Config Changes not applying

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

opensearch - 2.7.x

Describe the issue:
I already have opensearch up and running but I wan’t to change the password of existing user I know how we can change using securityadmin script.
But what I want is when I spin up a pod it would take new config with existing pvc but its not taking it while redeployment with same pvc i.e. need to preserve the existing data as well.
Can someone help me with this!!

Relevant Logs or Screenshots:

[2023-06-05T05:47:53,518][INFO ][o.o.s.s.ConfigHelper     ] [opensearch-cluster-master-0] Will update 'internalusers' with /usr/share/opensearch/config/opensearch-security/internal_users.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2023-06-05T05:47:53,523][INFO ][o.o.s.s.ConfigHelper     ] [opensearch-cluster-master-0] Index .opendistro_security already contains doc with id internalusers, skipping update.

@mouryasatyam The OpenSearch pods are created as statefulsets. The nature of the statefulset is to keep the order of the pods and preserve storage. That’s why even redeployment (helm uninstall/install) won’t reset the security index as the index already exists. During the deployment, the attached security config files are applied only when .opendistro_security doesn’t exist.

If you’d like to create the cluster from scratch then you must delete corresponding OpenSearch PVCs before deployment. Please be aware that deleting PVCs will delete PVs (if your policy is Delete/Recycle) that hold data with all indices attached to that OS node.

This is not recommended in the production environment. In prod, you should always use or OpenSearch Dashboards GUI.

This is not an issue but the nature of statefulsets.


@pablo Yeah understood thats as per security concern