Add ECK cert mismatch causing stack connection failure#9342
Conversation
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
🔍 Preview links for changed docs |
✅ Vale Linting ResultsNo issues found on modified lines! The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale. |
|
Thanks for writing the PR @kunisen |
pebrc
left a comment
There was a problem hiding this comment.
Code Review — PR #9342
Thanks for documenting this known issue! A few suggestions to improve the entry:
Findings
1. Missing entries for 3.3.0 and 3.3.1 (medium)
The cert mismatch affects versions 3.3.0–3.3.2, but the entry is only added under the 3.3.2 section. The established pattern in this file (see the FIPS BoringCrypto issue) is to duplicate the known issue entry under every affected version. The same dropdown should also appear under the 3.3.1 and 3.3.0 sections.
2. Workaround should be self-contained (medium)
The workaround currently says "follow the KB article to regenerate relevant certificates without upgrading," but the KB article likely requires Elastic support access — external users would hit a login wall. The actual workaround is simple enough to inline directly:
Delete the transport certificate secret (
<cluster>-es-<nodeset>-es-transport-certs) and the HTTP certificate secret (<cluster>-es-http-certs-internal) to force ECK to regenerate all certificates. Alternatively, upgrade to ECK 3.4.0 or later.
The KB link can remain as a "for more details" reference, but the actionable steps should not be gated behind it.
3. "Upgrade to ECK 3.4.0" reads as already released (nit)
The PR description says the fix is "tentatively scheduled for release in ECK 3.4.0." If 3.4.0 hasn't shipped yet when this merges, the wording could be softened (e.g., "once available").
4. Trailing whitespace (nit)
Line 30 has a trailing space.
|
@jeanfabrice thanks
Yes. I wrote it in the expanded text @pebrc thanks.
Done by adding the wording blocks to all 3.3 patch versions respectively.
Done by amending the wording per the suggestion.
Done by amending the wording per the suggestion.
Done by removing the trailing space. @pebrc thanks for your review. could you please check in advance? |
use short link to make it more meaningful. details for short link: https://links.elastic.dev/alias/eck-operator-upgrade-cert-issue
|
Thanks @pebrc can you help me merge this since I don't have permission - Or if you could grant me the permission to merge, that's also fine (I have such permission for some internal repos). |

Description
During troubleshooting, we (support) found that,
We would like to raise a doc PR to record this as ECK known issue for version 3.3.0-3.3.2.
The fix is tentatively scheduled for release in ECK 3.4.0 per #9197.
View / preview
After merge:
https://www.elastic.co/docs/release-notes/cloud-on-k8s/known-issues
Before merge:
docs/release-notes/known-issues.md
cc @jeanfabrice