[Post 3.1] Update stack versions in recipes/samples and e2e matrix #8776
Conversation
barkbay
added
>docs
config/e2e/monitoring.yaml
Outdated
| package: | ||
| name: system | ||
| version: 9.0.0 | ||
| version: 9.1.0 |
There was a problem hiding this comment.
I have to check this one, IIUC Agent packages have a different lifecycle.
There was a problem hiding this comment.
Last version of package system seems to be 2.5.1, not sure why we have the stack version here. I'm wondering it is not a bug in update-stack-version.sh.
🎉 Snyk checks have passed. No issues have been found so far.✅ security/snyk check is complete. No issues have been found. (View Details) ✅ license/snyk check is complete. No issues have been found. (View Details) |
| mixed: | ||
| - E2E_STACK_VERSION: "8.18.0" | ||
| # current stack version 9.0.0 is tested in all other tests no need to test it again | ||
| - E2E_STACK_VERSION: "8.19.0-SNAPSHOT" |
There was a problem hiding this comment.
| - E2E_STACK_VERSION: "8.19.0-SNAPSHOT" | |
| - E2E_STACK_VERSION: "8.19.0" |
8.19.0 should have been released in tandem with 9.1.0 I believe.
There was a problem hiding this comment.
I guess the other question is whether we would like to replace 8.18. with 8.19 on L6. And keep 8.19.0-SNAPSHOT for future patch releases of the 8.19 branch here.
There was a problem hiding this comment.
I guess the other question is whether we would like to replace 8.18. with 8.19 on L6. And keep 8.19.0-SNAPSHOT for future patch releases of the 8.19 branch here.
This was my original plan, I forgot to update 8.18.0 on L6
|
buildkite test this -f p=kind -m s=9.1.0,s=9.2.0-SNAPSHOT |
|
|
For {
"log.level": "error",
"@timestamp": "2025-07-31T07:59:16.798Z",
"message": "Error dialing x509: certificate signed by unknown authority",
"component": {
"binary": "metricbeat",
"dataset": "elastic_agent.metricbeat",
"id": "beat/metrics-monitoring",
"type": "beat/metrics"
},
"log": {
"source": "beat/metrics-monitoring"
},
"service.name": "metricbeat",
"ecs.version": "1.6.0",
"network.transport": "tcp",
"server.address": "elasticsearch-rss8-es-http.e2e-h4gpy-mercury.svc:9200",
"log.logger": "elasticsearch.esclientleg",
"log.origin": {
"file.line": 39,
"file.name": "transport/logging.go",
"function": "github.com/elastic/elastic-agent-libs/transport/httpcommon.(*HTTPTransportSettings).RoundTripper.LoggingDialer.func2"
}
}{
"log.level": "error",
"@timestamp": "2025-07-31T07:59:18.667Z",
"message": "http: TLS handshake error from 10.244.3.1:51158: remote error: tls: bad certificate\n",
"component": {
"binary": "fleet-server",
"dataset": "elastic_agent.fleet_server",
"id": "fleet-server-default",
"type": "fleet-server"
},
"log": {
"source": "fleet-server-default"
},
"ecs.version": "1.6.0",
"service.name": "fleet-server",
"service.type": "fleet-server"
}I'll check if it is also the case for Edit:
|
|
I can reproduce with |
The problem
{
"log.level": "error",
"@timestamp": "2025-08-01T08:45:48.269Z",
"message": "Failed to connect to backoff(elasticsearch(https://elasticsearch-nb68-es-http.e2e-mercury.svc:9200)): Get \"https://elasticsearch-nb68-es-http.e2e-mercury.svc:9200\": x509: certificate signed by unknown authority",
"component": {
"binary": "metricbeat",
"dataset": "elastic_agent.metricbeat",
"id": "kubernetes/metrics-default",
"type": "kubernetes/metrics"
},
"log": {
"source": "kubernetes/metrics-default"
},
"log.logger": "publisher_pipeline_output",
"log.origin": {
"file.line": 149,
"file.name": "pipeline/client_worker.go",
"function": "github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"
},
"service.name": "metricbeat",
