kubernetes-jenkins leveraging fabric8 + RBAC

Question

kubernetes-jenkins leveraging fabric8 + RBAC

sylus opened this issue 7 years ago · 1 comments

Hi there, not sure if anyone has experience with Kubernetes plugin but after I deployed my updated jenkins cluster with RBAC enabled some containers where I need the privilege flag no longer work. Odd thing is with RBAC disable everything still works on my dev cluster.

For instance this jenkinsfile doesn’t work due to privilege flags which I will need to bind mount the /vbox/vboxdrv from the host.

With RBAC enabled this is the error I get:

io.fabric8.kubernetes.client.KubernetesClientException: pods "jenkins-save-*" is forbidden: cannot exec into or attach to a prvileged container.

jenkins-jenkins my service account does have cluster-admin and I ran the following and received “yes”

kubectl auth can-i create pods --namespace default --as 'system:serviceaccount:default:jenkins-jenkins'

Anyone have any ideas?

Answer 1 · 2018-03-04T21:26:09.000Z

Turns out this was DenyEscalatingExec added to the admission controller, removed it has fixed the issue, though not sure the best solution.

Thanks anyways! :)