Document the need to associate IAM role with migrations pod (!3898) · Merge requests · GitLab.org / charts / GitLab Chart

Stan Hu requested to merge sh-add-migrations-service-account-annotations into master Aug 28, 2024

What does this MR do?

GitLab 17.0 introduced a change that caused any GitLab Rails process to make HTTP calls to Elasticsearch, if it were configured (gitlab-org/gitlab!149209 (merged)). If the migrations pod did not have IAM access, then the pod would abruptly crash while trying to run the custom-instance-setup script.

For good measure, let's include the migrations pod in the list of pods for IAM access, even though this issue might go away in GitLab 17.4. Admins have to ensure that the trust policy is defined for these service accounts, so link the AWS documentation.

Author checklist

For general guidance, please follow our Contributing guide.

Required

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Merge Request Title and Description are up to date, accurate, and descriptive.
MR targeting the appropriate branch.
MR has a green pipeline.
Documentation created/updated.
Tests added/updated, and test plan for scenarios not covered by automated tests.
Equivalent MR/issue for omnibus-gitlab opened.

Reviewers checklist

MR has a green pipeline on https://gitlab.com/gitlab-org/charts/gitlab.
Consider downstream impact to the Operator, as per evaluating impact from changes to GitLab Chart.

Edited Aug 28, 2024 by Stan Hu

Document the need to associate IAM role with migrations pod

What does this MR do?

Related issues

Author checklist

Required

Reviewers checklist

Merge request reports