Helm chart: Jenkins crashes very early - every time.

[IngwiePhoenix]

Hello there!

Describe the bug I configured the Helm Chart into my k3s cluster and made sure to change only as little as needed to make sure it starts fine - I could then expand later. However, even with this approach, this isn't working out at all.

Full log (jenkins/pods/jenkins-0)

``` PS Z:\Work\Homelab> kubectl logs -f -n jenkins pods/jenkins-0 Defaulted container "jenkins" out of: jenkins, config-reload, config-reload-init (init), init (init) Running from: /usr/share/jenkins/jenkins.war 2024-04-28 04:28:20.529+0000 [id=1] INFO winstone.Logger#logInternal: Beginning extraction from war file 2024-04-28 04:28:20.709+0000 [id=1] WARNING o.e.j.s.handler.ContextHandler#setContextPath: Empty contextPath 2024-04-28 04:28:20.830+0000 [id=1] INFO org.eclipse.jetty.server.Server#doStart: jetty-10.0.20; built: 2024-01-29T20:46:45.278Z; git: 3a745c71c23682146f262b99f4ddc4c1bc41630c; jvm 17.0.10+7 2024-04-28 04:28:21.257+0000 [id=1] INFO o.e.j.w.StandardDescriptorProcessor#visitServlet: NO JSP Support for /, did not find org.eclipse.jetty.jsp.JettyJspServlet 2024-04-28 04:28:21.363+0000 [id=1] INFO o.e.j.s.s.DefaultSessionIdManager#doStart: Session workerName=node0 2024-04-28 04:28:22.310+0000 [id=1] INFO hudson.WebAppMain#contextInitialized: Jenkins home directory: /var/jenkins_home found at: EnvVars.masterEnvVars.get("JENKINS_HOME") 2024-04-28 04:28:22.650+0000 [id=1] INFO o.e.j.s.handler.ContextHandler#doStart: Started w.@4d8539de{Jenkins v2.440.3,/,file:///var/jenkins_cache/war/,AVAILABLE}{/var/jenkins_cache/war} 2024-04-28 04:28:22.705+0000 [id=1] INFO o.e.j.server.AbstractConnector#doStart: Started ServerConnector@609db43b{HTTP/1.1, (http/1.1)}{0.0.0.0:8080} 2024-04-28 04:28:22.717+0000 [id=1] INFO org.eclipse.jetty.server.Server#doStart: Started Server@2bfc268b{STARTING}[10.0.20,sto=0] @3127ms 2024-04-28 04:28:22.717+0000 [id=25] INFO winstone.Logger#logInternal: Winstone Servlet Engine running: controlPort=disabled 2024-04-28 04:28:23.311+0000 [id=33] INFO jenkins.InitReactorRunner$1#onAttained: Started initialization 2024-04-28 04:30:12.602+0000 [id=26] INFO winstone.Logger#logInternal: JVM is terminating. Shutting down Jetty 2024-04-28 04:30:12.603+0000 [id=26] INFO org.eclipse.jetty.server.Server#doStop: Stopped Server@2bfc268b{STOPPING}[10.0.20,sto=0] 2024-04-28 04:30:12.607+0000 [id=26] INFO o.e.j.server.AbstractConnector#doStop: Stopped ServerConnector@609db43b{HTTP/1.1, (http/1.1)}{0.0.0.0:8080} 2024-04-28 04:30:12.610+0000 [id=26] INFO hudson.lifecycle.Lifecycle#onStatusUpdate: Stopping Jenkins 2024-04-28 04:30:12.623+0000 [id=26] INFO jenkins.model.Jenkins$16#onAttained: Started termination 2024-04-28 04:30:12.625+0000 [id=26] SEVERE jenkins.model.Jenkins$16#onTaskFailed: Failed IOHubProvider.cleanUp java.lang.IllegalArgumentException: Unable to inject class jenkins.slaves.IOHubProvider at hudson.init.TaskMethodFinder.lookUp(TaskMethodFinder.java:130) at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:110) at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:185) at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305) at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221) at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120) at org.jvnet.hudson.reactor.Reactor$Node.runIfPossible(Reactor.java:142) at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:131) at org.jvnet.hudson.reactor.Reactor$Node.runIfPossible(Reactor.java:142) at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:284) at jenkins.model.Jenkins._cleanUpRunTerminators(Jenkins.java:3736) at jenkins.model.Jenkins.cleanUp(Jenkins.java:3659) at hudson.WebAppMain.contextDestroyed(WebAppMain.java:398) at org.eclipse.jetty.server.handler.ContextHandler.callContextDestroyed(ContextHandler.java:1059) at org.eclipse.jetty.servlet.ServletContextHandler.callContextDestroyed(ServletContextHandler.java:636) at