Hi, I´m running Jenkins Version 2.190.1 in an openShift 3.9 Cluster, Kubernetes plugin is at version 1.19.3
Since one of the last updates, I sometimes run into: [id=1597] WARNING o.c.j.p.k.KubernetesLauncher#launch: Error in provisioning; agent=KubernetesSlave name: b4dbc13f-6f01-42d5-a9d7-b31e9520adaa-7013x-lcc2j, template=PodTemplate{inheritFrom='', name='b4dbc13f-6f01-42d5-a9d7-b31e9520adaa-7013x', namespace='', label='b4dbc13f-6f01-42d5-a9d7-b31e9520adaa', nodeSelector='', nodeUsageMode=EXCLUSIVE, workspaceVolume=org.csanchez.jenkins.plugins.kubernetes.volumes.workspace. DynamicPVCWorkspaceVolume@79ebc880, containers=[ContainerTemplate{name='main', image= 'docker-registry-default.cnap-00-mp-prod.mycompanygroup.net:443/ci-next/jenkins-slave-oc:latest' , alwaysPullImage=true, workingDir='/home/jenkins/agent', command='/bin/sh -c', args='cat', ttyEnabled=true, resourceRequestCpu='', resourceRequestMemory='', resourceLimitCpu='', resourceLimitMemory='', envVars=[KeyValueEnvVar [getValue()=https://rspsales-cinext.mycompanygroup.net , getKey()=LOCAL_URL], KeyValueEnvVar [getValue()=https://rspsales-cinext.mycompanygroup.net/nexus , getKey()=NEXUS_URL], KeyValueEnvVar [getValue()=default, getKey()=clusterName], KeyValueEnvVar [getValue()=rspsales-ci, getKey()=project], KeyValueEnvVar [getValue()=BuildConfig.yml, getKey()=buildConfigFile]]}], annotations=[org.csanchez.jenkins.plugins.kubernetes.PodAnnotation@9d4da4a8 , org.csanchez.jenkins.plugins.kubernetes.PodAnnotation@aab9c821], yamls=[ apiVersion: v1 kind: Pod metadata: labels: tier: ci cinextProject: null app: jenkins-slave spec: containers: - name: jnlp image: 'jenkins/jnlp-slave:alpine' args: ['$(JENKINS_SECRET)', '$(JENKINS_NAME)'] resources: limits: cpu: '200m' memory: '256Mi' requests: cpu: '200m' memory: '128Mi' env: - name: JAVA_OPTS value: '-Xmx128m' ]} io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: POST at: https://10.221.128.1/api/v1/namespaces/rspsales-ci/persistentvolumeclaims . Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. persistentvolumeclaims "pvc-b4dbc13f-6f01-42d5-a9d7-b31e9520adaa-7013x-lcc2j" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: User "system:serviceaccount:rspsales-ci:jenkins" cannot update pods/finalizers in project "rspsales-ci", <nil>. at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure (OperationSupport.java:510) at io.fabric8.kubernetes.client.dsl.base.OperationSupport. assertResponseCode(OperationSupport.java:447) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse (OperationSupport.java:413) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse (OperationSupport.java:372) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleCreate( OperationSupport.java:241) at io.fabric8.kubernetes.client.dsl.base.BaseOperation.handleCreate( BaseOperation.java:813) at io.fabric8.kubernetes.client.dsl.base.BaseOperation.create( BaseOperation.java:328) at io.fabric8.kubernetes.client.dsl.base.BaseOperation.create( BaseOperation.java:324) at org.csanchez.jenkins.plugins.kubernetes.volumes.workspace. DynamicPVCWorkspaceVolume.createVolume(DynamicPVCWorkspaceVolume.java:94) at org.csanchez.jenkins.plugins.kubernetes.KubernetesLauncher.launch( KubernetesLauncher.java:130) at hudson.slaves.SlaveComputer$1.call(SlaveComputer.java:297) at jenkins.util.ContextResettingExecutorService$2.call( ContextResettingExecutorService.java:46) at jenkins.security.ImpersonatingExecutorService$2.call( ImpersonatingExecutorService.java:71) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor. ja)va:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor .java:624) at java.lang.Thread.run(Thread.java:748) I guess it´s related to the Dynamic PVC´s (see JENKINS-47591) introduced in 1.19.2 - but how can this be resolved ? The strange thing about it is that after restarting Jenkins the POD launching works several times - and than suddenly starts to fail with the above message. I´m running Jenkins with a dedicated service-account:jenkins at openShift, having either "edit" or now for testing "admin" role. Thanx for any ideas, Torsten -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/cdf14f70-981f-49e9-9b6a-16621910626c%40googlegroups.com.