0c5a9b5f44
All checks were successful
ci/woodpecker/push/default Pipeline was successful
Preflight step 6 confirms the pre-upgrade etcd snapshot is non-empty by parsing the backup Job's log (`kubectl -n default logs job/pre-upgrade-etcd-...`). The k8s-upgrade-job ClusterRole granted `pods` get/list/delete but NOT the `pods/log` subresource, so the read failed with Forbidden in the default ns and aborted preflight — after step 5 had already set k8s_upgrade_in_flight=1. A stale out-of-band grant had masked this until a `terragrunt apply` in this session reconciled the role back to its TF definition. Codify pods/log:get. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| scripts | ||
| job-template.yaml | ||
| main.tf | ||
| terragrunt.hcl | ||