org.eclipse.jetty.server.handler.ContextHandler.contextDestroyed(ContextHandler.java:1016) at org.eclipse.jetty.servlet.ServletHandler.doStop(ServletHandler.java:306) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.security.SecurityHandler.doStop(SecurityHandler.java:412) at org.eclipse.jetty.security.ConstraintSecurityHandler.doStop(ConstraintSecurityHandler.java:413) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.server.session.SessionHandler.doStop(SessionHandler.java:497) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.server.handler.ContextHandler.stopContext(ContextHandler.java:1039) at org.eclipse.jetty.servlet.ServletContextHandler.stopContext(ServletContextHandler.java:399) at org.eclipse.jetty.webapp.WebAppContext.stopContext(WebAppContext.java:1311) at org.eclipse.jetty.server.handler.ContextHandler.doStop(ContextHandler.java:1087) at org.eclipse.jetty.servlet.ServletContextHandler.doStop(ServletContextHandler.java:312) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.server.Server.doStop(Server.java:517) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at winstone.Launcher.shutdown(Launcher.java:442) at winstone.ShutdownHook.run(ShutdownHook.java:28) 2024-04-28 04:30:12.626+0000 [id=26] SEVERE jenkins.model.Jenkins$16#onTaskFailed: Failed NioChannelSelector.cleanUp java.lang.IllegalArgumentException: Unable to inject class jenkins.slaves.NioChannelSelector at hudson.init.TaskMethodFinder.lookUp(TaskMethodFinder.java:130) at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:110) at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:185) at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305) at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221) at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120) at org.jvnet.hudson.reactor.Reactor$Node.runIfPossible(Reactor.java:142) at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:131) at org.jvnet.hudson.reactor.Reactor$Node.runIfPossible(Reactor.java:142) at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:284) at jenkins.model.Jenkins._cleanUpRunTerminators(Jenkins.java:3736) at jenkins.model.Jenkins.cleanUp(Jenkins.java:3659) at hudson.WebAppMain.contextDestroyed(WebAppMain.java:398) at org.eclipse.jetty.server.handler.ContextHandler.callContextDestroyed(ContextHandler.java:1059) at org.eclipse.jetty.servlet.ServletContextHandler.callContextDestroyed(ServletContextHandler.java:636) at org.eclipse.jetty.server.handler.ContextHandler.contextDestroyed(ContextHandler.java:1016) at org.eclipse.jetty.servlet.ServletHandler.doStop(ServletHandler.java:306) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.security.SecurityHandler.doStop(SecurityHandler.java:412) at org.eclipse.jetty.security.ConstraintSecurityHandler.doStop(ConstraintSecurityHandler.java:413) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.server.session.SessionHandler.doStop(SessionHandler.java:497) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.server.handler.ContextHandler.stopContext(ContextHandler.java:1039) at org.eclipse.jetty.servlet.ServletContextHandler.stopContext(ServletContextHandler.java:399) at org.eclipse.jetty.webapp.WebAppContext.stopContext(WebAppContext.java:1311) at org.eclipse.jetty.server.handler.ContextHandler.doStop(ContextHandler.java:1087) at org.eclipse.jetty.servlet.ServletContextHandler.doStop(ServletContextHandler.java:312) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.server.Server.doStop(Server.java:517) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at winstone.Launcher.shutdown(Launcher.java:442) at winstone.ShutdownHook.run(ShutdownHook.java:28) 2024-04-28 04:30:12.627+0000 [id=26] INFO jenkins.model.Jenkins$16#onAttained: Completed termination 2024-04-28 04:30:12.627+0000 [id=26] INFO jenkins.model.Jenkins#_cleanUpDisconnectComputers: Starting node disconnection 2024-04-28 