I'm going through a tutorial on running jenkins on your kubernetes cluster. In the tutorial they're using minikube and for my existing cluster it's running on eks. When I apply my jenkins.yaml file, the pod it creates gets this error
Normal Scheduled 27m default-scheduler Successfully assigned default/jenkins-799666d8db-ft642 to ip-192-168-84-126.us-west-2.compute.internal
Warning Failed 24m (x12 over 27m) kubelet Error: ErrImageNeverPull
Warning ErrImageNeverPull 114s (x116 over 27m) kubelet Container image "myjenkins:latest" is not present with pull policy of Never
This was from describing the pod ^
Here's my jenkins.yaml file that I'm using to try to run jenkins on my cluster
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: default
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins
namespace: default
rules:
- apiGroups: [""]
resources: ["pods","services"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["create","delete","get","list","patch","update","watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
---
# Allows jenkins to create persistent volumes
# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins-crb
subjects:
- kind: ServiceAccount
namespace: default
name: jenkins
roleRef:
kind: ClusterRole
name: jenkinsclusterrole
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
# "namespace" omitted since ClusterRoles are not namespaced
name: jenkinsclusterrole
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["create","delete","get","list","patch","update","watch"]
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: default
spec:
selector:
matchLabels:
app: jenkins
replicas: 1
template:
metadata:
labels:
app: jenkins
spec:
containers:
- name: jenkins
image: myjenkins:latest
env:
- name: JAVA_OPTS
value: -Djenkins.install.runSetupWizard=false
ports:
- name: http-port
containerPort: 8080
- name: jnlp-port
containerPort: 50000
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
- name: docker-sock-volume
mountPath: "/var/run/docker.sock"
imagePullPolicy: Never
volumes:
# This allows jenkins to use the docker daemon on the host, for running builds
# see https://stackoverflow.com/questions/27879713/is-it-ok-to-run-docker-from-inside-docker
- name: docker-sock-volume
hostPath:
path: /var/run/docker.sock
- name: jenkins-home
hostPath:
path: /mnt/jenkins-store
serviceAccountName: jenkins
---
apiVersion: v1
kind: Service
metadata:
name: jenkins
namespace: default
spec:
type: NodePort
ports:
- name: ui
port: 8080
targetPort: 8080
nodePort: 31000
- name: jnlp
port: 50000
targetPort: 50000
selector:
app: jenkins
Edit:
So far I tried removing imagePullPolicy: Never and tried it again and got a different error
Warning Failed 17s (x2 over 32s) kubelet Failed to pull image "myjenkins:latest": rpc error: code = Unknown desc = Error response from daemon: pull access denied for myjenkins, repository does not exist or may re
quire 'docker login': denied: requested access to the resource is denied
I tried running docker login and logging in and I'm still getting this same error ^. I tried changing imagePullPolicy: Never to Always and received the same error
After changing the image to jenkins/jenkins:lts it's still crashing and when I describe, this is what it says
Normal Scheduled 4m37s default-scheduler Successfully assigned default/jenkins-776574886b-x2l8p to ip-192-168-77-17.us-west-2.compute.internal
Normal Pulled 4m26s kubelet Successfully pulled image "jenkins/jenkins:lts" in 11.07948886s
Normal Pulled 4m22s kubelet Successfully pulled image "jenkins/jenkins:lts" in 908.246481ms
Normal Pulled 4m7s kubelet Successfully pulled image "jenkins/jenkins:lts" in 885.936781ms
Normal Created 3m39s (x4 over 4m23s) kubelet Created container jenkins
Normal Started 3m39s (x4 over 4m23s) kubelet Started container jenkins
Normal Pulled 3m39s kubelet Successfully pulled image "jenkins/jenkins:lts" in 895.651242ms
Warning BackOff 3m3s (x8 over 4m20s) kubelet Back-off restarting failed container
When I try to run "kubectl logs" on that pod I even get an error for that, which I've never received before when getting logs
touch: cannot touch '/var/jenkins_home/copy_reference_file.log': Permission denied
Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?
Also had to change my volumemount for jenkins to this and it worked!
I found another resource online saying to change my jenkins volume mount to this to fix the permissions issue and my container works now `
volumeMounts:
- mountPath: /var
name: jenkins-volume
subPath: jenkins_home`
As you already did, removing imagePullPolicy: Never would solve your first problem. Your second problem comes from the fact that you are trying to pull an image called myjenkins:latest, which doesn't exist. What you most likely want is this image.
Change
image: myjenkins:latest
to
image: jenkins/jenkins:lts