Set proper roles on capo-validate-gateway job

Bogdan Antoherequested to merge
ba/fix-job into main

What does this MR do and why?

We have limited the permissions of jobs/cronjobs into MR !5460 (merged), but we missed to add proper roles on capo-validate-gateway unit and as a results the job will fail as it's reported in issue #3204 (closed). We did not notice that in CI because that unit is enabled when a secondary interface is added and we do not have this scenario in capo CI.

Related reference(s)

Closes #3204 (closed).

Test coverage

Tested into my dev environment where I've added an additional subnet with default gateway and job run as expected:

Creating Network CRD: capo-network-0 76759c52-f180-4931-ade6-063bfb332006
network.openstack.k-orc.cloud/capo-network-0 created
Creating Network CRD: capo-network-1 f9502f04-44f5-48f5-98e0-9dfb6c773b3b
network.openstack.k-orc.cloud/capo-network-1 created
Waiting for Network CRDs to be ready...
network.openstack.k-orc.cloud/capo-network-0 condition met
network.openstack.k-orc.cloud/capo-network-1 condition met
Processing Network: capo-network-0
Found subnets: f0c81ddd-5fff-43e0-a908-46d3f8e8a894
Creating Subnet CRD: capo-network-0-subnet-f0c81ddd
subnet.openstack.k-orc.cloud/capo-network-0-subnet-f0c81ddd created
Waiting for Subnet CRDs to be ready...
subnet.openstack.k-orc.cloud/capo-network-0-subnet-f0c81ddd condition met
Checking for gateway IPs...
Processing subnet capo-network-0-subnet-f0c81ddd
Subnet capo-network-0-subnet-f0c81ddd has gateway IP: 192.168.16.1
Processing Network: capo-network-1
Found subnets: 8f2784e5-1f05-45be-ad63-60021ce95e70
Creating Subnet CRD: capo-network-1-subnet-8f2784e5
subnet.openstack.k-orc.cloud/capo-network-1-subnet-8f2784e5 created
Waiting for Subnet CRDs to be ready...
subnet.openstack.k-orc.cloud/capo-network-1-subnet-8f2784e5 condition met
Checking for gateway IPs...
Processing subnet capo-network-1-subnet-8f2784e5
Subnet capo-network-1-subnet-8f2784e5 has gateway IP: 172.20.219.193

ERROR: None or multiple networks have default gateway set (2 found)
cleaning up temp dir...
cleaning up Network/Subnet resources...
subnet.openstack.k-orc.cloud "capo-network-0-subnet-f0c81ddd" deleted
subnet.openstack.k-orc.cloud "capo-network-1-subnet-8f2784e5" deleted
network.openstack.k-orc.cloud "capo-network-0" deleted
network.openstack.k-orc.cloud "capo-network-1" deleted

CI configuration

Below you can choose test deployment variants to run in this MR's CI.

Click to open to CI configuration

Legend:

Icon Meaning Available values
☁️ Infra Provider capd, capo, capm3
🚀 Bootstrap Provider kubeadm (alias kadm), rke2, okd, ck8s
🐧 Node OS ubuntu, suse, na, leapmicro
🛠️ Deployment Options light-deploy, dev-sources, ha, misc, maxsurge-0, logging, no-logging, cilium
🎬 Pipeline Scenarios Available scenario list and description
🟢 Enabled units Any available units name, by default apply to management and workload cluster. Can be prefixed by mgmt: or wkld: to be applied only to a specific cluster type

  • 🎬 preview ☁️ capd 🚀 kadm 🐧 ubuntu

  • 🎬 preview ☁️ capo 🚀 rke2 🐧 suse

  • 🎬 preview ☁️ capm3 🚀 rke2 🐧 ubuntu

  • ☁️ capd 🚀 kadm 🛠️ light-deploy 🐧 ubuntu

  • ☁️ capd 🚀 rke2 🛠️ light-deploy 🐧 suse

  • ☁️ capo 🚀 rke2 🐧 suse

  • ☁️ capo 🚀 rke2 🐧 leapmicro

  • ☁️ capo 🚀 kadm 🐧 ubuntu

  • ☁️ capo 🚀 kadm 🐧 ubuntu 🟢 neuvector,mgmt:harbor

  • ☁️ capo 🚀 rke2 🎬 rolling-update 🛠️ ha 🐧 ubuntu

  • ☁️ capo 🚀 kadm 🎬 wkld-k8s-upgrade 🐧 ubuntu

  • ☁️ capo 🚀 rke2 🎬 rolling-update-no-wkld 🛠️ ha 🐧 suse

  • ☁️ capo 🚀 rke2 🎬 sylva-upgrade-from-1.5.x 🛠️ ha 🐧 ubuntu

  • ☁️ capo 🚀 rke2 🎬 sylva-upgrade-from-1.5.x 🛠️ ha,misc 🐧 ubuntu

  • ☁️ capo 🚀 rke2 🛠️ ha,misc 🐧 ubuntu

  • ☁️ capo 🚀 rke2 🛠️ ha,misc,openbao🐧 suse

  • ☁️ capo 🚀 rke2 🐧 suse 🎬 upgrade-from-prev-tag

  • ☁️ capm3 🚀 rke2 🐧 suse

  • ☁️ capm3 🚀 kadm 🐧 ubuntu

  • ☁️ capm3 🚀 ck8s 🐧 ubuntu

  • ☁️ capm3 🚀 kadm 🎬 rolling-update-no-wkld 🛠️ ha,misc 🐧 ubuntu

  • ☁️ capm3 🚀 rke2 🎬 wkld-k8s-upgrade 🛠️ ha 🐧 suse

  • ☁️ capm3 🚀 kadm 🎬 rolling-update 🛠️ ha 🐧 ubuntu

  • ☁️ capm3 🚀 rke2 🎬 sylva-upgrade-from-1.5.x 🛠️ ha 🐧 suse

  • ☁️ capm3 🚀 rke2 🛠️ misc,ha 🐧 suse

  • ☁️ capm3 🚀 rke2 🎬 sylva-upgrade-from-1.5.x 🛠️ ha,misc 🐧 suse

  • ☁️ capm3 🚀 kadm 🎬 rolling-update 🛠️ ha 🐧 suse

  • ☁️ capm3 🚀 ck8s 🎬 rolling-update 🛠️ ha 🐧 ubuntu

  • ☁️ capm3 🚀 rke2|okd 🎬 no-update 🐧 ubuntu|na

  • ☁️ capm3 🚀 rke2 🐧 suse 🎬 upgrade-from-release-1.5

  • ☁️ capm3 🚀 rke2 🐧 suse 🎬 upgrade-to-main

Global config for deployment pipelines

  • autorun pipelines
  • allow failure on pipelines
  • record sylvactl events

Notes:

  • Enabling autorun will make deployment pipelines to be run automatically without human interaction
  • Disabling allow failure will make deployment pipelines mandatory for pipeline success.
  • if both autorun and allow failure are disabled, deployment pipelines will need manual triggering but will be blocking the pipeline

Be aware: after configuration change, pipeline is not triggered automatically. Please run it manually (by clicking the run pipeline button in Pipelines tab) or push new code.

Edited by Bogdan Antohe

Merge request reports