Jenkins SSO Issue after restart in GKE

Using Jenkins
1

I have installed Jenkins using helm chart on GKE using below override.yaml file.

namespaceOverride: “jenkins” # Deploy Jenkins resources in the jenkins namespace

Jenkins controller settings

controller:
serviceType: ClusterIP
image:
# – Controller image registry
registry: “us-central2-docker.pkg.dev”
# – Controller image repository
repository: “gcp-devsecops/jenkins-custom-img”

# -- Controller image tag override
tag: v.1

# -- Controller image tag label
tagLabel: 
# -- Controller image pull policy
pullPolicy: "Always"

Autorization strategy

JCasC:
securityRealm: |-
local:
allowsSignup: false
enableCaptcha: false
users:
- id: “{chart-admin-username}" name: "Jenkins Admin" password: "{chart-admin-password}”
authorizationStrategy: |-
# Nothing is enforced here, Jenkins UI will manage the strategy

select nodepool on which jenkins controller will run

nodeSelector: controller-node # Specify the jenkins controller node pool

ingress:
enabled: false
path:

Attach Persistent disk

persistence:
enabled: true
storageClass: “standard”
annotations: {}
labels: {}
accessMode: “ReadWriteOnce”
size: “16Gi”
After Installation I have downloaded SAML2.0 plugin for SSO configuration. And able to login using SSO. I have updated below details in Jenkins UI.

  1. Updated the jenkins URL
    image
    image975×126 9.9 KB
  2. In security updated below details
    image
    image882×146 19.9 KB

    image
    image872×157 9.92 KB

    image
    image873×265 23.8 KB

    image

Now the issue is when I’m upgrading any plugin and restarting jenkins pod it, changes that I have made are getting reverted.

image
image975×133 8.42 KB

image
image1183×286 10.3 KB

How can I fix it?

2

you have configured the securityRealm with casc. So this will be applied after the start of Jenkins and will overwrite any securityRealm changes that when Jenkins is running once you restart. You should either move the new config to your override.yaml or remove it from there to not overwrite your changes.

3

@mawinter69 I made the changes you suggested, and it’s working now. Thank you for your input. I appreciate your help!

Autorization strategy

JCasC:
defaultConfig: false # Disable default JCasC configuration
overwriteConfiguration: false # Prevent overwriting existing configurations
securityRealm: “” # Don’t override security realm (keep UI configuration)
authorizationStrategy: “” # Don’t override authorization strategy (keep UI configuration)
# Admin credentials section
admin:
createSecret: true # Create a secret for the admin user
username: “{chart-admin-username}" # Admin username password: "{chart-admin-password}” # Admin password
passwordKey: jenkins-admin-password # Key for password in secret
userKey: jenkins-admin-user # Key for username in secret