[kontinuity-dev-public] Jenkins service account does not work on slaves (only on master)
Tomas Nozicka
tnozicka at redhat.com
Fri Jun 17 14:27:18 UTC 2016
I have modified my Jenkinsfile to use service account and I have found
out that Jenkins master and slaves run under different service
accounts.
Ben's template creates ServiceAccount named "jenkins" with the correct
permissions but slaves are run with ServiceAccount named "default"
without permissions. This ends up for me after login with:
$ oc login https://kubernetes.default/ --token=$(cat
/run/secrets/kubernetes.io/serviceaccount/token) --certificate-
authority=/run/secrets/kubernetes.io/serviceaccount/ca.crt
"Logged into "https://kubernetes.default:443" as
system:serviceaccount:catapult:default using the token provided.
"You don't have any projects. ..."
Changing to the same project I am in ends with:
$ oc project catapult
error: You are not a member of project "catapult".
You are not a member of any projects. You can request a project to be
created with the 'new-project' command.
I tried those steps manually by "docker exec" into master instance and
it works fine there with "jenkins" service account.
Can I somehow set up Jenkins slaves to use the correct service account?
Or can we roll back to not having special service account for Jenkins
and use the default one? I think it was in the template before...
Thanks,
Tomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/kontinuity-dev-public/attachments/20160617/5da13a6a/attachment.htm>
More information about the kontinuity-dev-public
mailing list