.server.handler.ContextHandler.callContextDestroyed(ContextHandler.java:1059) at org.eclipse.jetty.servlet.ServletContextHandler.callContextDestroyed(ServletContextHandler.java:636) at org.eclipse.jetty.server.handler.ContextHandler.contextDestroyed(ContextHandler.java:1016) at org.eclipse.jetty.servlet.ServletHandler.doStop(ServletHandler.java:306) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.security.SecurityHandler.doStop(SecurityHandler.java:412) at org.eclipse.jetty.security.ConstraintSecurityHandler.doStop(ConstraintSecurityHandler.java:413) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.server.session.SessionHandler.doStop(SessionHandler.java:497) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.server.handler.ContextHandler.stopContext(ContextHandler.java:1039) at org.eclipse.jetty.servlet.ServletContextHandler.stopContext(ServletContextHandler.java:399) at org.eclipse.jetty.webapp.WebAppContext.stopContext(WebAppContext.java:1311) at org.eclipse.jetty.server.handler.ContextHandler.doStop(ContextHandler.java:1087) at org.eclipse.jetty.servlet.ServletContextHandler.doStop(ServletContextHandler.java:312) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.server.Server.doStop(Server.java:517) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at winstone.Launcher.shutdown(Launcher.java:442) at winstone.ShutdownHook.run(ShutdownHook.java:28) 2024-04-28 04:30:12.627+0000 [id=26] INFO jenkins.model.Jenkins$16#onAttained: Completed termination 2024-04-28 04:30:12.627+0000 [id=26] INFO jenkins.model.Jenkins#_cleanUpDisconnectComputers: Starting node disconnection 2024-04-28 04:30:12.639+0000 [id=26] INFO jenkins.model.Jenkins#_cleanUpShutdownPluginManager: Stopping plugin manager 2024-04-28 04:30:12.639+0000 [id=26] INFO jenkins.model.Jenkins#_cleanUpPersistQueue: Persisting build queue 2024-04-28 04:30:12.978+0000 [id=26] INFO hudson.lifecycle.Lifecycle#onStatusUpdate: Jenkins stopped 2024-04-28 04:30:12.979+0000 [id=26] INFO hudson.WebAppMain#contextDestroyed: Shutting down a Jenkins instance that was still starting up java.lang.Throwable: reason at hudson.WebAppMain.contextDestroyed(WebAppMain.java:407) at org.eclipse.jetty.server.handler.ContextHandler.callContextDestroyed(ContextHandler.java:1059) at org.eclipse.jetty.servlet.ServletContextHandler.callContextDestroyed(ServletContextHandler.java:636) at org.eclipse.jetty.server.handler.ContextHandler.contextDestroyed(ContextHandler.java:1016) at org.eclipse.jetty.servlet.ServletHandler.doStop(ServletHandler.java:306) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.security.SecurityHandler.doStop(SecurityHandler.java:412) at org.eclipse.jetty.security.ConstraintSecurityHandler.doStop(ConstraintSecurityHandler.java:413) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.server.session.SessionHandler.doStop(SessionHandler.java:497) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.server.handler.ContextHandler.stopContext(ContextHandler.java:1039) at org.eclipse.jetty.servlet.ServletContextHandler.stopContext(ServletContextHandler.java:399) at org.eclipse.jetty.webapp.WebAppContext.stopContext(WebAppContext.java:1311) at org.eclipse.jetty.server.handler.ContextHandler.doStop(ContextHandler.java:1087) at org.eclipse.jetty.servlet.ServletContextHandler.doStop(ServletContextHandler.java:312) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.server.Server.doStop(Server.java:517) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at winstone.Launcher.shutdown(Launcher.java:442) at winstone.ShutdownHook.run(ShutdownHook.java:28) 2024-04-28 04:30:12.981+0000 [id=24] SEVERE hudson.util.BootFailure#publish: Failed to initialize Jenkins java.lang.InterruptedException at java.base/java.lang.Object.wait(Native Method) at java.base/java.lang.Object.wait(Unknown Source) at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:288) at jenkins.InitReactorRunner.run(InitReactorRunner.java:49) at jenkins.model.Jenkins.executeReactor(Jenkins.java:1205) at jenkins.model.Jenkins.(Jenkins.java:992) at hudson.model.Hudson.(Hudson.java:86) at hudson.model.Hudson.(Hudson.java:82) at hudson.WebAppMain$3.run(WebAppMain.java:248) Caused: hudson.util.HudsonFailedToLoad at hudson.WebAppMain$3.run(WebAppMain.java:276) 2024-04-28 04:30:12.985+0000 [id=26] INFO o.e.j.s.handler.ContextHandler#doStop: Stopped w.@4d8539de{Jenkins v2.440.3,/,null,STOPPED}{/var/jenkins_cache/war} 2024-04-28 04:30:12.985+0000 [id=24] SEVERE h.i.i.InstallUncaughtExceptionHandler$DefaultUncaughtExceptionHandler#uncaughtException: A thread (Jenkins initialization thread/24) died unexpectedly due to an uncaught exception. This may leave your server corrupted and usually indicates a software bug. java.lang.ClassNotFoundException: jenkins.util.groovy.GroovyHookScript at java.base/java.net.URLClassLoader.findClass(Unknown Source) at java.base/java.lang.ClassLoader.loadClass(Unknown Source) at java.base/java.lang.ClassLoader.loadClass(Unknown Source) at org.eclipse.jetty.webapp.WebAppClassLoader.loadClass(WebAppClassLoader.java:511) at java.base/java.lang.ClassLoader.loadClass(Unknown Source) Caused: java.lang.NoClassDefFoundError: jenkins/util/groovy/GroovyHookScript at hudson.util.BootFailure.publish(BootFailure.java:48) at hudson.WebAppMain$3.run(WebAppMain.java:276) ```

What you expected to happen?

I expected to see Jenkins start, and subsequently be able to log in to see if everything worked, to then iterate on the values.

How to reproduce it

1. Install and bootstrap k3s
2. Copy and adjust the default values (deleting what I wouldn't use, comment out what I intend to use later)
3. Apply the configuration

HelmChart and values

```yaml apiVersion: v1 kind: Namespace metadata: name: jenkins --- apiVersion: helm.cattle.io/v1 kind: HelmChart metadata: name: jenkins namespace: kube-system spec: repo: https://charts.jenkins.io/ chart: jenkins targetNamespace: jenkins valuesContent: |- # -- Override the deployment namespace # @default -- `Release.Namespace` namespaceOverride: jenkins # For FQDN resolving of the controller service. Change this value to match your existing configuration. # ref: https://github.com/kubernetes/dns/blob/master/docs/specification.md # -- Override the cluster name for FQDN resolving clusterZone: "kube.birb.it" # -- The Jenkins credentials to access the Kubernetes API server. For the default cluster it is not needed. # credentialsId: controller: # -- Used for label app.kubernetes.io/component componentName: "jenkins-controller" # -- Disable use of remember me disableRememberMe: false # -- Set Number of executors numExecutors: 4 # -- Sets the executor mode of the Jenkins node. Possible values are "NORMAL" or "EXCLUSIVE" executorMode: "NORMAL" hostNetworking: false # When enabling LDAP or another non-Jenkins identity source, the built-in admin account will no longer exist. # If you disable the non-Jenkins identity store and instead use the Jenkins internal one, # you should revert controller.admin.username to your preferred admin user: admin: # -- Admin username created as a secret if `controller.admin.createSecret` is true username: "IngwiePhoenix" # -- Admin password created as a secret if `controller.admin.createSecret` is true # @default -- # TODO(IP): Change or move to OIDC password: "" # -- The key in the existing admin secret containing the username #userKey: jenkins-admin-user # -- The key in the existing admin secret containing the password #passwordKey: jenkins-admin-password # The default configuration uses this secret to configure an admin user # If you don't need that user or use a different security realm, then you can disable it # -- Create secret for admin user createSecret: true # -- The name of an existing secret containing the admin credentials #existingSecret: "" # -- Email address for the administrator of the Jenkins instance jenkinsAdminEmail: "ingwie@birb.it" # Override the default arguments passed to the war # overrideArgs: # - --httpPort=8080 # -- Resource allocation (Requests and Limits) resources: requests: cpu: "50m" memory: "256Mi" limits: cpu: "2000m" memory: "4096Mi" # Set min/max heap here if needed with "-Xms512m -Xmx512m" # -- Append to `JAVA_OPTS` env var #javaOpts: # -- Append to `JENKINS_OPTS` env var #jenkinsOpts: # If you are using the ingress definitions provided by this