Major When using Elasticsearch for the storage of Jaeger in OSSM, if you delete the corresponding Elasticsearch deployment, the Elasticsearch Operator does not automatically recreate it.
$ oc get deploy -n istio-system -l cluster-name=elasticsearch
NAME READY UP-TO-DATE AVAILABLE AGE
elasticsearch-cdm-istiosystemjaeger-1 0/1 1 0 70s
elasticsearch-cdm-istiosystemjaeger-2 0/1 1 0 74s
elasticsearch-cdm-istiosystemjaeger-3 0/1 1 0 52s
$ oc delete deploy -n istio-system elasticsearch-cdm-istiosystemjaeger-1
deployment.apps "elasticsearch-cdm-istiosystemjaeger-1" deleted
$ oc get deploy -n istio-system -l cluster-name=elasticsearch
NAME READY UP-TO-DATE AVAILABLE AGE
elasticsearch-cdm-istiosystemjaeger-2 0/1 1 0 2m4s
elasticsearch-cdm-istiosystemjaeger-3 0/1 1 0 102s
The cause is the same as this KCS. By default, multiple network policies are created in the namespace where the SMCP is created, blocking access from other namespaces and preventing reconciling by the Elasticsearch Operator.
Workaround: You can avoid this issue by creating a network policy that allows access from openshift-operators-redhat, where the Elasticsearch Operator exists.
kind: NetworkPolicy
metadata:
name: allow-from-openshift-operator-redhat
namespace: istio-system
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: openshift-operators-redhat
podSelector: {}
policyTypes:
- Ingress
