Does not work with Workload Identity on GKE #88
Comments
|
I have the same issue. My Jenkins master runs in GKE and the metadata credentials used to work when my cluster had node metadata set to EXPOSED. I updated my cluster, moved to GKE Metadata Server / Workload Identity, done all the GCP and K8S service account configuration and I can confirm that my pods (including Jenkins) can access the metadata server. I can run kubectl/gcloud commands in the pods and everything works as before except for this plugin. I've looked though the source-code for metadata endpoints accessed and the ones I found I can confirm they are accessible from my pods. Don't really understand where the plugin decides to "hide" the metadata credentials option. |
|
Here is a pull request that fixes the issue: #91 |
|
Any update on getting this merged and released? |
|
I'm not sure what I can do to get this merged. I guess a maintainer needs to review and merge that pull request. I've manually installed the generated hpi file from the build and running it since then. It would be nice to have this released though. |
|
Hey folks,
This plugin maintenance is now owned by a new team and we're just getting
started. Last week I was able to do a successful release for the
first time.
Now I've merged this PR and I will release today.
Thanks for your help and your patience!
-don
…On Mon, Aug 17, 2020 at 2:07 AM Stefan S. ***@***.***> wrote:
I'm not sure what I can do to get this merged. I guess a maintainer needs
to review and merge that pull request. I've manually installed the
generated hpi file from the build and running it since then. It would be
nice to have this released though.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#88 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAF76UUG26A2EZYQCDBHF43SBDXN5ANCNFSM4OHABX3A>
.
|
|
Thanks Don! |
|
So should this issue be closed? |
When using this with a Jenkins pod running on GKE using a service account with Workload Identtiy, the plugin no longer works using the automatic metadata credentials.
The text was updated successfully, but these errors were encountered: