kubernetesjenkinsproxykubernetes-helmrancher

Installing Jenkins on Kubernetes behind corporate proxy


I am trying to install jenkins on an RKE2 cluster behind a corporate proxy.

I added these values to my helm chart

controller: 
  initContainerEnv:
    - name: http_proxy
      value: http://xxx:xxxx@10.205.xxx.xxx:8080
    - name: https_proxy
      value: http://xxx:xxx@10.205.xxx.xxx:8080
    - name: no_proxy
      value: >-
        jenkins-dev,jenkins-dev.jenkins.svc.cluster.local,localhost,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster.local,xxx.com,xx.com
    - name: JENKINS_UC
      value: http://updates.jenkins.io
    - name: JENKINS_UC_EXPERIMENTAL
      value: http://updates.jenkins.io
    - name: JENKINS_INCREMENTALS_REPO_MIRROR
      value: http://repo.jenkins-ci.org/incrementals
    - name: JENKINS_PLUGIN_INFO
      value: http://updates.jenkins.io/plugin-versions.json
    - name: _JAVA_OPTIONS
      value: >-
        -Dhttp.proxyHost=10.205.xxx.xxx   -Dhttp.proxyPort=8080
        -Dhttp.proxyUser=xxx   -Dhttp.proxyPassword=xxx
        -Dhttps.proxyHost=10.205.xxx.xxx   -Dhttps.proxyPort=8080
        -Dhttps.proxyUser=xxx  -Dhttps.proxyPassword=xxx
        -Dhttp.nonProxyHosts="jenkins-dev|jenkins-dev.jenkins.svc.cluster.local|localhost|kubernetes.default|kubernetes.default.svc|kubernetes.default.svc.cluster.local|xxx.com|xx.com"

The init container is failing, I am getting an error when its trying to download plugins from http://updates.jenkins.io:

Unable to resolve plugin URL http://updates.jenkins.io/download/plugins/skip-certificate-check/1.1/skip-certificate-check.hpi, or download plugin skip-certificate-check to file: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Tried downloading skip-certificate-check from https://get.jenkins.io/plugins/skip-certificate-check/1.1/skip-certificate-check.hpi (attempt 1 of 3)
Unable to resolve plugin URL http://updates.jenkins.io/download/plugins/git/5.1.0/git.hpi, or download plugin git to file: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Tried downloading git from https://get.jenkins.io/plugins/git/5.1.0/git.hpi (attempt 1 of 3)
Unable to resolve plugin URL http://updates.jenkins.io/download/plugins/workflow-multibranch/756.v891d88f2cd46/workflow-multibranch.hpi, or download plugin workflow-multibranch to file: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Tried downloading workflow-multibranch from https://get.jenkins.io/plugins/workflow-multibranch/756.v891d88f2cd46/workflow-multibranch.hpi (attempt 1 of 3)
Unable to resolve plugin URL http://updates.jenkins.io/download/plugins/jakarta-mail-api/2.0.1-3/jakarta-mail-api.hpi, or download plugin jakarta-mail-api to file: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Tried downloading jakarta-mail-api from https://get.jenkins.io/plugins/jakarta-mail-api/2.0.1-3/jakarta-mail-api.hpi (attempt 1 of 3)

The weird thing is that I am able to download the update-center.json.

Could anyone help ?


Solution

  • I had to bypass ssl on proxy (and then used HTTPS repos)