Removing elastic-user Secret from K8s Secrets

x00m · October 25, 2021, 7:12am

When we create an Elasticsearch resource, the credentials for the "elastic" user are created and stored in the kubernetes secrets, with the name "-es-elastic-user"

Is it safe to delete this k8s secret? Does the system have any dependency on this secret?
What about the other secrets like ca-certs, internal-users, etc?

My goal is to use a different secret store (Azure Keyvault) to store the secrets. The Azure keyvault csi driver can be used to only read secrets and mount it as a volume to the containers, but not write secrets to keyvault by the eck operator.

sebgl · October 25, 2021, 8:27am

If you delete this secret, it will be recreated automatically by the operator.
This secret is intended as a way for users to discover the password of the default elastic user that has been created for them. It is not mounted in any Pod by the operator.

x00m · October 25, 2021, 12:29pm

Thanks for the input. How does the operator create the secret ?
Is there a way to create the secret elsewhere and not k8s secret ?

Topic		Replies	Views
ECK - Alternative secrets storage using CSI Driver for KeyVault in Azure Elastic Cloud on Kubernetes (ECK)	3	1014	October 21, 2021
Elastic user password change in kubernetes secret Elastic Cloud on Kubernetes (ECK)	3	1925	May 10, 2023
Remove labels (or ownership) from secret Elastic Cloud on Kubernetes (ECK)	7	717	August 31, 2021
Disable default secret creating in kubernetes Elasticsearch	1	257	November 7, 2022
How to reference elasticsearch secrets from azure key vault? Elastic Search	1	50	February 6, 2025

Removing elastic-user Secret from K8s Secrets

Related topics