Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

Conflicting ELASTIC_PASSWORD among differently named secrets #1751

Open
cawoodm opened this issue Jan 5, 2023 · 0 comments
Open

Conflicting ELASTIC_PASSWORD among differently named secrets #1751

cawoodm opened this issue Jan 5, 2023 · 0 comments

Comments

@cawoodm
Copy link

cawoodm commented Jan 5, 2023

Chart version: 7.17.3

Kubernetes version: 1.23

Kubernetes provider: K3S (on-prem)

Helm Version: 3

helm get release output:
nothing, not installed

Describe the bug:
Following the security example has resulted in an error when installing the chart:

W0105 13:23:15.573073 1310129 warnings.go:70] spec.template.spec.containers[0].env[18].name: duplicate name "ELASTIC_PASSWORD"

It seems the security Makefile creates a secret called elasticsearch-credentials which then conflicts with the chart's secret called elasticsearch-master-credentials.

The --dry-run generated YAML shows:

        env:
          - name: ELASTIC_PASSWORD
            valueFrom:
              secretKeyRef:
                name: elasticsearch-master-credentials
                key: password
          - name: ELASTIC_PASSWORD
            valueFrom:
              secretKeyRef:
                key: password
                name: elastic-credentials

The second entry with elastic-credentials comes from the security example and is in our values.yaml

---
imageTag: "7.17.3"
replicas: 2

volumeClaimTemplate:
  accessModes: ["ReadWriteOnce"]
  resources:
    requests:
      storage: 30Gi

extraVolumeMounts:
  - mountPath: /usr/share/elasticsearch/data
    name: data
extraVolumes:
  - name: data
    hostPath:
      path: /data/db/elasticsearch/

esConfig:
  elasticsearch.yml: |
    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.http.ssl.enabled: true
    xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12

extraEnvs:
  - name: ELASTIC_PASSWORD
    valueFrom:
      secretKeyRef:
        name: elastic-credentials
        key: password

secretMounts:
  - name: elastic-certificates
    secretName: elastic-certificates
    path: /daten/pwd/elasticsearch/

Steps to reproduce:
See above.

Expected behavior:

Provide logs and/or server output (if relevant):

Be careful to obfuscate every secrets (credentials, token, public IP, ...) that could be visible in the output before copy-pasting

Any additional context:
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cawoodm