"ecs.version": "1.6.0"
}
Side note, this warning is interesting: 
Kibana configurationKibana is configured with: xpack.fleet.agentPolicies:
- id: eck-fleet-server
is_managed: true
monitoring_enabled:
- logs
- metrics
name: Fleet Server on ECK policy
namespace: default
package_policies:
- id: fleet_server-1
name: fleet_server-1
package:
name: fleet_server
unenroll_timeout: 900
- id: eck-agent
is_managed: true
monitoring_enabled:
- logs
- metrics
name: Elastic Agent on ECK policy
namespace: default
package_policies:
- name: system-1
package:
name: system
- name: kubernetes-1
package:
name: kubernetes
unenroll_timeout: 900
xpack.fleet.agents.fleet_server.hosts:
- https://fleet-server-nb68-agent-http.e2e-mercury.svc:8220
xpack.fleet.outputs:
- hosts:
- https://elasticsearch-nb68-es-http.e2e-mercury.svc:9200
id: eck-fleet-agent-output-elasticsearch
is_default: true
name: eck-elasticsearch
ssl:
certificate_authorities:
- /mnt/elastic-internal/elasticsearch-association/e2e-mercury/elasticsearch-nb68/certs/ca.crt
type: elasticsearch
xpack.fleet.packages:
- name: system
version: latest
- name: elastic_agent
version: latest
- name: fleet_server
version: latest
- name: kubernetes
version: latestThis is what the output looks like in Kibana: 
Elasticsearch CA in Kibana is validI checked the CA inside Fleet and it is valid: If the configured CA is valid, why do we have these certificates errors? |
|
For 9.0.x and 9.1.x I believe this is going to be fixed by elastic/kibana#230370 and elastic/kibana#230371. In the meantime I'm going to update the code to skip impacted versions for that test. |
|
buildkite test this -f p=kind,t=TestFleetKubernetesNonRootIntegrationRecipe -m s=9.1.0,s=9.2.0-SNAPSHOT |
|
My understanding is that last Kibana snapshot ( I'll retry |
|
buildkite test this -f p=kind,t=TestFleetKubernetesNonRootIntegrationRecipe -m s=9.1.0,s=9.2.0-SNAPSHOT |
|
Looks like this is still not fixed 😞 |
|
We still have the same error with Hi @juliaElastic 👋 , could you please confirm that this should be fixed in |
|
buildkite test this -f p=kind,t=TestFleetKubernetesNonRootIntegrationRecipe -m s=9.1.1,s=9.2.0-SNAPSHOT |
1 similar comment
|
buildkite test this -f p=kind,t=TestFleetKubernetesNonRootIntegrationRecipe -m s=9.1.1,s=9.2.0-SNAPSHOT |
barkbay
force-pushed
the
3.1.0/update-stack-version
branch
from
0df0068 to
62e9120
Compare
|
buildkite test this -f p=kind,t=TestFleetKubernetesNonRootIntegrationRecipe -m s=9.1.2,s=9.2.0-SNAPSHOT |
|
buildkite test this -f p=kind,t=TestFleetKubernetesNonRootIntegrationRecipe -m s=9.0.5 |
|
buildkite test this -f p=kind,t=TestFleetKubernetesNonRootIntegrationRecipe -m s=9.1.2,9.0.5 |
|
buildkite test this -f p=kind,t=TestFleetKubernetesNonRootIntegrationRecipe -m s=9.1.2,s=9.0.5 |
|
buildkite test this -f p=kind,t=TestFleetKubernetesNonRootIntegrationRecipe -m s=9.0.5,s=9.1.2,s=9.2.0-SNAPSHOT |
|
Running the tests again with the correct versions:
For both 9.1.2 and 9.2.0 I can see the the following in Agent logs: Which seems to be a known issue on the Kibana side where the Elasticsearch SSL config is copied to Agent (not sure this issue is tracked in github though). |
|
@\eedugon kindly created elastic/kibana#233780 to track the bug in Kibana |
|
I'm going to disable this test, we are not running the e2e tests with the last stack version which is not great. I'll create an issue to be sure we enable it again before the next release. |
|
buildkite test this -f p=kind,t=TestFleetKubernetesNonRootIntegrationRecipe -m s=9.0.5,s=9.1.2,s=9.2.0-SNAPSHOT |
3 participants
Update stack versions in recipes/samples and e2e matrix.