Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Cannot Reproduce
    • Component/s: kubernetes-plugin
    • Labels:
      None
    • Environment:
      Jenkins: 2.150.3
      Kubernetes: 1.14.3
    • Similar Issues:

      Description

      I have this in my pipeline:

      def label = "mypod-${UUID.randomUUID().toString()}"
      podTemplate(label: label, yaml: """
      apiVersion: v1
      kind: Pod
      metadata:
        labels:
          some-label: some-label-value
      spec:
        containers:
        - name: jnlp
          image: 1234567890.dkr.ecr.us-east-1.amazonaws.com/jenkins-slave:1.0.0
          command:
          - /usr/local/bin/jenkins-slave
          tty: true
          securityContext:
            runAsUser: 10000
            allowPrivilegeEscalation: false
      """
      ) {
          node (label) {
            container('jnlp') {
              sh "hostname"
              sh "mvn --version"
            }
          }
      }
      
      

      When I execute this, i expect that the maven version from my custom jnlp image gets printed, instead I get the following error:

       

      [Pipeline] node
      Agent mypod-6cf91ebc-71db-4c56-80c8-8f332d796ccf-413hd-m09jd is provisioned from template Kubernetes Pod Template
      Agent specification [Kubernetes Pod Template] (mypod-6cf91ebc-71db-4c56-80c8-8f332d796ccf): 
      * [jnlp] jenkins/jnlp-slave:alpine
      yaml:
      
      apiVersion: v1
      kind: Pod
      metadata:
        labels:
          some-label: some-label-value
      spec:
        containers:
        - name: jnlp
          image: 1234567890.dkr.ecr.us-east-1.amazonaws.com/jenkins-slave:1.0.0
          command:
          - /usr/local/bin/jenkins-slave
          tty: true
          securityContext:
            runAsUser: 10000
            allowPrivilegeEscalation: false
      
      
      Running on mypod-6cf91ebc-71db-4c56-80c8-8f332d796ccf-413hd-m09jd in /home/jenkins/workspace/TDP/builds/test-slaves
      [Pipeline] {
      [Pipeline] container
      [Pipeline] {
      [Pipeline] sh
      + hostname
      mypod-6cf91ebc-71db-4c56-80c8-8f332d796ccf-413hd-m09jd
      [Pipeline] sh
      + mvn --version
      /home/jenkins/workspace/ABC/builds/test-slaves@tmp/durable-ef4c2933/script.sh: line 1: mvn: not found
      [Pipeline] }
      [Pipeline] // container
      [Pipeline] }
      [Pipeline] // node
      [Pipeline] }
      [Pipeline] // podTemplate
      [Pipeline] End of Pipeline
      [Office365connector] No webhooks to notify
      ERROR: script returned exit code 127
      Finished: FAILURE
      

      If you see the message above, it is still provisiong the jnlp:alpine image and using that as default.

       

      Can you please correct me if my usage is incorrect and the right way to override jnlp

        Attachments

          Issue Links

            Activity

            Hide
            csanchez Carlos Sanchez added a comment -

            Your example works fine.
            Do you have something in setting "Defaults Provider Template Name"

            Show
            csanchez Carlos Sanchez added a comment - Your example works fine. Do you have something in setting "Defaults Provider Template Name"
            Hide
            sushantp Sushant Pradhan added a comment -

            Hi Carlos, If you mean Kubernetes cloud configuration under Manage Jenkins > Configure System. I have global configuration specified:

            Show
            sushantp Sushant Pradhan added a comment - Hi Carlos, If you mean Kubernetes cloud configuration under Manage Jenkins > Configure System. I have global configuration specified:
            Hide
            martinm82 Martin M added a comment - - edited

            I am having the same problem as Carlos. 

