Merge "Fix logging job"
This commit is contained in:
Zuul
@@ -17,7 +17,7 @@ limitations under the License.
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: elasticsearch-dependencies-objectbucket
|
||||
name: "elasticsearch-dependencies-objectbucket"
|
||||
namespace: {{ .Release.Namespace }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
@@ -31,12 +31,12 @@ rules:
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: elasticsearch-dependencies-objectbucket
|
||||
name: "elasticsearch-dependencies-objectbucket"
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: elasticsearch-dependencies-objectbucket
|
||||
name: "elasticsearch-dependencies-objectbucket"
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: create-elasticsearch-templates
|
||||
@@ -44,6 +44,35 @@ subjects:
|
||||
- kind: ServiceAccount
|
||||
name: verify-repositories
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: "cluster-elasticsearch-dependencies-objectbucket"
|
||||
rules:
|
||||
- apiGroups:
|
||||
- 'objectbucket.io'
|
||||
resources:
|
||||
- objectbuckets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: "cluster-elasticsearch-dependencies-objectbucket"
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: create-elasticsearch-templates
|
||||
namespace: {{ .Release.Namespace }}
|
||||
- kind: ServiceAccount
|
||||
name: verify-repositories
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: "cluster-elasticsearch-dependencies-objectbucket"
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
{{- range $bucket := .Values.storage.s3.buckets }}
|
||||
# When using this Rook CRD, not only bucket will be created,
|
||||
|
||||
7
releasenotes/notes/elasticseach-625bc83028513f08.yaml
Normal file
7
releasenotes/notes/elasticseach-625bc83028513f08.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
---
|
||||
elasticsearch:
|
||||
- |
|
||||
Properly configure RBAC for create-elasticsearch-templates
|
||||
and verify-repositories service accounts. This ensures they have
|
||||
the necessary permissions to access ObjectBucket cluster resources.
|
||||
...
|
||||
@@ -163,14 +163,10 @@ manifests:
|
||||
job_s3_bucket: false
|
||||
object_bucket_claim: true
|
||||
|
||||
# FIXME: The kubernetes-entrypoint image used by default
|
||||
# quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
|
||||
# can not lookup for global (w/o namespace) custom resources
|
||||
# but ObjectBucket CRs are global and we have them as dependencies
|
||||
# for two elasticsearch jobs.
|
||||
images:
|
||||
tags:
|
||||
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
|
||||
dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy
|
||||
|
||||
EOF
|
||||
|
||||
: ${OSH_HELM_REPO:="../openstack-helm"}
|
||||
|
||||
@@ -47,10 +47,7 @@
|
||||
- openstack-helm-compute-kit-ovn-2025-2-ubuntu_noble # 1 node + 3 nodes
|
||||
- openstack-helm-skyline-2025-2-ubuntu_noble # 3 nodes
|
||||
# Infra jobs
|
||||
# NOTE(kozhukalov): Temporarily disabled to unblock CI.
|
||||
# These job is currently broken due to outdated kubernetes-entrypoint images
|
||||
# used in elasticsearch deployment.
|
||||
# - openstack-helm-logging
|
||||
- openstack-helm-logging
|
||||
- openstack-helm-monitoring
|
||||
- openstack-helm-metacontroller
|
||||
gate:
|
||||
|
||||
Reference in New Issue
Block a user