[FIXED] kubectl apply Error from server (Forbidden) Authentication required

I installed Jenkins on Windows 10, minikube cluster is Virtual Box VM

On minikube cluster i created service account using this yaml:

apiVersion: v1
kind: ServiceAccount
  name: jenkins
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
  name: jenkins
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/log"]
  verbs: ["get","list","watch"]
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
  name: jenkins
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: jenkins
- kind: ServiceAccount
  name: jenkins

List sa:

kubectl get sa
default   1         128m
jenkins   1         99m

kubectl describe sa jenkins
Name:                jenkins
Namespace:           default
Labels:              <none>
Annotations:         kubectl.kubernetes.io/last-applied-configuration:
Image pull secrets:  <none>
Mountable secrets:   jenkins-token-rk2mg
Tokens:              jenkins-token-rk2mg
Events:              <none>

I used token from that account and configured Kubernetes plugin on Jenkins, connection is sucessfull

enter image description here

In Jenkins file i added stage to get kubectl version:

stage('Check kubectl version') {
         steps {
                 sh 'kubectl version'

And i’m getting:

+ kubectl version
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2019-12-07T21:20:10Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"windows/amd64"}
Error from server (Forbidden): <html><head><meta http-equiv='refresh' content="1;url=/login?from=%2Fversion%3Ftimeout%3D32s"/><script>window.location.replace('/login?from=%2Fversion%3Ftimeout%3D32s');</script></head><body style="background-color:white; color:white;">

    Authentication required
    You are authenticated as: anonymous
    Groups that you are in:

    Permission you need to have (but didn't): hudson.model.Hudson.Read
     ... which is implied by: hudson.security.Permission.GenericRead
     ... which is implied by: hudson.model.Hudson.Administer

You are authenticated as: anonymous

You must authenticate as the ServiceAccount jenkins that you created for Jenkins.

Use withCredentials in your Jenkinsfile step/stage and load the token that belongs to the ServiceAccount for jenkins. You must first identify the secret with the token that belongs to your generated ServiceAccount.

When using the kubectl command, specify that you want to authenticate with your token and possibly a server hostname for the ApiServer.

E.g. something like this:

kubectl apply -f <diretory-or-file> --token $TOKEN_FROM_WITH_CREDENTIALS --server apiserver.hostname.local

Answered By – Jonas
Answer Checked By – Mary Flores (JavaFixing Volunteer)

Read more here: Source link