From fd8283c3139f877acbf3607f36ac8006646bb27a Mon Sep 17 00:00:00 2001
From: dehaocheng <dehaocheng@kubesphere.io>
Date: Thu, 24 Aug 2023 17:19:46 +0800
Subject: [PATCH] Support automatic update of external elasticsearch or
 opensearch passwords

Signed-off-by: dehaocheng <dehaocheng@kubesphere.io>
---
 roles/common/tasks/escurator-install.yaml  | 2 +-
 roles/common/tasks/opensearch-install.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/common/tasks/escurator-install.yaml b/roles/common/tasks/escurator-install.yaml
index a1863603b..0976164d6 100644
--- a/roles/common/tasks/escurator-install.yaml
+++ b/roles/common/tasks/escurator-install.yaml
@@ -15,7 +15,7 @@
 # Creating elasticsearch-credentials secret used to connect external es with basic auth enabled.
 - name: KubeSphere | Creating elasticsearch credentials secret
   shell: >
-    {{ bin_dir }}/kubectl create secret generic elasticsearch-credentials --from-literal="username={{ common.es.basicAuth.username }}" --from-literal="password={{ common.es.basicAuth.password }}" --type=kubernetes.io/basic-auth -n kubesphere-logging-system
+    {{ bin_dir }}/kubectl create secret generic elasticsearch-credentials --save-config --dry-run=client --from-literal="username={{ common.es.basicAuth.username }}" --from-literal="password={{ common.es.basicAuth.password }}" --type=kubernetes.io/basic-auth -n kubesphere-logging-system -o yaml | kubectl apply -f -
   register: secret
   failed_when: "secret.stderr and 'already exists' not in secret.stderr"
   until: secret is succeeded
diff --git a/roles/common/tasks/opensearch-install.yaml b/roles/common/tasks/opensearch-install.yaml
index cab42a3b7..f455526d4 100644
--- a/roles/common/tasks/opensearch-install.yaml
+++ b/roles/common/tasks/opensearch-install.yaml
@@ -39,7 +39,7 @@
 # Creating opensearch-credentials secret used to connect external es with basic auth enabled.
 - name: KubeSphere | Creating opensearch credentials secret
   shell: >
-    {{ bin_dir }}/kubectl create secret generic opensearch-credentials --from-literal="username={{ common.opensearch.basicAuth.username }}" --from-literal="password={{ common.opensearch.basicAuth.password }}" --type=kubernetes.io/basic-auth -n kubesphere-logging-system
+    {{ bin_dir }}/kubectl create secret generic opensearch-credentials --save-config --dry-run=client --from-literal="username={{ common.opensearch.basicAuth.username }}" --from-literal="password={{ common.opensearch.basicAuth.password }}" --type=kubernetes.io/basic-auth -n kubesphere-logging-system -o yaml | kubectl apply -f -
   register: secret
   failed_when: "secret.stderr and 'already exists' not in secret.stderr"
   until: secret is succeeded