bparees
commented
6 years ago can you run oc version in both slaves? I wonder if you have an older/different version of the base slave image compared w/ the maven slave image.
Closed spicysomtam closed 6 years ago
bparees
commented
6 years ago can you run oc version in both slaves? I wonder if you have an older/different version of the base slave image compared w/ the maven slave image.
spicysomtam
commented
6 years ago I was using the v3.9 images, but have found an issue with the oc command in that it does not show up deployment configs against a v3.6 cluster! So reverted to the v3.7 slave images which has a non alpha/beta version of the oc command and that is fine. I'm using the maven image which can see everything in the project it is running (eg oc get all); I'll give the v3.7 slave image a test on Monday and let you know.
I am on a discovery of openshift Jenkins at the moment trying to build our Scala app natively in openshift (its currently built in a vm using docker compose). Probably need to learn how to use the s2i process to get images built. Trying to do things the recommended openshift way.
bparees
commented
6 years ago yes the v3.9 oc client is not backwards compatible to v3.6. This is why we now tag our jenkins images w/ release versions so you can pick a jenkins image that's version-aligned with your cluster (and will include an oc binary that's version aligned w/ your cluster).
spicysomtam
commented
6 years ago So I just retested with the v3.7 slave images; maven image has access to the current project jenkins runs in while slave image does not:
+ oc project aaa-build
error: You are not a member of project "aaa-build".
You are not a member of any projects. You can request a project to be created with the 'new-project' command.I am not sure the intended behaviour; whether the slave images should have access to deploy infra into the current project.
bparees
commented
6 years ago slave images run w/ the default service account for your project. masters run w/ the jenkins service account (assuming you deployed using the openshift jenkins template). presumably you have different permissions configured on those accounts.
you can override which service account the slaves run w/, or add permissions to the default service accuont.
bparees
commented
6 years ago @gabemontero this is probably an area that needs some doc improvements. This would probably be a good place to discuss it: https://docs.openshift.org/latest/using_images/other_images/jenkins.html#using-the-jenkins-kubernetes-plug-in
Also the link in this section: https://docs.openshift.org/latest/using_images/other_images/jenkins.html#kubernetes-plug-in
is broken. it points here: https://docs.openshift.org/latest/using_images/other_images/jenkins.html#using-the-jenkins-kubernetes-plug-in-to-run-jobs
it should point here: https://docs.openshift.org/latest/using_images/other_images/jenkins.html#using-the-jenkins-kubernetes-plug-in
rcsrao
commented
6 years ago Try running oadm policy add-cluster-role-to-user cluster-admin project-build:default
bparees
commented
6 years ago @wozniakjan this might be another item to tackle (it's just doc improvements)
gabemontero
commented
6 years ago Have some cycles now ... will craft a doc pull either today or tomorrow.
Maybe I am missing something. But if I run the maven k8s slave image, it can access the openshift project (eg
oc get all). However if I use the base slave image, I get the following:I added the slave with the same settings as maven and nodejs in Kubernetes Pod Template in the Cloud setting block.