Description of problem: Failed to create jenkins slave pod when set resource limit in container Version-Release number of selected component (if applicable): openshift v3.6.173.0.2 kubernetes v1.6.1+5115d708d7 etcd 3.2.1 brew-pulp.../openshift3/jenkins-slave-maven-rhel7 sha256:aba6f3f30589aa3cfb7cbf1ff37fd79cd4d8e5ac589c24c93cb46570260f76fd brew-pulp.../openshift3/jenkins-slave-nodejs-rhel7 sha256:e9910a95d1fd504164205a709234e193fc3a08b24f406a0b7b5be2b7a8ade924 brew-pulp.../openshift3/jenkins-slave-base-rhel7 sha256:d4dc875e148b6595201f2f480a79a1f268543f1c51592fd63968d35158e900d9 How reproducible: Always Steps to Reproduce: 1.Create a project, create limit range $ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/templates/OCP-15196/limitrange.json --config=admin.kubeconfig 2.Create pipeline build $ oc new-app -f https://raw.githubusercontent.com/openshift/origin/master/examples/jenkins/pipeline/samplepipeline.yaml $ oc start-build sample-pipeline 3.Check pod status Actual results: slave pod is error # oc get pod NAME READY STATUS RESTARTS AGE nodejs-4fa8fffb48b0 0/1 Error 0 1h nodejs-4fab5389b34c 0/1 Error 0 1h # oc logs -f nodejs-4fa4575142ac Using 64 bit Java since OPENSHIFT_JENKINS_JVM_ARCH is not set Downloading http://172.30.244.182:80/jnlpJars/remoting.jar ... max heap in MB is 256 and 64 bit was not explicitly set so using 32 bit Java alternatives version 1.7.2 - Copyright (C) 2001 Red Hat, Inc. This may be freely redistributed under the terms of the GNU Public License. usage: alternatives --install <link> <name> <path> <priority> [--initscript <service>] [--family <family>] [--slave <link> <name> <path>]* alternatives --remove <name> <path> alternatives --auto <name> alternatives --config <name> alternatives --display <name> alternatives --set <name> <path> alternatives --list common options: --verbose --test --help --usage --version --keep-missing --altdir <directory> --admindir <directory> Expected results: slave pod is running, pipeline build is completed Additional info: # oc get pod nodejs-4fa8fffb48b0 -o yaml apiVersion: v1 kind: Pod metadata: annotations: kubernetes.io/limit-ranger: 'LimitRanger plugin set: cpu, memory request for container jnlp; cpu, memory limit for container jnlp' openshift.io/scc: restricted creationTimestamp: 2017-08-03T03:16:35Z labels: jenkins: slave jenkins/nodejs: "true" name: nodejs-4fa8fffb48b0 namespace: dyan2 resourceVersion: "55476" selfLink: /api/v1/namespaces/dyan2/pods/nodejs-4fa8fffb48b0 uid: 28418eb4-77fa-11e7-b121-fa163e45cfd3 spec: containers: - args: - 62a4a74b366d52f142fdd4b371b978e7c5bbb7f33b631430aa84dad00fbb3073 - nodejs-4fa8fffb48b0 env: - name: JENKINS_LOCATION_URL value: https://jenkins-dyan2.0802-8un.qe.rhcloud.com/ - name: JENKINS_SECRET value: 62a4a74b366d52f142fdd4b371b978e7c5bbb7f33b631430aa84dad00fbb3073 - name: JENKINS_JNLP_URL value: http://172.30.244.182:80/computer/nodejs-4fa8fffb48b0/slave-agent.jnlp - name: JENKINS_TUNNEL value: 172.30.212.191:50000 - name: JENKINS_NAME value: nodejs-4fa8fffb48b0 - name: JENKINS_URL value: http://172.30.244.182:80 - name: HOME value: /tmp image: brew-pulp.../openshift3/jenkins-slave-nodejs-rhel7 imagePullPolicy: IfNotPresent name: jnlp resources: limits: cpu: "1" memory: 512Mi requests: cpu: 60m memory: 307Mi securityContext: capabilities: drop: - KILL - MKNOD - SETGID - SETUID - SYS_CHROOT privileged: false runAsUser: 1000100000 seLinuxOptions: level: s0:c10,c5 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /tmp name: workspace-volume - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: jenkins-token-ttgqz readOnly: true workingDir: /tmp dnsPolicy: ClusterFirst imagePullSecrets: - name: jenkins-dockercfg-451pz nodeName: host-8-174-65.host.centralci.eng.rdu2.redhat.com restartPolicy: Never schedulerName: default-scheduler securityContext: fsGroup: 1000100000 seLinuxOptions: level: s0:c10,c5 serviceAccount: jenkins serviceAccountName: jenkins terminationGracePeriodSeconds: 30 volumes: - emptyDir: {} name: workspace-volume - name: jenkins-token-ttgqz secret: defaultMode: 420 secretName: jenkins-token-ttgqz status: conditions: - lastProbeTime: null lastTransitionTime: 2017-08-03T03:16:35Z status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: 2017-08-03T03:16:35Z message: 'containers with unready status: [jnlp]' reason: ContainersNotReady status: "False" type: Ready - lastProbeTime: null lastTransitionTime: 2017-08-03T03:16:35Z status: "True" type: PodScheduled containerStatuses: - containerID: docker://24b334874e499f06a2d241f8833b187592a3ca052d7bd270494fd2158c972407 image: brew-pulp.../openshift3/jenkins-slave-nodejs-rhel7:latest imageID: docker-pullable://brew-pulp.../openshift3/jenkins-slave-nodejs-rhel7@sha256:e9910a95d1fd504164205a709234e193fc3a08b24f406a0b7b5be2b7a8ade924 lastState: {} name: jnlp ready: false restartCount: 0 state: terminated: containerID: docker://24b334874e499f06a2d241f8833b187592a3ca052d7bd270494fd2158c972407 exitCode: 2 finishedAt: 2017-08-03T03:16:36Z reason: Error startedAt: 2017-08-03T03:16:36Z hostIP: 172.16.120.192 phase: Failed qosClass: Burstable startTime: 2017-08-03T03:16:35Z
1. For online free tier, cannot trigger pipeline build if you use the slave image as your pipeline job node; 2. For OCP, if admin set limit range for project like online, user will meet the same issue
I see you were trying to use the 3.6 images, but how did you configure jenkins to use the brew slave images instead of the registry.access.redhat.com ones? You would have to manually configure the jenkins slave pod templates to point to brew to accomplish that. Otherwise you would have still picked up the registry.access.redhat.com(3.5) images.
Yes, see comment 1 , when jenkins pod is ready, I log into jenkins webconsole first, then open 'manage jenkins' page, modify the "Kuberneters Pod Template" filed instead of brew.../openshift3/jenkins-slave-nodejs-rhel7 image So the new slave pod will use brew image
Our slave images do not appear to have the 32bit JVM installed. We're going to need to fix this and respin them. Thanks Dongbo.
fix is here: https://github.com/openshift/jenkins/pull/345
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:3049