Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use hash for secure settings secret updates #7843

Merged
merged 3 commits into from
May 24, 2024
Merged

Use hash for secure settings secret updates #7843

merged 3 commits into from
May 24, 2024

Conversation

thbkrkr
Copy link
Contributor

@thbkrkr thbkrkr commented May 23, 2024
edited
Loading

This uses the hash of the -es-secure-settings Secret data instead of its resource version to know if Pods need to be recreated to update the Keystore.
This will avoid unnecessary restarts of Elasticsearch restarts if the Secret resource version changes without changing the data.

Note: upgrading to the eck version including this new change will result in a graceful restart.

Resolves #7842.

@thbkrkr thbkrkr added the >enhancement Enhancement of existing functionality label May 23, 2024
@thbkrkr thbkrkr marked this pull request as ready for review May 23, 2024 18:09
@thbkrkr
Copy link
Contributor Author

thbkrkr commented May 23, 2024

buildkite test this p=gke,s=8.13.2 -m t=TestUpdateESSecureSettings,t=TestUpdateKibanaSecureSettings

@naemono
Copy link
Contributor

naemono commented May 23, 2024

@thbkrkr I understand the reasoning behind this, but is this going to cause a rolling-restart for all customers who upgrade to this version? It seems as though it will.

@pebrc pebrc added the v2.14.0 label May 24, 2024
pebrc
pebrc approved these changes May 24, 2024
View reviewed changes
Copy link
Collaborator

@pebrc pebrc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I think the rolling restart is unavoidable.

@thbkrkr
Copy link
Contributor Author

thbkrkr commented May 24, 2024

Yes, upgrading to the eck version including this new change will result in an unavoidable graceful restart. For users experiencing this problem, this should be the last one without real data change :)

@thbkrkr thbkrkr merged commit 62b7cd2 into main May 24, 2024
5 checks passed
@thbkrkr thbkrkr deleted the use-hash-for-secure-settings-secret-updates branch May 24, 2024 08:30
@thbkrkr thbkrkr mentioned this pull request May 24, 2024
Closed
@thbkrkr
Copy link
Contributor Author

thbkrkr commented May 24, 2024

I created #7846 to not forget to update the docs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pebrc pebrc pebrc approved these changes

Assignees
No one assigned
Labels
>enhancement Enhancement of existing functionality v2.14.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Use secret hash instead of resource version to recreate pods when updating secure settings secrets
3 participants
@thbkrkr @naemono @pebrc