Can't use gcloud builds submit on slaves
philippefuentes opened this issue · 2 comments
philippefuentes commented
I followed the last update on the tuto (installed jenkins using Helm), the difference is I use a git repo to pull my project.
I'd like to build and push images on the slaves to push images on my GKE repo (like I used to do with the first version of the tuto).
I use the latest proposed jenkinsfile with a gcloud builder like in the demo but I have this error:
ERROR: (gcloud.builds.submit) User [414288873103-compute@developer.gserviceaccount.com] does not have permission to access project [vpc-hosting-150517] (or it may not exist): Request had insufficient authentication scopes.
I checked in IAM gcloud console, this is the "Compute Engine default service account" service account, with the "Editor" role. I tried to add the "Owner" role to it but got the same error.
Where is this service account referenced on the whole setting ?, could not find anything in Jenkins System Configuration.
here is the jenkinsfile used:
def project = 'titane'
def appName = 'tit-client'
def imageTag = "gcr.io/vpc-hosting-150517/${project}/${appName}:${env.BRANCH_NAME}.${env.BUILD_NUMBER}"
pipeline {
agent {
kubernetes {
label 'titane-client'
defaultContainer 'jnlp'
yaml """
apiVersion: v1
kind: Pod
metadata:
labels:
component: ci
spec:
# Use service account that can deploy to all namespaces
serviceAccountName: cd-jenkins
containers:
- name: gcloud
image: gcr.io/cloud-builders/gcloud
command:
- cat
tty: true
"""
}
}
stages {
stage('Build and push image with Container Builder') {
when { branch 'preprod' }
steps {
container('gcloud') {
sh "PYTHONUNBUFFERED=1 gcloud builds submit -t ${imageTag} ."
}
}
}
}
}
here is the complete log:
Started by user admin
> git rev-parse --is-inside-work-tree # timeout=10
Setting origin to https://github.com/vetup/titane-client
> git config remote.origin.url https://github.com/vetup/titane-client # timeout=10
Fetching origin...
Fetching upstream changes from origin
> git --version # timeout=10
> git config --get remote.origin.url # timeout=10
using GIT_ASKPASS to set credentials github-pfuentes
> git fetch --tags --progress origin +refs/heads/*:refs/remotes/origin/*
Seen branch in repository origin/full-firebase
Seen branch in repository origin/master
Seen branch in repository origin/preprod
Seen 3 remote branches
Obtained Jenkinsfile-gcloud from c2be26655d3452e1c9a81d990c91e632000f1044
Running in Durability level: MAX_SURVIVABILITY
[Pipeline] podTemplate
[Pipeline] {
[Pipeline] node
Still waiting to schedule task
Waiting for next available executor
Agent titane-client-mc1rw-qqkf4 is provisioned from template Kubernetes Pod Template
Agent specification [Kubernetes Pod Template] (titane-client):
Running on titane-client-mc1rw-qqkf4 in /home/jenkins/workspace/titane-client_preprod
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Declarative: Checkout SCM)
[Pipeline] checkout
Cloning the remote Git repository
Cloning with configured refspecs honoured and without tags
Cloning repository https://github.com/vetup/titane-client
> git init /home/jenkins/workspace/titane-client_preprod # timeout=10
Fetching upstream changes from https://github.com/vetup/titane-client
> git --version # timeout=10
using GIT_ASKPASS to set credentials github-pfuentes
> git fetch --no-tags --progress https://github.com/vetup/titane-client +refs/heads/*:refs/remotes/origin/*
Fetching without tags
Checking out Revision c2be26655d3452e1c9a81d990c91e632000f1044 (preprod)
> git config remote.origin.url https://github.com/vetup/titane-client # timeout=10
> git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10
> git config remote.origin.url https://github.com/vetup/titane-client # timeout=10
Fetching upstream changes from https://github.com/vetup/titane-client
using GIT_ASKPASS to set credentials github-pfuentes
> git fetch --no-tags --progress https://github.com/vetup/titane-client +refs/heads/*:refs/remotes/origin/*
> git config core.sparsecheckout # timeout=10
> git checkout -f c2be26655d3452e1c9a81d990c91e632000f1044
Commit message: "test jenkinsfile"
[Pipeline] }
[Pipeline] // stage
[Pipeline] withEnv
[Pipeline] {
[Pipeline] container
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Build and push image with Container Builder)
[Pipeline] container
[Pipeline] {
[Pipeline] sh
> git rev-list --no-walk c2be26655d3452e1c9a81d990c91e632000f1044 # timeout=10
+ PYTHONUNBUFFERED=1 gcloud builds submit -t gcr.io/vpc-hosting-150517/titane/tit-client:preprod.41 .
Creating temporary tarball archive of 17101 file(s) totalling 401.5 MiB before compression.
Some files were not included in the source upload.
Check the gcloud log [/root/.config/gcloud/logs/2019.01.30/09.37.41.183364.log] to see which files and the contents of the
default gcloudignore file used (see `$ gcloud topic gcloudignore` to learn
more).
Uploading tarball of [.] to [gs://vpc-hosting-150517_cloudbuild/source/1548841062.16-9d1170c760694689a22fcfe6e5692808.tgz]
ERROR: (gcloud.builds.submit) User [414288873103-compute@developer.gserviceaccount.com] does not have permission to access project [vpc-hosting-150517] (or it may not exist): Request had insufficient authentication scopes.
[Pipeline] }
[Pipeline] // container
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // container
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] }
[Pipeline] // podTemplate
[Pipeline] End of Pipeline
ERROR: script returned exit code 1
Finished: FAILURE
Thank you for your help.
viglesiasce commented
Make sure that the service account or scopes were set properly when you created your cluster/node pool:
philippefuentes commented
Indeed I was using an existing cluster without the cloud-platform scope associated to the node pool, thank you