Closed patsevanton closed 2 years ago
get error hudson.security.csrf.DefaultCrumbIssuer is missing its descriptor
is just a warning
I added Full log pod jenkins-0
This is your error:
2022-08-03 07:17:33.176+0000 [id=29] SEVERE jenkins.InitReactorRunner$1#onTaskFailed: Failed ConfigurationAsCode.init
io.jenkins.plugins.casc.ConfiguratorException: Item isn't a Mapping
Not sure from a quick look but the yaml won't be quite right most likely
Hmm. May be. I will recheck.
Fixed. Work jenkins-values-google-login.yaml
---
controller:
tag: "2.346.2-jdk11"
imagePullPolicy: "IfNotPresent"
numExecutors: 0
additionalPlugins:
- google-login:1.6
- job-dsl:1.81
- allure-jenkins-plugin:2.30.2
- ws-cleanup:0.42
- build-timeout:1.21
- timestamper:1.18
- google-storage-plugin:1.5.6
- permissive-script-security:0.7
- ansicolor:1.0.2
- google-oauth-plugin:1.0.6
javaOpts: '-Dpermissive-script-security.enabled=true'
JCasC:
configScripts:
jenkins-configuration: |
jenkins:
systemMessage: This Jenkins is configured and managed 'as code' by Managed Cloud team.
job-config: |
jobs:
- script: >
pipelineJob('job1') {
logRotator(120, -1, 1, -1)
authenticationToken('secret')
definition {
cps {
script("""\
pipeline {
agent any
parameters {
string(name: 'Variable', defaultValue: '', description: 'Variable', trim: true)
}
options {
timestamps()
ansiColor('xterm')
timeout(time: 10, unit: 'MINUTES')
}
stages {
stage ('build') {
steps {
cleanWs()
echo "hello job1"
}
}
}
}""".stripIndent())
sandbox()
}
}
}
- script: >
pipelineJob('job2') {
logRotator(120, -1, 1, -1)
authenticationToken('secret')
definition {
cps {
script("""\
pipeline {
agent any
parameters {
string(name: 'Variable', defaultValue: '', description: 'Variable', trim: true)
}
options {
timestamps()
ansiColor('xterm')
timeout(time: 10, unit: 'MINUTES')
}
stages {
stage ('test') {
steps {
cleanWs()
echo "hello job2"
}
}
}
}""".stripIndent())
sandbox()
}
}
}
views: |
jenkins:
views:
- all:
name: "all"
- list:
columns:
- "status"
- "weather"
- "jobName"
- "lastSuccess"
- "lastFailure"
- "lastDuration"
- "buildButton"
jobNames:
- "job1"
name: "stage"
- list:
columns:
- "status"
- "weather"
- "jobName"
- "lastSuccess"
- "lastFailure"
- "lastDuration"
- "buildButton"
jobNames:
- "job2"
name: "test"
viewsTabBar: "standard"
securityRealm: |-
googleOAuth2:
clientId: "xxx-xxx.apps.googleusercontent.com"
clientSecret: "xxx-xxx"
domain: ""
authorizationStrategy: |-
loggedInUsersCanDoAnything:
allowAnonymousRead: false
ingress:
enabled: true
ingressClassName: nginx
apiVersion: networking.k8s.io/v1
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
hostName: xxxx
tls:
- secretName: jenkins-tls
hosts:
- xxxx
A question @patsevanton, have you found a way to encrypt the clientId
and clientSecret
and pass the encrypted values in the values.yaml
file? Not with any external operator or project, but with whatever is given in the helm chart. I am trying to achieve that but my attempts are failing so far.
I will create a bug if you haven't found out a way, but wanted to ask first.
Describe the bug
When use auth by googleOAuth2, get error hudson.security.csrf.DefaultCrumbIssuer is missing its descriptor
Version of Helm and Kubernetes
Chart version
jenkins-4.1.13
What happened?
Configure script try connect to Jenkins, but get error hudson.security.csrf.DefaultCrumbIssuer is missing its descriptor. Because Jenkins use googleOAuth2 auth.
Anything else we need to know?
Full log pod jenkins-0