            Agent k8s-docker-pod-rn3k8 is provisioned from template Kubernetes Pod Template
            Agent specification [Kubernetes Pod Template] (docker): 
            * [jnlp] jenkins/jnlp-slave:alpine
            yaml:
            ---
            apiVersion: "v1"
            kind: "Pod"
            metadata:
              annotations: {}
              labels:
                jenkins/docker: "true"
            spec:
              containers:
              - name: jnlp
                args: ['\$(JENKINS_SECRET)', '\$(JENKINS_NAME)']
                image: "jenkins/jnlp-agent-docker:latest"
                imagePullPolicy: "Always"
                securityContext:
                  privileged: true
                  runAsGroup: 0
                tty: true
                volumeMounts:
                - mountPath: "/var/run/docker.sock"
                  name: "docker-sock"
                  readOnly: false
              restartPolicy: "Never"
              volumes:
              - hostPath:
                  path: "/var/run/docker.sock"
                name: "docker-sock"
            
            Building remotely on k8s-docker-pod-rn3k8 (docker) in workspace /home/jenkins/workspace/Playground/test
            + ls -lrt /var/run/
            total 4
            srw-rw----    1 root     117              0 Apr 15 11:18 docker.sock
            drwxr-xr-x    3 root     root          4096 Apr 24 09:53 secrets
            + ls -lrt /usr/local/bin/
            total 8
            -rwxr-xr-x    1 root     root            87 Feb  5 20:39 docker-java-home
            -rwxr-xr-x    1 root     root          3741 Mar 11 14:17 jenkins-slave
            

            As you can see the /usr/local/bin folder does not contain the expected docker binary.

            I think the problem occurs at the moment you provide a raw pod template. Unfortunately I cannot use the fields since I need to set specific options in the security context.

            Show
            martinm82 Martin M added a comment - - edited I am having the same problem as Carlos.  Agent k8s-docker-pod-rn3k8 is provisioned from template Kubernetes Pod Template Agent specification [Kubernetes Pod Template] (docker): * [jnlp] jenkins/jnlp-slave:alpine yaml: --- apiVersion: "v1" kind: "Pod" metadata: annotations: {} labels: jenkins/docker: " true " spec: containers: - name: jnlp args: [ '\$(JENKINS_SECRET)' , '\$(JENKINS_NAME)' ] image: "jenkins/jnlp-agent-docker:latest" imagePullPolicy: "Always" securityContext: privileged: true runAsGroup: 0 tty: true volumeMounts: - mountPath: "/ var /run/docker.sock" name: "docker-sock" readOnly: false restartPolicy: "Never" volumes: - hostPath: path: "/ var /run/docker.sock" name: "docker-sock" Building remotely on k8s-docker-pod-rn3k8 (docker) in workspace /home/jenkins/workspace/Playground/test + ls -lrt / var /run/ total 4 srw-rw---- 1 root 117 0 Apr 15 11:18 docker.sock drwxr-xr-x 3 root root 4096 Apr 24 09:53 secrets + ls -lrt /usr/local/bin/ total 8 -rwxr-xr-x 1 root root 87 Feb 5 20:39 docker-java-home -rwxr-xr-x 1 root root 3741 Mar 11 14:17 jenkins-slave As you can see the /usr/local/bin folder does not contain the expected docker binary. I think the problem occurs at the moment you provide a raw pod template. Unfortunately I cannot use the fields since I need to set specific options in the security context.
            Hide
            martinm82 Martin M added a comment -

            Ok, I got it working now. This seems to be a bug actually.

            So what I did now is I filled out only the "Container template" field "Docker Image" and "Name"

            and added additionally the raw pod template

            So the key here is to define the name and image in the fields.

            Show
            martinm82 Martin M added a comment - Ok, I got it working now. This seems to be a bug actually. So what I did now is I filled out only the "Container template" field "Docker Image" and "Name" and added additionally the raw pod template So the key here is to define the name and image in the fields.
            Hide
            jglick Jesse Glick added a comment -

            Working for me in the automated test attached. Perhaps reporter/commenters were using an older version of the plugin that lacked some fixes reported elsewhere?

            Show
            jglick Jesse Glick added a comment - Working for me in the automated test attached. Perhaps reporter/commenters were using an older version of the plugin that lacked some fixes reported elsewhere?

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                sushantp Sushant Pradhan
              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: