APM on ECK overwriting kubernetes secret token

We recently added APM to our ECK cluster andrew we're running into an issue. If we remove APM and re-add it the operator will overwrite any existing apm-token set. I would assume it worked like the es-elastic-user secret and just use it if it exists and not overwrite the value.

Is this how it's supposed to work?


I am assuming you manually created the token secret because kubectl delete apmserver <name> would have deleted the token secret that was created by the operator. In order to get the new APM server to re-use the existing secret, the following conditions must be satisfied:

  • Secret must be named myapm-apm-token (assuming that the APM server is named myapm)
  • The secret must have the following labels:
    • apm.k8s.elastic.co/name=myapm
    • common.k8s.elastic.co/type=apm-server

The sequence of commands would be:

kubectl create secret generic ${APM_NAME}-apm-token --from-literal=secret-token=$TOKEN
kubectl label secret ${APM_NAME}-apm-token  "apm.k8s.elastic.co/name=$APM_NAME" "common.k8s.elastic.co/type=apm-server"

Thank you! I didn't know about the labelling requirement for the secret.