kubectl apply Error from server (Forbidden) Authentication required - Jenkins

Question

I installed Jenkins on Windows 10, minikube cluster is Virtual Box VM

On minikube cluster i created service account using this yaml:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: jenkins
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/log"]
  verbs: ["get","list","watch"]
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: jenkins
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: jenkins
subjects:
- kind: ServiceAccount
  name: jenkins

List sa:

kubectl get sa
NAME      SECRETS   AGE
default   1         128m
jenkins   1         99m

kubectl describe sa jenkins
Name:                jenkins
Namespace:           default
Labels:              <none>
Annotations:         kubectl.kubernetes.io/last-applied-configuration:
                       {"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"name":"jenkins","namespace":"default"}}
Image pull secrets:  <none>
Mountable secrets:   jenkins-token-rk2mg
Tokens:              jenkins-token-rk2mg
Events:              <none>

I used token from that account and configured Kubernetes plugin on Jenkins, connection is sucessfull

In Jenkins file i added stage to get kubectl version:

stage('Check kubectl version') {
         steps {
                 sh 'kubectl version'
          }
      }

And i'm getting:

+ kubectl version
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2019-12-07T21:20:10Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"windows/amd64"}
Error from server (Forbidden): <html><head><meta http-equiv='refresh' content='1;url=/login?from=%2Fversion%3Ftimeout%3D32s'/><script>window.location.replace('/login?from=%2Fversion%3Ftimeout%3D32s');</script></head><body style='background-color:white; color:white;'>


    Authentication required
    <!--
    You are authenticated as: anonymous
    Groups that you are in:

    Permission you need to have (but didn't): hudson.model.Hudson.Read
     ... which is implied by: hudson.security.Permission.GenericRead
     ... which is implied by: hudson.model.Hudson.Administer
    -->

Answer 1

You are authenticated as: anonymous

You must authenticate as the ServiceAccount jenkins that you created for Jenkins.

Use withCredentials in your Jenkinsfile step/stage and load the token that belongs to the ServiceAccount for jenkins. You must first identify the secret with the token that belongs to your generated ServiceAccount.

When using the kubectl command, specify that you want to authenticate with your token and possibly a server hostname for the ApiServer.

E.g. something like this:

kubectl apply -f <diretory-or-file> --token $TOKEN_FROM_WITH_CREDENTIALS --server apiserver.hostname.local

Answer 2

I meet the same issue. And there are several k8s environments in Jenkins.

Originally the kubectl apply commands is

kubectl apply -f <directory-or-file>

To solve it, add --context parameter to add specific cluster

kubectl apply -f <directory-or-file> --context <CLUSTER_NAME>