Our kibana TLS certificate for HTTP layer it's about to expire. This was setup through the guide below
We already have the new certificate and the idea was just to create a new k8s secret, and redeploy kibana (we use helm for that). However, the new certificate is not being picked up.
Yes old secret was deleted and a new one (different name) with the new certificate was created, but it's not picked up. Also deleting the kibana pod doesn't trigger a refresh.
Thanks for pointing that out, but I don't think that's the case as along our new certificate there is also a new CA certificate which is added to the new secret.
So you deleted the secret with the old certificate and Kibana still picks it up even when recreating the pod? That's surprising.
And there is no old copy or anything in the secrets?
Yes, old secret is no longer there, but when the pod is recreated it still picks the old secret. As far as I understood this is the expected behavior as in this case the pod keeps the original configuration. However, changing the helm chart with the new secret doesn't trigger a redeployment, while other changes in the helm chart do trigger kibana redeployment.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.