I want to put my elasticsearch pods in a separate namespace but I'm not sure how to accomplish this. I have clients running in 2 other namespaces that will need to access the elastic cluster.
The secret containing the credentials is created into the same namespace where the elastic pods are running. That means my clients don't have access to it because those pods cannot read secrets outside their namespace. I can copy the secret to another namespace but this will require a manual repeat of this process anytime the secret changes.
I've looked into Replicator (https://github.com/mittwald/kubernetes-replicator) to copy the credentials secret to the other namespaces. It works great but I can't figure out how to tell the ES operator to annotate the secret such that Replicator will pick it up.
It seems my pattern of placing ES into a separate namespace from the clients is a normal use case and I imagine this has been solved. Can someone point me toward a solution?