How to setup Kubernetes Plugin to authenticate to Openshift 4.x using an Oauth token

Article ID:360054829952
1 minute readKnowledge base


External CloudBees client controllers require the configuration of the Kubernetes Plugin in order to provision ephemeral build agents on Openshift 4.x.



CloudBees CI (modern) on Openshift doesn’t require the Kubernetes Plugin to be configured because it is automatically configured with the installation of CloudBees CI software on those platforms. However, external CloudBees client controllers do require the setup of the Kubernetes Plugin. For Openshift 4.x create a non-expiring token and add it to CloudBees Jenkins to authenticate.

Openshift 4.x

Openshift 4.x uses Oauth tokens.

To correctly setup the Kubernetes Plugin within Jenkins you’ll need to create a serviceaccount in Openshift granting privileges to the serviceaccount and generating a non-expiring token to use in Jenkins.

Create a non-expiring token for a service account

  1. oc login [url] -u [username] -p [password]

  2. oc new-project cloudbees-core

  3. oc create serviceaccount jenkins

  4. oc policy add-role-to-user edit system:serviceaccount:cloudbees-core:jenkins -n cloudbees-core

  5. oc serviceaccounts get-token jenkins -n cloudbees-core

  6. Save the token value returned by the last command

  7. Go to Manage Jenkins > Manage Nodes and Clouds > Configure Clouds and click on Kubernetes cloud details for your Kubernetes cloud item (for Openshift)

  8. Configure Kubernetes URL and Kubernetes server certificate key

kubernetes cloud details
  1. Add credential and create a credential of type Secret text where the secret is the token you obtained from step #6