chart via the `controller.ingress` block, # the configured hostname will be the ingress hostname starting with `https://` # or `http://` depending on the `tls` configuration. # The Protocol can be overwritten by specifying `controller.jenkinsUrlProtocol`. # -- Set protocol for Jenkins URL; `https` if `controller.ingress.tls`, `http` otherwise jenkinsUrlProtocol: https # -- Set Jenkins URL if you are not using the ingress definitions provided by the chart #jenkinsUrl: # If you have PodSecurityPolicies that require dropping of capabilities as suggested by CIS K8s benchmark, put them here # securityContextCapabilities: # drop: # - NET_RAW #securityContextCapabilities: {} # For minikube, set this to NodePort, elsewhere uses LoadBalancer # Use ClusterIP if your setup includes ingress controller # -- k8s service type serviceType: ClusterIP # Use Local to preserve the client source IP and avoids a second hop for LoadBalancer and NodePort type services, # but risks potentially imbalanced traffic spreading. #serviceExternalTrafficPolicy: Local # Enable Kubernetes Startup, Liveness and Readiness Probes # if Startup Probe is supported, enable it too # ~ 2 minutes to allow Jenkins to restart when upgrading plugins. Set ReadinessTimeout to be shorter than LivenessTimeout. # ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes # -- Enable Kubernetes Probes configuration configured in `controller.probes` healthProbes: true # -- Create Agent listener service agentListenerEnabled: true # -- Listening port for agents agentListenerPort: 50000 # -- Host port to listen for agents agentListenerHostPort: 50000 # ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-policies # -- Traffic Policy of for the agentListener service #agentListenerExternalTrafficPolicy: Local # -- Allowed inbound IP for the agentListener service agentListenerLoadBalancerSourceRanges: - 0.0.0.0/0 # Kubernetes service type for the JNLP agent service # agentListenerServiceType is the Kubernetes Service type for the JNLP agent service, # either 'LoadBalancer', 'NodePort', or 'ClusterIP' # Note if you set this to 'LoadBalancer', you *must* define annotations to secure it. By default, # this will be an external load balancer and allowing inbound 0.0.0.0/0, a HUGE # security risk: https://github.com/kubernetes/charts/issues/1341 # -- Defines how to expose the agentListener service agentListenerServiceType: "ClusterIP" # LoadBalancerSourcesRange is a list of allowed CIDR values, which are combined with ServicePort to # set allowed inbound rules on the security group assigned to the controller load balancer # -- Allowed inbound IP addresses loadBalancerSourceRanges: - 0.0.0.0/0 # -- Optionally assign a known public LB IP #loadBalancerIP: # Optionally configure a JMX port. This requires additional javaOpts, for example, # javaOpts: > # -Dcom.sun.management.jmxremote.port=4000 # -Dcom.sun.management.jmxremote.authenticate=false # -Dcom.sun.management.jmxremote.ssl=false # jmxPort: 4000 # -- Open a port, for JMX stats #jmxPort: # -- Optionally configure other ports to expose in the controller container extraPorts: [] # - name: BuildInfoProxy # port: 9000 # targetPort: 9010 (Optional: Use to explicitly set targetPort if different from port) # Plugins will be installed during Jenkins controller start # -- List of Jenkins plugins to install. If you don't want to install plugins, set it to `false` installPlugins: - kubernetes:4203.v1dd44f5b_1cf9 - workflow-aggregator:596.v8c21c963d92d - git:5.2.1 - configuration-as-code:1775.v810dc950b_514 # If set to false, Jenkins will download the minimum required version of all dependencies. # -- Download the minimum required version or latest version of all dependencies installLatestPlugins: true # -- Set to true to download the latest version of any plugin that is requested to have the latest version installLatestSpecifiedPlugins: true # -- List of plugins to install in addition to those listed in controller.installPlugins #additionalPlugins: [] # Without this; whenever the controller gets restarted (Evicted, etc.) it will fetch plugin updates that have the potential to cause breakage. # Note that for this to work, `persistence.enabled` needs to be set to `true` # -- Initialize only on first installation. Ensures plugins do not get updated inadvertently. Requires `persistence.enabled` to be set to `true` initializeOnce: false # Enable to always override the installed plugins with the values of 'controller.installPlugins' on upgrade or redeployment. # -- Overwrite installed plugins on start overwritePlugins: false # Configures if plugins bundled with `controller.image` should be overwritten with the values of 'controller.installPlugins' on upgrade or redeployment. # -- Overwrite plugins that are already installed in the controller image overwritePluginsFromImage: true # Configures the restrictions for naming projects. Set this key to null or empty to skip it in the default config. projectNamingStrategy: standard # Useful with ghprb plugin. The OWASP plugin is not installed by default, please update controller.installPlugins. # -- Enable HTML parsing using OWASP Markup Formatter Plugin (antisamy-markup-formatter) enableRawHtmlMarkupFormatter: false # This is ignored if enableRawHtmlMarkupFormatter is true # -- Yaml of the markup formatter to use markupFormatter: plainText # Used to approve a list of groovy functions in pipelines used the script-security plugin. Can be viewed under /scriptApproval # -- List of groovy functions to approve scriptApproval: [] # - "method groovy.json.JsonSlurperClassic parseText java.lang.String" # - "new groovy.json.JsonSlurperClassic" # 'name' is a name of an existing secret in the same namespace as jenkins, # 'keyName' is the name of one of the keys inside the current secret. # the 'name' and 'keyName' are concatenated with a '-' in between, so for example: # an existing secret "secret-credentials" and a key inside it named "github-password" should be used in JCasC as ${secret-credentials-github-password} # 'name' and 'keyName' must be lowercase RFC 1123 label must consist of lower case alphanumeric characters or '-', # and must start and end with an alphanumeric character (e.g. 'my-name', or '123-abc') # existingSecret existing secret "secret-credentials" and a key inside it named "github-username" should be used in JCasC as ${github-username} # When using existingSecret no need to specify the keyName under additionalExistingSecrets. #existingSecret: # -- List of additional existing secrets to mount #additionalExistingSecrets: [] # ref: https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#kubernetes-secrets # additionalExistingSecrets: # - name: secret-name-1 # keyName: username # - name: secret-name-1 # keyName: password # -- List of additional secrets to create and mount #additionalSecrets: [] # ref: https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#kubernetes-secrets # additionalSecrets: # - name: nameOfSecret # value: secretText # Generate SecretClaim resources to create Kubernetes secrets from HashiCorp Vault using kube-vault-controller. # 'name' is the name of the secret that will be created in Kubernetes. The Jenkins fullname is prepended to this value. # 'path' is the fully qualified path to the secret in Vault # 'type' is an optional Kubernetes secret type. The default is 'Opaque' # 'renew' is an optional secret renewal time in seconds # -- List of `SecretClaim` resources to create #secretClaims: [] # - name: secretName # required # path: testPath # required # type: kubernetes.io/tls # optional # renew: 60 # optional # -- Name of default cloud configuration. cloudName: "kubernetes" # Below is the implementation of Jenkins Configuration as Code. Add a key under configScripts for each configuration area, # where each corresponds to a plugin or section of the UI. Each key (prior to | character) is just a label, and can be any value. # Keys are only used to give the section a meaningful name. The only restriction is they may only contain RFC 1123 \ DNS label # characters: lowercase letters, numbers, and hyphens. The keys become the name of a configuration yaml file on the controller in # /var/jenkins_home/casc_configs (by default) and will be processed by the Configuration as Code Plugin. The lines after each | # become the content of the configuration yaml file. The first line after this is a JCasC root element, e.g., jenkins, credentials, # etc. Best reference is https:///configuration-as-code/reference. The example below creates a welcome message: JCasC: # -- Enables default Jenkins configuration via configuration as code plugin defaultConfig: true # If true, the init container deletes all the plugin config files and Jenkins Config as Code overwrites any existing configuration # -- Whether Jenkins Config as Code should overwrite any existing configuration overwriteConfiguration: false # -- Remote URLs for configuration files. #configUrls: [] # - https://acme.org/jenkins.yaml # -- List of Jenkins Config as Code scripts #configScripts: {} # welcome-message: | # jenkins: # systemMessage: Welcome to our CI\CD server. This Jenkins is configured and managed 'as code'. # Allows adding to the top-level security JCasC section. For legacy purposes, by default, the chart includes apiToken configurations # -- Jenkins Config as Code security-section security: apiToken: creationOfLegacyTokenEnabled: false tokenGenerationOnCreationEnabled: false usageStatisticsEnabled: true # Ignored if securityRealm is defined in controller.JCasC.configScripts # -- Jenkins Config as Code Security Realm-section securityRealm: |- local: allowsSignup: false enableCaptcha: false # Ignored if authorizationStrategy is defined in controller.JCasC.configScripts # -- Jenkins Config as Code Authorization Strategy-section authorizationStrategy: |- loggedInUsersCanDoAnything: allowAnonymousRead: true sidecars: configAutoReload: # If enabled: true, Jenkins Configuration as Code will be reloaded on-the-fly without a reboot. # If false or not-specified, JCasC changes will cause a reboot and will only be applied at the subsequent start-up. # Auto-reload uses the http:///reload-configuration-as-code endpoint to reapply config when changes to # the configScripts are detected. # -- Enables Jenkins Config as Code auto-reload enabled: true # -- The scheme to use when connecting to the Jenkins configuration as code endpoint scheme: http # -- Skip TLS verification when connecting to the Jenkins configuration as code endpoint skipTlsVerify: false # -- How many connection-related errors to retry on reqRetryConnect: 10 # SSH port value can be set to any unused TCP port. The default, 1044, is a non-standard SSH port that has been chosen at random. # This is only used to reload JCasC config from the sidecar container running in the Jenkins controller pod. # This TCP port will not be open in the pod (unless you specifically configure this), so Jenkins will not be # accessible via SSH from outside the pod. Note if you use non-root pod privileges (runAsUser & fsGroup), # this must be > 1024: sshTcpPort: 1044 # folder in the pod that should hold the collected dashboards: #folder: "/var/jenkins_home/casc_configs" # -- Name of the Kubernetes scheduler to use #schedulerName: "" # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector # -- Node labels for pod assignment #nodeSelector: {} ingress: # -- Enables ingress enabled: true # For Kubernetes v1.14+, use 'networking.k8s.io/v1beta1' # For Kubernetes v1.19+, use 'networking.k8s.io/v1' # -- Ingress API version apiVersion: "networking.k8s.io/v1" # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress # ingressClassName: nginx # configures the hostname e.g. jenkins.example.com # -- Ingress hostname hostName: "jenkins.birb.it" # -- Hostname to serve assets from #resourceRootUrl: # -- Ingress TLS configuration tls: {} # often you want to have your controller all locked down and private, # but you still want to get webhooks from your SCM # A secondary ingress will let you expose different urls # with a different configuration secondaryingress: enabled: true # paths you want forwarded to the backend # ex /github-webhook paths: - /github-webhook # For Kubernetes v1.14+, use 'networking.k8s.io/v1beta1' # For Kubernetes v1.19+, use 'networking.k8s.io/v1' apiVersion: "networking.k8s.io/v1" # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress # ingressClassName: nginx # configures the hostname e.g., jenkins-external.example.com