You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After performing etcd encryption on a cluster with openshift self managed (onprem) 4.12, we have detected that every seven days the api server performs a key rotation that seems to be noticeable to the elasticsearch operators. This causes the ES operators to trigger a restart of the elasticsearch pods.
According with the redhat documentation https://docs.openshift.com/container-platform/4.12/security/encrypting-etcd.html seems that the encrytion has affect to some objects like secrets or configmap...We are understanding that the ES operator is sensitive to this process and cause a restart on the ES pods...
Is this the expected behaviour? Could we avoid this behaviour?
After performing etcd encryption on a cluster with openshift self managed (onprem) 4.12, we have detected that every seven days the api server performs a key rotation that seems to be noticeable to the elasticsearch operators. This causes the ES operators to trigger a restart of the elasticsearch pods.
According with the redhat documentation https://docs.openshift.com/container-platform/4.12/security/encrypting-etcd.html seems that the encrytion has affect to some objects like secrets or configmap...We are understanding that the ES operator is sensitive to this process and cause a restart on the ES pods...
Is this the expected behaviour? Could we avoid this behaviour?
Here is the ES configuration:
apiVersion: elasticsearch.k8s.elastic.co/v1beta1
kind: Elasticsearch
metadata:
name: elastic-elasticsearch
spec:
version: 7.10.1
nodeSets:
######################################################
MASTER NODE
######################################################
name: master-node
count: 1
config:
node.roles: ["master","data","ingest"]
node.store.allow_mmap: true
xpack.monitoring.enabled: true
xpack.monitoring.collection.enabled: true
podTemplate:
metadata:
name: elastic-elasticsearch
spec:
initContainers:
- name: sysctl
securityContext:
privileged: true
command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144']
http:
service:
spec:
type: ClusterIP
Thanks in advance!
The text was updated successfully, but these errors were encountered: