Insufficient Oauth scope when trying to deploy Jenkins click to deploy on an existing Google Kuberne


I have an existing Google Kubernetes Engine cluster where I want to deploy a Jenkins server.

GKE offers a marketplace with a click to deploy Jenkins image that I wanted to use but when I try to select my cluster it is marked as ineligible cluster with the message insufficient Oauth scope.

How can I work around this?


You get this error because of the node pool if your cluster doesn't have the right scopes to deploy the Jenkins server, Unfortunately you cannot stop the nodes to change their scopes, the IG will recreate these nodes with the old scopes.

To get around this problem you need to create another pool with the right scopes:


First create a new node pool:

gcloud container node-pools create adjust-node-scope \ --cluster <YOUR_CLUSTER_NAME> --zone <YOUR_ZONE> \ --num-nodes 3 \ --scopes=https://www.googleapis.com/auth/cloud-platform

Second drain the old node pool:

kubectl cordon <NODE_NAME> #This will prevent new pods from being scheduled onto them kubectl drain <NODE_NAME> --force #This will delete all the pods on that node.

Third delete the old node pool:

gcloud container node-pools delete default-pool \ --cluster <YOUR_CLUSTER_NAME> --zone <YOUR_ZONE>

Then deploy your Jenkins server after. Another workaround but not safe is to create a new instance template almost the same that your cluster is using with the new scopes you can as well setup full API access. then in IG roll a new update and select the new instances template.


  • Caching across Applications in .Net on a Windows Machine
  • Delete query generating UncategorizedSQLException and ORACLE memory issue in SPRING framework
  • TypeError upon authenticating user using Google OAuth 2
  • Python - How to reference a global variable from a function [duplicate]
  • Google Contacts API asp.net settings and authorization token
  • Unable to save a query as a view table
  • How do I check assembly output of Java code?
  • How to remove default command line arguments provided by Eclipse?
  • Playing a monetized YouTube song inside of a Google Chrome Extension. Do I have any options?
  • Docker container for google cloudML on compute engine - authenticating for mounting bucket
  • How can I include multiple models in one view for in a Joomla 3.x component built with Component Cre
  • OAuth2 flow for mobile app
  • How to best manage SMTP clients
  • Unicorn and Rails eat up 2x MySQL connections
  • Using $compile in a directive triggers AngularJS infinite digest error
  • Updating Dojo provide
  • How can I tell a form not to dispose a particular control when it closes?
  • Simple linked list-C
  • SonarQube: Cannot deactivate rule with missing quality profile
  • CakePHP ACL tutorial initDB function warnings
  • How do I exclude a dependency in provided scope when running in Maven test scope?
  • Is it possible to access block's scope in method?
  • Installing Hadoop, Java Exception about illegal characters at index 7?
  • RectangularRangeIndicator format like triangular using dojo
  • How to make a tree having multiple type of nodes and each node can have multiple child nodes in java
  • Cross-Platform Protobuf Serialization
  • Trying to switch camera back to front but getting exception
  • R: gsub and capture
  • Circular dependency while pushing http interceptor
  • jqPlot EnhancedLegendRenderer plugin does not toggle series for Pie charts
  • bootstrap to use multiple ng-app
  • Comma separated Values
  • using conditional logic : check if record exists; if it does, update it, if not, create it
  • Revoking OAuth Access Token Results in 404 Not Found
  • Hits per day in Google Big Query
  • FormattedException instead of throw new Exception(string.Format(…)) in .NET
  • Linking SubReports Without LinkChild/LinkMaster
  • XCode 8, some methods disappeared ? ex: layoutAttributesClass() -> AnyClass
  • How can i traverse a binary tree from right to left in java?
  • How to load view controller without button in storyboard?