Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Operator takes ownership of adminCredentialsSecret that wasn't created by it #763

Open
L1ghtman2k opened this issue Mar 21, 2024 · 5 comments
Open

[BUG] Operator takes ownership of adminCredentialsSecret that wasn't created by it #763

L1ghtman2k opened this issue Mar 21, 2024 · 5 comments
Labels
bug Something isn't working

Comments

@L1ghtman2k
Copy link

What is the bug?

An operator takes ownership of the secret that wasn't created by it. As a result, the operator deletes the secret, when the cluster is deleted, even though the operator wasn't supposed to manage said resource.

What is the expected behavior?

The secret that was created by a different processor other than operator should remain
@L1ghtman2k L1ghtman2k added bug Something isn't working untriaged Issues that have not yet been triaged labels Mar 21, 2024
@prudhvigodithi
Copy link
Collaborator

prudhvigodithi commented Mar 25, 2024
edited

[Triage]

Hey @L1ghtman2k I have tested the creation of admin secret admin-credentials-secre (kubectl create -f <>) and updated the adminCredentialsSecret section of the config file, I was able to get the cluster created by the operator and able to access the cluster with admin:test.

apiVersion: v1
kind: Secret
metadata:  
  name: admin-credentials-secret
type: Opaque
data:
  # admin
  username: YWRtaW4=
  # test
  password: dGVzdA==

apiVersion: opensearch.opster.io/v1
kind: OpenSearchCluster
metadata:
  name: pgcluster
  namespace: default
spec:
  security:
    config: 
     adminCredentialsSecret:
        name: admin-credentials-secret
    tls:
       http:
         generate: true 
       transport:
         generate: true
         perNode: true
  general:
    httpPort: 9400
    serviceName: my-first-cluster
    version: 2.12.0
    drainDataNodes: true
  dashboards:
    version: 2.12.0
    enable: true
    replicas: 1
    resources:
      requests:
         memory: "512Mi"
         cpu: "200m"
      limits:
         memory: "512Mi"
         cpu: "200m"
  nodePools:
    - component: masters
      replicas: 3
      resources:
         requests:
            memory: "1Gi"
            cpu: "550m"
         limits:
            memory: "1Gi"
            cpu: "550m"
      roles:
        - "data"
        - "cluster_manager"
      persistence:
         emptyDir: {}

After I delete the cluster by deleting the config file (kubectl delete -f <>), the cluster was deleted but not the secret admin-credentials-secret that was created separately.

Adding @bbarani @salyh @jochenkressin @pchmielnik @swoehrl-mw

@prudhvigodithi prudhvigodithi removed the untriaged Issues that have not yet been triaged label Mar 25, 2024
@L1ghtman2k
Copy link
Author

It might be related to me also setting opensearch securityConfigSecret(I also set the password hash)?

@prudhvigodithi
Copy link
Collaborator

It should not as well, I have once tested the securityConfigSecret as well and kubectl get secrets still shows me that, are you installing the cluster config with helm (https://github.com/opensearch-project/opensearch-k8s-operator/tree/main/charts/opensearch-cluster) or manually?

@L1ghtman2k
Copy link
Author

Kubectl apply (not helm)

@prudhvigodithi
Copy link
Collaborator

Then same as me, so can you try once clean up in your dev and test with the configuration (secret and cluster config yaml) I have provided above ?
Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@prudhvigodithi @L1ghtman2k