hostName: "jenkins-ext.birb.it" tls: {} # Openshift route route: # -- Enables openshift route enabled: false # Expose Prometheus metrics prometheus: # If enabled, add the prometheus plugin to the list of plugins to install # https://plugins.jenkins.io/prometheus # -- Enables prometheus service monitor enabled: false # -- Additional labels to add to the service monitor object serviceMonitorAdditionalLabels: {} # -- Set a custom namespace where to deploy ServiceMonitor resource serviceMonitorNamespace: # -- How often prometheus should scrape metrics scrapeInterval: 60s # Defaults to the default endpoint used by the prometheus plugin # -- The endpoint prometheus should get metrics from scrapeEndpoint: /prometheus # See here: https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ # The `groups` root object is added by default, add the rule entries # -- Array of prometheus alerting rules alertingrules: [] # -- Additional labels to add to the PrometheusRule object alertingRulesAdditionalLabels: {} # -- Set a custom namespace where to deploy PrometheusRule resource prometheusRuleNamespace: "" # RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds # relabelings for a few standard Kubernetes fields. The original scrape job’s name # is available via the __tmp_prometheus_job_name label. # More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config relabelings: [] # MetricRelabelConfigs to apply to samples before ingestion. metricRelabelings: [] # -- Can be used to disable rendering controller test resources when using helm template testEnabled: false httpsKeyStore: # -- Enables HTTPS keystore on jenkins controller enable: false agent: # -- Enable Kubernetes plugin jnlp-agent podTemplate enabled: true # -- The name of the pod template to use for providing default values #defaultsProviderTemplate: "" # For connecting to the Jenkins controller # -- Overrides the Kubernetes Jenkins URL #jenkinsUrl: # connects to the specified host and port, instead of connecting directly to the Jenkins controller # -- Overrides the Kubernetes Jenkins tunnel #jenkinsTunnel: # -- Namespace in which the Kubernetes agents should be launched #namespace: "jenkins-agents" # -- Configure working directory for default agent #workingDir: "/home/jenkins/agent" #nodeUsageMode: "NORMAL" componentName: "jenkins-agent" # -- Enables agent communication via websockets websocket: true directConnection: true # -- Agent privileged container privileged: false # -- Enables the agent to use the host network hostNetworking: false # Disable if you do not want the Yaml the agent pod template to show up # in the job Console Output. This can be helpful for either security reasons # or simply to clean up the output to make it easier to read. showRawYaml: true # You can define the volumes that you want to mount for this container # Allowed types are: ConfigMap, EmptyDir, EphemeralVolume, HostPath, Nfs, PVC, Secret # Configure the attributes as they appear in the corresponding Java class for that type # https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes # -- Additional volumes #volumes: [] # - type: ConfigMap # configMapName: myconfigmap # mountPath: /var/myapp/myconfigmap # - type: EmptyDir # mountPath: /var/myapp/myemptydir # memory: false # - type: EphemeralVolume # mountPath: /var/myapp/myephemeralvolume # accessModes: ReadWriteOnce # requestsSize: 10Gi # storageClassName: mystorageclass # - type: HostPath # hostPath: /var/lib/containers # mountPath: /var/myapp/myhostpath # - type: Nfs # mountPath: /var/myapp/mynfs # readOnly: false # serverAddress: "192.0.2.0" # serverPath: /var/lib/containers # - type: PVC # claimName: mypvc # mountPath: /var/myapp/mypvc # readOnly: false # - type: Secret # defaultMode: "600" # mountPath: /var/myapp/mysecret # secretName: mysecret # Pod-wide environment, these vars are visible to any container in the agent pod # You can define the workspaceVolume that you want to mount for this container # Allowed types are: DynamicPVC, EmptyDir, EphemeralVolume, HostPath, Nfs, PVC # Configure the attributes as they appear in the corresponding Java class for that type # https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes/workspace # -- Workspace volume (defaults to EmptyDir) #workspaceVolume: {} ## DynamicPVC example # - type: DynamicPVC # configMapName: myconfigmap ## EmptyDir example # - type: EmptyDir # memory: false ## EphemeralVolume example # - type: EphemeralVolume # accessModes: ReadWriteOnce # requestsSize: 10Gi # storageClassName: mystorageclass ## HostPath example # - type: HostPath # hostPath: /var/lib/containers ## NFS example # - type: Nfs # readOnly: false # serverAddress: "192.0.2.0" # serverPath: /var/lib/containers ## PVC example # - type: PVC # claimName: mypvc # readOnly: false # -- Node labels for pod assignment #nodeSelector: {} # Key Value selectors. Ex: # nodeSelector # jenkins-agent: v1 # -- Command to execute when side container starts #command: # -- Arguments passed to command to execute #args: "${computer.jnlpmac} ${computer.name}" # -- Side container name sideContainerName: "jnlp" # Doesn't allocate pseudo TTY by default # -- Allocate pseudo tty to the side container TTYEnabled: false # -- Max number of agents to launch containerCap: 10 # -- Agent Pod base name podName: "default" # -- Allows the Pod to remain active for reuse until the configured number of minutes has passed since the last step was executed on it idleMinutes: 60 # The raw yaml of a Pod API Object, for example, this allows usage of toleration for agent pods. # https://github.com/jenkinsci/kubernetes-plugin#using-yaml-to-define-pod-templates # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ # -- The raw yaml of a Pod API Object to merge into the agent spec #yamlTemplate: "" # yamlTemplate: |- # apiVersion: v1 # kind: Pod # spec: # tolerations: # - key: "key" # operator: "Equal" # value: "value" # Containers specified here are added to all agents. Set key empty to remove container from additional agents. # -- Add additional containers to the agents #additionalContainers: [] # - sideContainerName: dind # image: # repository: docker # tag: dind # command: dockerd-entrypoint.sh # args: "" # privileged: true # resources: # requests: # cpu: 500m # memory: 1Gi # limits: # cpu: 1 # memory: 2Gi # Useful when configuring agents only with the podTemplates value, since the default podTemplate populated by values mentioned above will be excluded in the rendered template. # -- Disable the default Jenkins Agent configuration disableDefaultAgent: false # Below is the implementation of custom pod templates for the default configured kubernetes cloud. # Add a key under podTemplates for each pod template. Each key (prior to | character) is just a label, and can be any value. # Keys are only used to give the pod template a meaningful name. The only restriction is they may only contain RFC 1123 \ DNS label # characters: lowercase letters, numbers, and hyphens. Each pod template can contain multiple containers. # For this pod templates configuration to be loaded, the following values must be set: # controller.JCasC.defaultConfig: true # Best reference is https:///configuration-as-code/reference#Cloud-kubernetes. The example below creates a python pod template. # -- Configures extra pod templates for the default kubernetes cloud #podTemplates: {} # python: | # - name: python # label: jenkins-python # serviceAccount: jenkins # containers: # - name: python # image: python:3 # command: "/bin/sh -c" # args: "cat" # ttyEnabled: true # privileged: true # resourceRequestCpu: "400m" # resourceRequestMemory: "512Mi" # resourceLimitCpu: "1" # resourceLimitMemory: "1024Mi" # Inherits all values from `agent` so you only need to specify values which differ # -- Configure additional #additionalAgents: {} # maven: # podName: maven # customJenkinsLabels: maven # # An example of overriding the jnlp container # # sideContainerName: jnlp # image: # repository: jenkins/jnlp-agent-maven # tag: latest # python: # podName: python # customJenkinsLabels: python # sideContainerName: python # image: # repository: python # tag: "3" # command: "/bin/sh -c" # args: "cat" # TTYEnabled: true # Here you can add additional clouds # They inherit all values from the default cloud (including the main agent), so # you only need to specify values which differ. If you want to override # default additionalAgents with the additionalClouds.additionalAgents set # additionalAgentsOverride to `true`. #additionalClouds: {} # remote-cloud-1: # kubernetesURL: https://api.remote-cloud.com # additionalAgentsOverride: true # additionalAgents: # maven-2: # podName: maven-2 # customJenkinsLabels: maven # # An example of overriding the jnlp container # # sideContainerName: jnlp # image: # repository: jenkins/jnlp-agent-maven # tag: latest # namespace: my-other-maven-namespace # remote-cloud-2: # kubernetesURL: https://api.remote-cloud.com persistence: # -- Enable the use of a Jenkins PVC enabled: true # A manually managed Persistent Volume and Claim # Requires persistence.enabled: true # If defined, PVC must be created manually before volume will be bound # -- Provide the name of a PVC #existingClaim: # jenkins data Persistent Volume Storage Class # If defined, storageClassName: # If set to "-", storageClassName: "", which disables dynamic provisioning # If undefined (the default) or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS & OpenStack) # -- Storage class for the PVC storageClass: "nfs-bunker" accessMode: "ReadWriteOnce" # -- The size of the PVC size: "16Gi" # ref: https://kubernetes.io/docs/concepts/storage/volume-pvc-datasource/ # -- Existing data source to clone PVC from #dataSource: {} # name: PVC-NAME # kind: PersistentVolumeClaim # -- SubPath for jenkins-home mount #subPath: # -- Additional volumes #volumes: [] # - name: nothing # emptyDir: {} # -- Additional mounts #mounts: [] # - mountPath: /var/nothing # name: nothing # readOnly: true networkPolicy: # -- Enable the creation of NetworkPolicy resources enabled: false # For Kubernetes v1.4, v1.5 and v1.6, use 'extensions/v1beta1' # For Kubernetes v1.7, use 'networking.k8s.io/v1' # -- NetworkPolicy ApiVersion apiVersion: networking.k8s.io/v1 # You can allow agents to connect from both within the cluster (from within specific/all namespaces) AND/OR from a given external IP range internalAgents: # -- Allow internal agents (from the same cluster) to connect to controller. Agent pods will be filtered based on PodLabels allowed: true # -- A map of labels (keys/values) that agent pods must have to be able to connect to controller podLabels: {} # -- A map of labels (keys/values) that agents namespaces must have to be able to connect to controller namespaceLabels: {} # project: myproject externalAgents: # -- The IP range from which external agents are allowed to connect to controller, i.e., 172.17.0.0/16 ipCIDR: # -- A list of IP sub-ranges to be excluded from the allowlisted IP range except: [] # - 172.17.1.0/24 ## Install Default RBAC roles and bindings rbac: # -- Whether RBAC resources are created create: true # -- Whether the Jenkins service account should be able to read Kubernetes secrets readSecrets: true serviceAccount: # -- Configures if a ServiceAccount with this name should be created create: true serviceAccountAgent: # -- Configures if an agent ServiceAccount should be created create: true # -- Checks if any deprecated values are used checkDeprecation: true ```

Anything else we need to know?

Hello there! I am still relatively green in terms of Kubernetes - hence I try to apply things bit by bit untill I iterate into a state I can leave as-is with updates to the configurations as needed.

I had accidentially posted this to the wrong repository before: https://github.com/jenkinsci/kubernetes-operator/issues/1007 But I was kindly pointed to put my issue here :)

I am trying to set up Jenkins to ultimatively create a self-feeding process of building containers that then get deployed in the cluster - especially to feed my RISC-V node something to work with - and, publish it while I'm at it.

Thank you and kind regards, Ingwie

[timja]

I can't see any specific reason there but maybe not enough memory to start?

[IngwiePhoenix]

The node itself has 8GB, of which 6 should be free. That said, I did not adjust the limits. But technically it should have more than enough...

[datheng]

did you find a solution? I have same problem on MicorK8s.