We recently added APM to our ECK cluster andrew we're running into an issue. If we remove APM and re-add it the operator will overwrite any existing apm-token set. I would assume it worked like the es-elastic-user secret and just use it if it exists and not overwrite the value.
Is this how it's supposed to work?
Thanks,
Andrew
I am assuming you manually created the token secret because kubectl delete apmserver <name>
would have deleted the token secret that was created by the operator. In order to get the new APM server to re-use the existing secret, the following conditions must be satisfied:
- Secret must be named
myapm-apm-token
(assuming that the APM server is named myapm
)
- The secret must have the following labels:
apm.k8s.elastic.co/name=myapm
common.k8s.elastic.co/type=apm-server
The sequence of commands would be:
APM_NAME=myapm
kubectl create secret generic ${APM_NAME}-apm-token --from-literal=secret-token=$TOKEN
kubectl label secret ${APM_NAME}-apm-token "apm.k8s.elastic.co/name=$APM_NAME" "common.k8s.elastic.co/type=apm-server"
Thank you! I didn't know about the labelling requirement for the secret.