> Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address MY_JENKINS_IP found
If you don't use valid ssl certificates in the jenkins master you'll need to configure Java in the jnlp agent docker, it has nothing to do with kubernetes. https://stackoverflow.com/questions/8443081/how-are-ssl-certificate-server-names-resolved-can-i-add-alternative-names-using?lq=1 unless you are hitting https://issues.jenkins-ci.org/browse/JENKINS-43527 On Tue, Feb 13, 2018 at 8:33 AM, Nick Li <nicklee...@gmail.com> wrote: > jenkins master is running outside of k8s cluster, > from the log, looks like slave created in k8s cluster can't connect to > jenkins master. > > What do I need to do? > > > On Tuesday, February 13, 2018 at 3:08:46 PM UTC+8, Nick Li wrote: >> >> I running jenkins master outside or k8s cluster, >> After running the job, I can the pod is created and running, then turned >> into terminated very soon, >> Looks ing slave created in k8s cluster can't connect to jenkins master. >> >> from JNLP container log I can see >> >> Warning: JnlpProtocol3 is disabled by default, use JNLP_PROTOCOL_OPTS to >> alter the behavior >> Warning: SECRET is defined twice in command-line arguments and the >> environment variable >> Warning: AGENT_NAME is defined twice in command-line arguments and the >> environment variable >> Feb 13, 2018 7:02:03 AM hudson.remoting.jnlp.Main createEngine >> INFO: Setting up agent: jenkins-slave-n58w4-bdvl7 >> Feb 13, 2018 7:02:03 AM hudson.remoting.jnlp.Main$CuiListener >> <init> >> INFO: Jenkins agent is running in headless mode. >> Feb 13, 2018 7:02:03 AM hudson.remoting.Engine startEngine >> WARNING: No Working Directory. Using the legacy JAR Cache location: >> /home/jenkins/.jenkins/cache/jars >> Feb 13, 2018 7:02:03 AM hudson.remoting.jnlp.Main$CuiListener status >> INFO: Locating server among [https://MY_JENKINS_IP/] >> Feb 13, 2018 7:02:04 AM hudson.remoting.jnlp.Main$CuiListener error >> SEVERE: Failed to connect to https://MY_JENKINS_IP/tcpSlaveAgentListener/: >> java.security.cert.CertificateException: No subject alternative names >> matching IP address MY_JENKINS_IP found >> java.io.IOException: Failed to connect to >> https://MY_JENKINS_IP/tcpSlaveAgentListener/: >> java.security.cert.CertificateException: No subject alternative names >> matching IP address MY_JENKINS_IP found >> at org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.reso >> lve(JnlpAgentEndpointResolver.java:199) >> at hudson.remoting.Engine.innerRun(Engine.java:518) >> at hudson.remoting.Engine.run(Engine.java:469) >> Caused by: javax.net.ssl.SSLHandshakeException: >> java.security.cert.CertificateException: No subject alternative names >> matching IP address MY_JENKINS_IP found >> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) >> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959) >> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) >> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) >> at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHa >> ndshaker.java:1514) >> at sun.security.ssl.ClientHandshaker.processMessage(ClientHands >> haker.java:216) >> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) >> >> On Friday, February 9, 2018 at 4:23:48 PM UTC+8, Nick Li wrote: >>> >>> jenkins-slave is offline (suspend) from jenkins webpage. >>> >>> My environment: >>> I have jenkins running on a debian server, created a k8s cluster in gcp. >>> installed kubernetes-plugin, configed k8s in jenkins cloud section,(using >>> admin/k8s password.), >>> >>> Then created a test pipeline job using the following script >>> ``` >>> podTemplate(label: 'pod-golang', >>> containers: [ >>> containerTemplate( >>> name: 'golang', >>> image: 'golang', >>> ttyEnabled: true, >>> command: 'cat' >>> ) >>> ] >>> ) { >>> node ('pod-golang') { >>> >>> stage 'Switch to Utility Container' >>> container('golang') { >>> >>> sh ("go version") >>> >>> } >>> } >>> } >>> ``` >>> from `kubectl get pods` I can see the pod is created, but on jenkins >>> webpage, jenkins-slave is alwasy showing offline >>> Any ideas >>> >>> Thanks >>> >>> -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/jenkinsci-users/e58f2594-cec3-46df-9d51-f96c04493d0b%40googlegroups. > com > <https://groups.google.com/d/msgid/jenkinsci-users/e58f2594-cec3-46df-9d51-f96c04493d0b%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CALHFn6N8%3DtkESpuS5g2cFzTEmwi7QWu8NxQq43AgBSUYAdmOCA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
