Thank you for your patience whilst I looked into this for you, it seems the logs are a tad misleading in that both tasks are using the same worker but they are executing on different targets, you can see this in your UI here:
It is actually fine for Octopus to use the same worker for two deployments and the issue you are seeing is not because of that.
It looks like the credentials on the Stephan target are incorrect for your kubectl token as you can see the error I posted in my previous post and also this in a previous failed runbook deployment in the Stephen logs:
14:37:39 Info | Creating kubectl context to https://kubernetes.docker.xxxxxxx (namespace xxxxxxx) using a Token
14:37:39 Verbose | "C:\\ProgramData\\chocolatey\\bin\\kubectl.exe" config set-credentials xxxxx --token=<token> --request-timeout=1m
14:37:39 Verbose | User "xxxxxxxxx" set.
14:37:39 Verbose | "C:\\ProgramData\\chocolatey\\bin\\kubectl.exe" get namespace honeycomb --request-timeout=1m
14:37:39 Verbose | E0421 16:37:40.282921 39620 memcache.go:238] couldn't get current server API group list: the server has asked for the client to provide credentials
I would check the Shaun target against the Stephen target and ensure the kube config files and tokens are the same as it looks like your Shaun target has always deployed successfully. I did find this on google which may help. If you run the kubectl
get nodes command directly in PowerShell on the Stephen target does it bring back the same unauthorised error?
As for the deployment using the same worker, if you wanted to change this behaviour you would need to split your workers into different pools and then set your
Deployment.Pool variable in your deployment variable set to have it use a different worker pool for different environments:
What will happen now is when you deploy and you want to use the
Stephen worker you deploy the runbook to the
Env-Stephen environment which will then use the
Stephen worker and will run on the Stephen target and the Shaun target as you have the deployment running on behalf of the ‘server’ role which both machines are part of.
Let me know if that helps, I am not a K8 expert so am unable to direct you to a better website for the errors you are seeing but it does look like there is some different settings between your Shaun target that is working and your Stephen target which is not. The error does not seem to be related to having the same worker run both deployments as I previously thought.
On another note, it looks like your Stephen target is currently disabled just in case you were not aware. Also, we do not recommend using workers as deployment targets as there can be complications if they are setup to use both, it can be done, its just not recommended so I thought I would mention it in case you are wanting to stick with this setup. We have some documentation on this here if you have not seen it yet, it mentions listening tentacles and yours are K8 targets so I am not sure if we support the use of those as workers.