[Post 3.1] Update stack versions in recipes/samples and e2e matrix #8776
Conversation
barkbay
added
>docs
config/e2e/monitoring.yaml
Outdated
| @@ -227,7 +227,7 @@ spec: | |||
| meta: | |||
| package: | |||
| name: system | |||
| version: 9.0.0 | |||
| version: 9.1.0 | |||
There was a problem hiding this comment.
I have to check this one, IIUC Agent packages have a different lifecycle.
There was a problem hiding this comment.
Last version of package system seems to be 2.5.1, not sure why we have the stack version here. I'm wondering it is not a bug in update-stack-version.sh.
🎉 Snyk checks have passed. No issues have been found so far.✅ security/snyk check is complete. No issues have been found. (View Details) ✅ license/snyk check is complete. No issues have been found. (View Details) |
| @@ -6,16 +6,16 @@ | |||
| - E2E_STACK_VERSION: "8.18.0" | |||
| # current stack version 9.0.0 is tested in all other tests no need to test it again | |||
| - E2E_STACK_VERSION: "8.19.0-SNAPSHOT" | |||
There was a problem hiding this comment.
| - E2E_STACK_VERSION: "8.19.0-SNAPSHOT" | |
| - E2E_STACK_VERSION: "8.19.0" |
8.19.0 should have been released in tandem with 9.1.0 I believe.
There was a problem hiding this comment.
I guess the other question is whether we would like to replace 8.18. with 8.19 on L6. And keep 8.19.0-SNAPSHOT for future patch releases of the 8.19 branch here.
There was a problem hiding this comment.
I guess the other question is whether we would like to replace 8.18. with 8.19 on L6. And keep 8.19.0-SNAPSHOT for future patch releases of the 8.19 branch here.
This was my original plan, I forgot to update 8.18.0 on L6
|
buildkite test this -f p=kind -m s=9.1.0,s=9.2.0-SNAPSHOT |
|
|
For {
"log.level": "error",
"@timestamp": "2025-07-31T07:59:16.798Z",
"message": "Error dialing x509: certificate signed by unknown authority",
"component": {
"binary": "metricbeat",
"dataset": "elastic_agent.metricbeat",
"id": "beat/metrics-monitoring",
"type": "beat/metrics"
},
"log": {
"source": "beat/metrics-monitoring"
},
"service.name": "metricbeat",
"ecs.version": "1.6.0",
"network.transport": "tcp",
"server.address": "elasticsearch-rss8-es-http.e2e-h4gpy-mercury.svc:9200",
"log.logger": "elasticsearch.esclientleg",
"log.origin": {
"file.line": 39,
"file.name": "transport/logging.go",
"function": "github.com/elastic/elastic-agent-libs/transport/httpcommon.(*HTTPTransportSettings).RoundTripper.LoggingDialer.func2"
}
}{
"log.level": "error",
"@timestamp": "2025-07-31T07:59:18.667Z",
"message": "http: TLS handshake error from 10.244.3.1:51158: remote error: tls: bad certificate\n",
"component": {
"binary": "fleet-server",
"dataset": "elastic_agent.fleet_server",
"id": "fleet-server-default",
"type": "fleet-server"
},
"log": {
"source": "fleet-server-default"
},
"ecs.version": "1.6.0",
"service.name": "fleet-server",
"service.type": "fleet-server"
}I'll check if it is also the case for Edit:
|
|
I can reproduce with |
The problem
{
"log.level": "error",
"@timestamp": "2025-08-01T08:45:48.269Z",
"message": "Failed to connect to backoff(elasticsearch(https://elasticsearch-nb68-es-http.e2e-mercury.svc:9200)): Get \"https://elasticsearch-nb68-es-http.e2e-mercury.svc:9200\": x509: certificate signed by unknown authority",
"component": {
"binary": "metricbeat",
"dataset": "elastic_agent.metricbeat",
"id": "kubernetes/metrics-default",
"type": "kubernetes/metrics"
},
"log": {
"source": "kubernetes/metrics-default"
},
"log.logger": "publisher_pipeline_output",
"log.origin": {
"file.line": 149,
"file.name": "pipeline/client_worker.go",
"function": "github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"
},
"service.name": "metricbeat",
"ecs.version": "1.6.0"
}
Side note, this warning is interesting: 
Kibana configurationKibana is configured with: xpack.fleet.agentPolicies:
- id: eck-fleet-server
is_managed: true
monitoring_enabled:
- logs
- metrics
name: Fleet Server on ECK policy
namespace: default
package_policies:
- id: fleet_server-1
name: fleet_server-1
package:
name: fleet_server
unenroll_timeout: 900
- id: eck-agent
is_managed: true
monitoring_enabled:
- logs
- metrics
name: Elastic Agent on ECK policy
namespace: default
package_policies:
- name: system-1
package:
name: system
- name: kubernetes-1
package:
name: kubernetes
unenroll_timeout: 900
xpack.fleet.agents.fleet_server.hosts:
- https://fleet-server-nb68-agent-http.e2e-mercury.svc:8220
xpack.fleet.outputs:
- hosts:
- https://elasticsearch-nb68-es-http.e2e-mercury.svc:9200
id: eck-fleet-agent-output-elasticsearch
is_default: true
name: eck-elasticsearch
ssl:
certificate_authorities:
- /mnt/elastic-internal/elasticsearch-association/e2e-mercury/elasticsearch-nb68/certs/ca.crt
type: elasticsearch
xpack.fleet.packages:
- name: system
version: latest
- name: elastic_agent
version: latest
- name: fleet_server
version: latest
- name: kubernetes
version: latestThis is what the output looks like in Kibana: 
Elasticsearch CA in Kibana is validI checked the CA inside Fleet and it is valid: If the configured CA is valid, why do we have these certificates errors? |
|
For 9.0.x and 9.1.x I believe this is going to be fixed by elastic/kibana#230370 and elastic/kibana#230371. In the meantime I'm going to update the code to skip impacted versions for that test. |
|
buildkite test this -f p=kind,t=TestFleetKubernetesNonRootIntegrationRecipe -m s=9.1.0,s=9.2.0-SNAPSHOT |
|
My understanding is that last Kibana snapshot ( I'll retry |
|
buildkite test this -f p=kind,t=TestFleetKubernetesNonRootIntegrationRecipe -m s=9.1.0,s=9.2.0-SNAPSHOT |
|
Looks like this is still not fixed 😞 |
|
We still have the same error with Hi @juliaElastic 👋 , could you please confirm that this should be fixed in |
|
buildkite test this -f p=kind,t=TestFleetKubernetesNonRootIntegrationRecipe -m s=9.1.1,s=9.2.0-SNAPSHOT |
Update stack versions in recipes/samples and e2e matrix.