04:30:12.639+0000 [id=26] INFO jenkins.model.Jenkins#_cleanUpShutdownPluginManager: Stopping plugin manager 2024-04-28 04:30:12.639+0000 [id=26] INFO jenkins.model.Jenkins#_cleanUpPersistQueue: Persisting build queue 2024-04-28 04:30:12.978+0000 [id=26] INFO hudson.lifecycle.Lifecycle#onStatusUpdate: Jenkins stopped 2024-04-28 04:30:12.979+0000 [id=26] INFO hudson.WebAppMain#contextDestroyed: Shutting down a Jenkins instance that was still starting up java.lang.Throwable: reason at hudson.WebAppMain.contextDestroyed(WebAppMain.java:407) at org.eclipse.jetty.server.handler.ContextHandler.callContextDestroyed(ContextHandler.java:1059) at org.eclipse.jetty.servlet.ServletContextHandler.callContextDestroyed(ServletContextHandler.java:636) at org.eclipse.jetty.server.handler.ContextHandler.contextDestroyed(ContextHandler.java:1016) at org.eclipse.jetty.servlet.ServletHandler.doStop(ServletHandler.java:306) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.security.SecurityHandler.doStop(SecurityHandler.java:412) at org.eclipse.jetty.security.ConstraintSecurityHandler.doStop(ConstraintSecurityHandler.java:413) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.server.session.SessionHandler.doStop(SessionHandler.java:497) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.server.handler.ContextHandler.stopContext(ContextHandler.java:1039) at org.eclipse.jetty.servlet.ServletContextHandler.stopContext(ServletContextHandler.java:399) at org.eclipse.jetty.webapp.WebAppContext.stopContext(WebAppContext.java:1311) at org.eclipse.jetty.server.handler.ContextHandler.doStop(ContextHandler.java:1087) at org.eclipse.jetty.servlet.ServletContextHandler.doStop(ServletContextHandler.java:312) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:182) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:205) at org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:97) at org.eclipse.jetty.server.Server.doStop(Server.java:517) at org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:132) at winstone.Launcher.shutdown(Launcher.java:442) at winstone.ShutdownHook.run(ShutdownHook.java:28) 2024-04-28 04:30:12.981+0000 [id=24] SEVERE hudson.util.BootFailure#publish: Failed to initialize Jenkins java.lang.InterruptedException at java.base/java.lang.Object.wait(Native Method) at java.base/java.lang.Object.wait(Unknown Source) at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:288) at jenkins.InitReactorRunner.run(InitReactorRunner.java:49) at jenkins.model.Jenkins.executeReactor(Jenkins.java:1205) at jenkins.model.Jenkins.(Jenkins.java:992) at hudson.model.Hudson.(Hudson.java:86) at hudson.model.Hudson.(Hudson.java:82) at hudson.WebAppMain$3.run(WebAppMain.java:248) Caused: hudson.util.HudsonFailedToLoad at hudson.WebAppMain$3.run(WebAppMain.java:276) 2024-04-28 04:30:12.985+0000 [id=26] INFO o.e.j.s.handler.ContextHandler#doStop: Stopped w.@4d8539de{Jenkins v2.440.3,/,null,STOPPED}{/var/jenkins_cache/war} 2024-04-28 04:30:12.985+0000 [id=24] SEVERE h.i.i.InstallUncaughtExceptionHandler$DefaultUncaughtExceptionHandler#uncaughtException: A thread (Jenkins initialization thread/24) died unexpectedly due to an uncaught exception. This may leave your server corrupted and usually indicates a software bug. java.lang.ClassNotFoundException: jenkins.util.groovy.GroovyHookScript at java.base/java.net.URLClassLoader.findClass(Unknown Source) at java.base/java.lang.ClassLoader.loadClass(Unknown Source) at java.base/java.lang.ClassLoader.loadClass(Unknown Source) at org.eclipse.jetty.webapp.WebAppClassLoader.loadClass(WebAppClassLoader.java:511) at java.base/java.lang.ClassLoader.loadClass(Unknown Source) Caused: java.lang.NoClassDefFoundError: jenkins/util/groovy/GroovyHookScript at hudson.util.BootFailure.publish(BootFailure.java:48) at hudson.WebAppMain$3.run(WebAppMain.java:276) ```

To Reproduce

• Install k3s
• Apply the following YAML

HelmChart and values

```yaml apiVersion: v1 kind: Namespace metadata: name: jenkins --- apiVersion: helm.cattle.io/v1 kind: HelmChart metadata: name: jenkins namespace: kube-system spec: repo: https://charts.jenkins.io/ chart: jenkins targetNamespace: jenkins valuesContent: |- # -- Override the deployment namespace # @default -- `Release.Namespace` namespaceOverride: jenkins # For FQDN resolving of the controller service. Change this value to match your existing configuration. # ref: https://github.com/kubernetes/dns/blob/master/docs/specification.md # -- Override the cluster name for FQDN resolving clusterZone: "kube.birb.it" # -- The Jenkins credentials to access the Kubernetes API server. For the default cluster it is not needed. # credentialsId: controller: # -- Used for label app.kubernetes.io/component componentName: "jenkins-controller" # -- Disable use of remember me disableRememberMe: false # -- Set Number of executors numExecutors: 4 # -- Sets the executor mode of the Jenkins node. Possible values are "NORMAL" or "EXCLUSIVE" executorMode: "NORMAL" hostNetworking: false # When enabling LDAP or another non-Jenkins identity source, the built-in admin account will no longer exist. # If you disable the non-Jenkins identity store and instead use the Jenkins internal one, # you should revert controller.admin.username to your preferred admin user: admin: # -- Admin username created as a secret if `controller.admin.createSecret` is true username: "IngwiePhoenix" # -- Admin password created as a secret if `controller.admin.createSecret` is true # @default -- # TODO(IP): Change or move to OIDC password: "" # -- The key in the existing admin secret containing the username #userKey: jenkins-admin-user # -- The key in the existing admin secret containing the password #passwordKey: jenkins-admin-password # The default configuration uses this secret to configure an admin user # If you don't need that user or use a different security realm, then you can disable it # -- Create secret for admin user createSecret: true # -- The name of an existing secret containing the admin credentials #existingSecret: "" # -- Email address for the administrator of the Jenkins instance jenkinsAdminEmail: "ingwie@birb.it" # Override the default arguments passed to the war # overrideArgs: # - --httpPort=8080 # -- Resource allocation (Requests and Limits) resources: requests: cpu: "50m" memory: "256Mi" limits: cpu: "2000m" memory: "4096Mi" # Set min/max heap here if needed with "-Xms512m -Xmx512m" # -- Append to `JAVA_OPTS` env var #javaOpts: # -- Append to `JENKINS_OPTS` env var #jenkinsOpts: # If you are using the ingress definitions provided by this chart via the `controller.ingress` block, # the configured hostname will be the ingress hostname starting with `https://` # or `http://` depending on the `tls` configuration. # The Protocol can be overwritten by specifying `controller.jenkinsUrlProtocol`. # -- Set protocol for Jenkins URL; `https` if `controller.ingress.tls`, `http` otherwise jenkinsUrlProtocol: https # -- Set Jenkins URL if you are not using the ingress definitions provided by the chart #jenkinsUrl: # If you have PodSecurityPolicies that require dropping of capabilities as suggested by CIS K8s benchmark, put them here # securityContextCapabilities: # drop: # - NET_RAW #securityContextCapabilities: {} # For minikube, set this to NodePort, elsewhere uses LoadBalancer # Use ClusterIP if your setup includes ingress controller # -- k8s service type serviceType: ClusterIP # Use Local to preserve the client source IP and avoids a second hop for LoadBalancer and NodePort type services, # but risks potentially imbalanced traffic spreading. #serviceExternalTrafficPolicy: Local # Enable Kubernetes Startup, Liveness and Readiness Probes # if Startup Probe is supported, enable it too # ~ 2 minutes to allow Jenkins to restart when upgrading plugins. Set ReadinessTimeout to be shorter than LivenessTimeout. # ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes # -- Enable Kubernetes Probes configuration configured in `controller.probes` healthProbes: true # -- Create Agent listener service agentListenerEnabled: true # -- Listening port for agents agentListenerPort: 50000 # -- Host port to listen for agents agentListenerHostPort: 50000 # ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-policies # -- Traffic Policy of for the agentListener service #agentListenerExternalTrafficPolicy: Local # -- Allowed inbound IP for the agentListener service agentListenerLoadBalancerSourceRanges: - 0.0.0.0/0 # Kubernetes service type for the JNLP agent service # agentListenerServiceType is the Kubernetes Service type for the JNLP agent service, # either 'LoadBalancer', 'NodePort', or 'ClusterIP' # Note if you set this to 'LoadBalancer', you *must* define annotations to secure it. By default, # this will be an external load balancer and allowing inbound 0.0.0.0/0, a HUGE # security risk: https://github.com/kubernetes/charts/issues/1341 # -- Defines how to expose the agentListener service agentListenerServiceType: "ClusterIP" # LoadBalancerSourcesRange is a list of allowed CIDR values, which are combined with ServicePort to # set allowed inbound rules on the security group assigned to the controller load balancer # -- Allowed inbound IP addresses loadBalancerSourceRanges: - 0.0.0.0/0 # -- Optionally assign a known public LB IP #loadBalancerIP: # Optionally configure a JMX port. This requires additional javaOpts, for example, # javaOpts: > # -Dcom.sun.management.jmxremote.port=4000 # -Dcom.sun.management.jmxremote.authenticate=false # -Dcom.sun.management.jmxremote.ssl=false # jmxPort: 4000 # -- Open a port, for JMX stats #jmxPort: # -- Optionally configure other ports to expose in the controller container extraPorts: [] # - name: BuildInfoProxy # port: 9000 # targetPort: 9010 (Optional: Use to explicitly set targetPort if different from port) # Plugins will be installed during Jenkins controller start # -- List of Jenkins plugins to install. If you don't want to install plugins, set it to `false` installPlugins: - kubernetes:4203.v1dd44f5b_1cf9 - workflow-aggregator:596.v8c21c963d92d - git:5.2.1 - configuration-as-code:1775.v810dc950b_514 # If set to false, Jenkins will download the minimum required version of all dependencies. # -- Download the minimum required version or latest version of all dependencies installLatestPlugins: true # -- Set to true to download the latest version of any plugin that is requested to have the latest version installLatestSpecifiedPlugins: true # -- List of plugins to install in addition to those listed in controller.installPlugins #additionalPlugins: [] # Without this; whenever the controller gets restarted (Evicted, etc.) it will fetch plugin updates that have the potential to cause breakage. # Note that for this to work, `persistence.enabled` needs to be set to `true` # -- Initialize only on first installation. Ensures plugins do not get updated inadvertently. Requires `persistence.enabled` to be set to `true` initializeOnce: false # Enable to always override the installed plugins with the values of 'controller.installPlugins' on upgrade or redeployment. # -- Overwrite installed plugins on start overwritePlugins: false # Configures if plugins bundled with `controller.image` should be overwritten with the values of 'controller.installPlugins' on upgrade or redeployment. # -- Overwrite plugins that are already installed in the controller image overwritePluginsFromImage: true # Configures the restrictions for naming projects. Set this key to null or empty to skip it in the default config. projectNamingStrategy: standard # Useful with ghprb plugin. The OWASP plugin is not installed by default, please update controller.installPlugins. # -- Enable HTML parsing using OWASP Markup Formatter Plugin (antisamy-markup-formatter) enableRawHtmlMarkupFormatter: false # This is ignored if enableRawHtmlMarkupFormatter is true # -- Yaml of the markup formatter to use markupFormatter: plainText # Used to approve a list of groovy functions in pipelines used the script-security plugin. Can be viewed under /scriptApproval # -- List of groovy functions to approve scriptApproval: [] # - "method groovy.json.JsonSlurperClassic parseText java.lang.String" # - "new groovy.json.JsonSlurperClassic" # 'name' is a name of an existing secret in the same namespace as jenkins, # 'keyName' is the name of one of the keys inside the current secret. # the 'name' and 'keyName' are concatenated with a '-' in between, so for example: # an existing secret "secret-credentials" and a key inside it named "github-password" should be used in JCasC as ${secret-credentials-github-password} # 'name' and 'keyName' must be lowercase RFC 1123 label must consist of lower case alphanumeric characters or '-', # and must start and end with an alphanumeric character (e.g. 'my-name', or '123-abc') # existingSecret existing secret "secret-credentials" and a key inside it named "github-username" should be used in JCasC as ${github-username} # When using existingSecret no need to specify the keyName under additionalExistingSecrets. #existingSecret: # -- List of additional existing secrets to mount #additionalExistingSecrets: [] # ref: https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#kubernetes-secrets # additionalExistingSecrets: # - name: secret-name-1 # keyName: username # - name: secret-name-1 # keyName: password # -- List of additional secrets to create and mount #additionalSecrets: [] # ref: https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#kubernetes-secrets # additionalSecrets: # - name: nameOfSecret # value: secretText # Generate SecretClaim resources to create Kubernetes secrets from HashiCorp Vault using kube-vault-controller. # 'name' is the name of the secret that will be created in Kubernetes. The Jenkins fullname is prepended to this value. # 'path' is the fully qualified path to the secret in Vault # 'type' is an optional Kubernetes secret type. The default is 'Opaque' # 'renew' is an optional secret renewal time in seconds # -- List of `SecretClaim` resources to create #secretClaims: [] # - name: secretName # required # path: testPath # required # type: kubernetes.io/tls # optional # renew: 60 # optional # -- Name of default cloud configuration. cloudName: "kubernetes" # Below is the implementation of Jenkins Configuration as Code. Add a key under configScripts for each configuration area, # where each corresponds to a plugin or section of the UI. Each key (prior to | character) is just a label, and can be any value. # Keys are only used to give the section a meaningful name. The only restriction is they may only contain RFC 1123 \ DNS label # characters: lowercase letters, numbers, and hyphens. The keys become the name of a configuration yaml file on the controller in # /var/jenkins_home/casc_configs (by default) and will be processed by the Configuration as Code Plugin. The lines after each | # become the content of the configuration yaml file. The first line after