This is a patch release to address some issues found after the 1.3.0 release. Check [release-highlights-1.3.0] for the full highlights of the 1.3.x series.
ECK manages several Secrets that users may want to copy across namespaces in order to be mounted into other application Pods:
-
the Secret containing the
elastic
user password -
the Secret containing the public HTTP certificates to access Elasticsearch, Kibana, Enterprise Search
-
the Secret containing the APM Server token
Those Secrets include a reference to their owner resource (for example, the Elasticsearch resource). When a Secret is copied into a different namespace, that owner reference becomes invalid. A Kubernetes bug causes the garbage collection of all resources owned in the original namespace, including PersistentVolumes.
This bug is fixed in Kubernetes 1.20: resources with an invalid owner references will be automatically deleted, preventing any accidental garbage collection.
However since some ECK users might not be able to upgrade to Kubernetes 1.20 anytime soon, we are providing a fix in ECK directly. All aforementioned Secrets will not have an owner reference set anymore. The ECK operator itself handles garbage collection of those Secrets when appropriate.
When an Elasticsearch master node was created but, for any reason, didn’t join the cluster, the operator was not able to remove it anymore. A new parameter introduced in Elasticsearch 7.8.0
allows the operator to make progress in those circumstances: a master node that never joined the cluster can correctly be removed. Prior Elasticsearch versions do not benefit from that improvement.