this is a JCasC root element, e.g., jenkins, credentials, # etc. Best reference is https:///configuration-as-code/reference. The example below creates a welcome message: JCasC: # -- Enables default Jenkins configuration via configuration as code plugin defaultConfig: true # If true, the init container deletes all the plugin config files and Jenkins Config as Code overwrites any existing configuration # -- Whether Jenkins Config as Code should overwrite any existing configuration overwriteConfiguration: false # -- Remote URLs for configuration files. #configUrls: [] # - https://acme.org/jenkins.yaml # -- List of Jenkins Config as Code scripts #configScripts: {} # welcome-message: | # jenkins: # systemMessage: Welcome to our CI\CD server. This Jenkins is configured and managed 'as code'. # Allows adding to the top-level security JCasC section. For legacy purposes, by default, the chart includes apiToken configurations # -- Jenkins Config as Code security-section security: apiToken: creationOfLegacyTokenEnabled: false tokenGenerationOnCreationEnabled: false usageStatisticsEnabled: true # Ignored if securityRealm is defined in controller.JCasC.configScripts # -- Jenkins Config as Code Security Realm-section securityRealm: |- local: allowsSignup: false enableCaptcha: false # Ignored if authorizationStrategy is defined in controller.JCasC.configScripts # -- Jenkins Config as Code Authorization Strategy-section authorizationStrategy: |- loggedInUsersCanDoAnything: allowAnonymousRead: true sidecars: configAutoReload: # If enabled: true, Jenkins Configuration as Code will be reloaded on-the-fly without a reboot. # If false or not-specified, JCasC changes will cause a reboot and will only be applied at the subsequent start-up. # Auto-reload uses the http:///reload-configuration-as-code endpoint to reapply config when changes to # the configScripts are detected. # -- Enables Jenkins Config as Code auto-reload enabled: true # -- The scheme to use when connecting to the Jenkins configuration as code endpoint scheme: http # -- Skip TLS verification when connecting to the Jenkins configuration as code endpoint skipTlsVerify: false # -- How many connection-related errors to retry on reqRetryConnect: 10 # SSH port value can be set to any unused TCP port. The default, 1044, is a non-standard SSH port that has been chosen at random. # This is only used to reload JCasC config from the sidecar container running in the Jenkins controller pod. # This TCP port will not be open in the pod (unless you specifically configure this), so Jenkins will not be # accessible via SSH from outside the pod. Note if you use non-root pod privileges (runAsUser & fsGroup), # this must be > 1024: sshTcpPort: 1044 # folder in the pod that should hold the collected dashboards: #folder: "/var/jenkins_home/casc_configs" # -- Name of the Kubernetes scheduler to use #schedulerName: "" # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector # -- Node labels for pod assignment #nodeSelector: {} ingress: # -- Enables ingress enabled: true # For Kubernetes v1.14+, use 'networking.k8s.io/v1beta1' # For Kubernetes v1.19+, use 'networking.k8s.io/v1' # -- Ingress API version apiVersion: "networking.k8s.io/v1" # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress # ingressClassName: nginx # configures the hostname e.g. jenkins.example.com # -- Ingress hostname hostName: "jenkins.birb.it" # -- Hostname to serve assets from #resourceRootUrl: # -- Ingress TLS configuration tls: {} # often you want to have your controller all locked down and private, # but you still want to get webhooks from your SCM # A secondary ingress will let you expose different urls # with a different configuration secondaryingress: enabled: true # paths you want forwarded to the backend # ex /github-webhook paths: - /github-webhook # For Kubernetes v1.14+, use 'networking.k8s.io/v1beta1' # For Kubernetes v1.19+, use 'networking.k8s.io/v1' apiVersion: "networking.k8s.io/v1" # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress # ingressClassName: nginx # configures the hostname e.g., jenkins-external.example.com hostName: "jenkins-ext.birb.it" tls: {} # Openshift route route: # -- Enables openshift route enabled: false # Expose Prometheus metrics prometheus: # If enabled, add the prometheus plugin to the list of plugins to install # https://plugins.jenkins.io/prometheus # -- Enables prometheus service monitor enabled: false # -- Additional labels to add to the service monitor object serviceMonitorAdditionalLabels: {} # -- Set a custom namespace where to deploy ServiceMonitor resource serviceMonitorNamespace: # -- How often prometheus should scrape metrics scrapeInterval: 60s # Defaults to the default endpoint used by the prometheus plugin # -- The endpoint prometheus should get metrics from scrapeEndpoint: /prometheus # See here: https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ # The `groups` root object is added by default, add the rule entries # -- Array of prometheus alerting rules alertingrules: [] # -- Additional labels to add to the PrometheusRule object alertingRulesAdditionalLabels: {} # -- Set a custom namespace where to deploy PrometheusRule resource prometheusRuleNamespace: "" # RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds # relabelings for a few standard Kubernetes fields. The original scrape job’s name # is available via the __tmp_prometheus_job_name label. # More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config relabelings: [] # MetricRelabelConfigs to apply to samples before ingestion. metricRelabelings: [] # -- Can be used to disable rendering controller test resources when using helm template testEnabled: false httpsKeyStore: # -- Enables HTTPS keystore on jenkins controller enable: false agent: # -- Enable Kubernetes plugin jnlp-agent podTemplate enabled: true # -- The name of the pod template to use for providing default values #defaultsProviderTemplate: "" # For connecting to the Jenkins controller # -- Overrides the Kubernetes Jenkins URL #jenkinsUrl: # connects to the specified host and port, instead of connecting directly to the Jenkins controller # -- Overrides the Kubernetes Jenkins tunnel #jenkinsTunnel: # -- Namespace in which the Kubernetes agents should be launched #namespace: "jenkins-agents" # -- Configure working directory for default agent #workingDir: "/home/jenkins/agent" #nodeUsageMode: "NORMAL" componentName: "jenkins-agent" # -- Enables agent communication via websockets websocket: true directConnection: true # -- Agent privileged container privileged: false # -- Enables the agent to use the host network hostNetworking: false # Disable if you do not want the Yaml the agent pod template to show up # in the job Console Output. This can be helpful for either security reasons # or simply to clean up the output to make it easier to read. showRawYaml: true # You can define the volumes that you want to mount for this container # Allowed types are: ConfigMap, EmptyDir, EphemeralVolume, HostPath, Nfs, PVC, Secret # Configure the attributes as they appear in the corresponding Java class for that type # https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes # -- Additional volumes #volumes: [] # - type: ConfigMap # configMapName: myconfigmap # mountPath: /var/myapp/myconfigmap # - type: EmptyDir # mountPath: /var/myapp/myemptydir # memory: false # - type: EphemeralVolume # mountPath: /var/myapp/myephemeralvolume # accessModes: ReadWriteOnce # requestsSize: 10Gi # storageClassName: mystorageclass # - type: HostPath # hostPath: /var/lib/containers # mountPath: /var/myapp/myhostpath # - type: Nfs # mountPath: /var/myapp/mynfs # readOnly: false # serverAddress: "192.0.2.0" # serverPath: /var/lib/containers # - type: PVC # claimName: mypvc # mountPath: /var/myapp/mypvc # readOnly: false # - type: Secret # defaultMode: "600" # mountPath: /var/myapp/mysecret # secretName: mysecret # Pod-wide environment, these vars are visible to any container in the agent pod # You can define the workspaceVolume that you want to mount for this container # Allowed types are: DynamicPVC, EmptyDir, EphemeralVolume, HostPath, Nfs, PVC # Configure the attributes as they appear in the corresponding Java class for that type # https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes/workspace # -- Workspace volume (defaults to EmptyDir) #workspaceVolume: {} ## DynamicPVC example # - type: DynamicPVC # configMapName: myconfigmap ## EmptyDir example # - type: EmptyDir # memory: false ## EphemeralVolume example # - type: EphemeralVolume # accessModes: ReadWriteOnce # requestsSize: 10Gi # storageClassName: mystorageclass ## HostPath example # - type: HostPath # hostPath: /var/lib/containers ## NFS example # - type: Nfs # readOnly: false # serverAddress: "192.0.2.0" # serverPath: /var/lib/containers ## PVC example # - type: PVC # claimName: mypvc # readOnly: false # -- Node labels for pod assignment #nodeSelector: {} # Key Value selectors. Ex: # nodeSelector # jenkins-agent: v1 # -- Command to execute when side container starts #command: # -- Arguments passed to command to execute #args: "${computer.jnlpmac} ${computer.name}" # -- Side container name sideContainerName: "jnlp" # Doesn't allocate pseudo TTY by default # -- Allocate pseudo tty to the side container TTYEnabled: false # -- Max number of agents to launch containerCap: 10 # -- Agent Pod base name podName: "default" # -- Allows the Pod to remain active for reuse until the configured number of minutes has passed since the last step was executed on it idleMinutes: 60 # The raw yaml of a Pod API Object, for example, this allows usage of toleration for agent pods. # https://github.com/jenkinsci/kubernetes-plugin#using-yaml-to-define-pod-templates # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ # -- The raw yaml of a Pod API Object to merge into the agent spec #yamlTemplate: "" # yamlTemplate: |- # apiVersion: v1 # kind: Pod # spec: # tolerations: # - key: "key" # operator: "Equal" # value: "value" # Containers specified here are added to all agents. Set key empty to remove container from additional agents. # -- Add additional containers to the agents #additionalContainers: [] # - sideContainerName: dind # image: # repository: docker # tag: dind # command: dockerd-entrypoint.sh # args: "" # privileged: true # resources: # requests: # cpu: 500m # memory: 1Gi # limits: # cpu: 1 # memory: 2Gi # Useful when configuring agents only with the podTemplates value, since the default podTemplate populated by values mentioned above will be excluded in the rendered template. # -- Disable the default Jenkins Agent configuration disableDefaultAgent: false # Below is the implementation of custom pod templates for the default configured kubernetes cloud. # Add a key under podTemplates for each pod template. Each key (prior to | character) is just a label, and can be any value. # Keys are only used to give the pod template a meaningful name. The only restriction is they may only contain RFC 1123 \ DNS label # characters: lowercase letters, numbers, and hyphens. Each pod template can contain multiple containers. # For this pod templates configuration to be loaded, the following values must be set: # controller.JCasC.defaultConfig: true # Best reference is https:///configuration-as-code/reference#Cloud-kubernetes. The example below creates a python pod template. # -- Configures extra pod templates for the default kubernetes cloud #podTemplates: {} # python: | # - name: python # label: jenkins-python # serviceAccount: jenkins # containers: # - name: python # image: python:3 # command: "/bin/sh -c" # args: "cat" # ttyEnabled: true # privileged: true # resourceRequestCpu: "400m" # resourceRequestMemory: "512Mi" # resourceLimitCpu: "1" # resourceLimitMemory: "1024Mi" # Inherits all values from `agent` so you only need to specify values which differ # -- Configure additional #additionalAgents: {} # maven: # podName: maven # customJenkinsLabels: maven # # An example of overriding the jnlp container # # sideContainerName: jnlp # image: # repository: jenkins/jnlp-agent-maven # tag: latest # python: # podName: python # customJenkinsLabels: python # sideContainerName: python # image: # repository: python # tag: "3" # command: "/bin/sh -c" # args: "cat" # TTYEnabled: true # Here you can add additional clouds # They inherit all values from the default cloud (including the main agent), so # you only need to specify values which differ. If you want to override # default additionalAgents with the additionalClouds.additionalAgents set # additionalAgentsOverride to `true`. #additionalClouds: {} # remote-cloud-1: # kubernetesURL: https://api.remote-cloud.com # additionalAgentsOverride: true # additionalAgents: # maven-2: # podName: maven-2 # customJenkinsLabels: maven # # An example of overriding the jnlp container # # sideContainerName: jnlp # image: # repository: jenkins/jnlp-agent-maven # tag: latest # namespace: my-other-maven-namespace # remote-cloud-2: # kubernetesURL: https://api.remote-cloud.com persistence: # -- Enable the use of a Jenkins PVC enabled: true # A manually managed Persistent Volume and Claim # Requires persistence.enabled: true # If defined, PVC must be created manually before volume will be bound # -- Provide the name of a PVC #existingClaim: # jenkins data Persistent Volume Storage Class # If defined, storageClassName: # If set to "-", storageClassName: "", which disables dynamic provisioning # If undefined (the default) or set to null, no storageClassName spec is # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS & OpenStack) # -- Storage class for the PVC storageClass: "nfs-bunker" accessMode: "ReadWriteOnce" # -- The size of the PVC size: "16Gi" # ref: https://kubernetes.io/docs/concepts/storage/volume-pvc-datasource/ # -- Existing data source to clone PVC from #dataSource: {} # name: PVC-NAME # kind: PersistentVolumeClaim # -- SubPath for jenkins-home mount #subPath: # -- Additional volumes #volumes: [] # - name: nothing # emptyDir: {} # -- Additional mounts #mounts: [] # - mountPath: /var/nothing # name: nothing # readOnly: true networkPolicy: # -- Enable the creation of NetworkPolicy resources enabled: false # For Kubernetes v1.4, v1.5 and v1.6, use 'extensions/v1beta1' # For Kubernetes v1.7, use 'networking.k8s.io/v1' # -- NetworkPolicy ApiVersion apiVersion: networking.k8s.io/v1 # You can allow agents to connect from both within the cluster (from within specific/all namespaces) AND/OR from a given external IP range internalAgents: # -- Allow internal agents (from the same cluster) to connect to controller. Agent pods will be filtered based on PodLabels allowed: true # -- A map of labels (keys/values) that agent pods must have to be able to connect to controller podLabels: {} # -- A map of labels (keys/values) that agents namespaces must have to be able to connect to controller namespaceLabels: {} # project: myproject externalAgents: # -- The IP range from which external agents are allowed to connect to controller, i.e., 172.17.0.0/16 ipCIDR: # -- A list of IP sub-ranges to be excluded from the allowlisted IP range except: [] # - 172.17.1.0/24 ## Install Default RBAC roles and bindings rbac: # -- Whether RBAC resources are created create: true # -- Whether the Jenkins service account should be able to read Kubernetes secrets readSecrets: true serviceAccount: # -- Configures if a ServiceAccount with this name should be created create: true serviceAccountAgent: # -- Configures if an agent ServiceAccount should be created create: true # -- Checks if any deprecated values are used checkDeprecation: true ```

Additional information (I am still relatively green in terms of Kubernetes; I could be misunderstanding this as a bug, when it is really not - but judging from the stacktrace, and what failed, this is not supposed to happen.) Kubernetes version: 1.29.3+k3s1 Jenkins Operator version: I haven't hard-specified one yet - so it should default to "latest".

Thank you and kind regards, Ingwie

[brokenpip3]

I believe you opened the issue in the wrong place :)

The helm chrt that you are using is: https://github.com/jenkinsci/helm-charts, this is instead the kubernetes operator one.

Feel free to comment if it's not like that :)

[IngwiePhoenix]

Oh! Oops... Apologies for that; musta taken a wrong turn ;) Thank you for the pointer; have had way too many k8s related issues just closed on me without any further information... So I really appreciate this!

Will take the issue over there then.

Have a great day!