Running Kibana on ECK
editRunning Kibana on ECK
editThe quickstart is a good starting point to quickly setup a Kibana instance with ECK. The following sections describe how to customize a Kibana deployment to suit your requirements.
Use an Elasticsearch cluster managed by ECK
editIt is quite straightforward to connect a Kibana instance to an Elasticsearch cluster managed by ECK:
apiVersion: kibana.k8s.elastic.co/v1beta1 kind: Kibana metadata: name: quickstart spec: version: 8.17.0 count: 1 elasticsearchRef: name: quickstart namespace: default
namespace
is optional if the Elasticsearch cluster is running in the same namespace as Kibana.
The Kibana configuration file is automatically setup by ECK to establish a secure connection to Elasticsearch.
Advanced configuration
editIf you already looked at the Elasticsearch on ECK documentation, then concepts and ideas described here might sound familiar to you. This is because the resource definitions in ECK share the same philosophy when it comes to:
- Customizing the Pod configuration
- Customizing the product configuration
- Managing HTTP settings
- Using secure settings
Pod Configuration
editYou can define a pod template to customize the Kibana pod and override any configuration values.
The following example demonstrates how to create a Kibana deployment with custom node affinity and resource limits.
apiVersion: kibana.k8s.elastic.co/v1beta1 kind: Kibana metadata: name: kibana-sample spec: version: 8.17.0 count: 1 elasticsearchRef: name: "elasticsearch-sample" podTemplate: spec: containers: - name: kibana resources: requests: memory: 1Gi cpu: 0.5 limits: memory: 2Gi cpu: 2 nodeSelector: type: frontend
The name of the container in the pod template must be kibana
.
See Set compute resources for Kibana and APM Server for more information.
Kibana Configuration
editYou can add your own Kibana settings to the spec.config
section.
The following example demonstrates how to set the elasticsearch.requestHeadersWhitelist
configuration option:
apiVersion: kibana.k8s.elastic.co/v1beta1 kind: Kibana metadata: name: kibana-sample spec: version: 8.17.0 count: 1 elasticsearchRef: name: "elasticsearch-sample" config: elasticsearch.requestHeadersWhitelist: - authorization
Scale out a Kibana deployment
editYou may want to deploy more than one instance of Kibana. In this case all the instances must share the same encryption key.
This can be done by setting the xpack.security.encryptionKey
property using a secure setting as described in the next section.
Secure Settings
editSimilar to Elasticsearch, you can use Kubernetes secrets to manage secure settings for Kibana as well.
For example, you can define a custom encryption key for Kibana as follows:
-
Create a secret containing the desired setting:
kubectl create secret generic kibana-secret-settings \ --from-literal=xpack.security.encryptionKey=94d2263b1ead716ae228277049f19975aff864fb4fcfe419c95123c1e90938cd
-
Add a reference to the secret in the
secureSettings
section:apiVersion: kibana.k8s.elastic.co/v1beta1 kind: Kibana metadata: name: kibana-sample spec: version: 8.17.0 count: 3 elasticsearchRef: name: "elasticsearch-sample" secureSettings: - secretName: kibana-secret-settings
HTTP Configuration
editLoad balancer settings and TLS SANs
editBy default a ClusterIP
service is created and associated with the Kibana deployment.
You may want to expose Kibana externally with a load balancer.
In which case you may also want to include a custom DNS name or IP in the self-generated certificate.
apiVersion: kibana.k8s.elastic.co/v1beta1 kind: Kibana metadata: name: kibana-sample spec: version: 8.17.0 count: 1 elasticsearchRef: name: "elasticsearch-sample" http: service: spec: type: LoadBalancer # default is ClusterIP tls: selfSignedCertificate: subjectAltNames: - ip: 1.2.3.4 - dns: kibana.example.com
Provide your own certificate
editIf you want to use your own certificate, the required configuration is identical to Elasticsearch. See: Custom HTTP certificate.
Disable TLS
editYou can disable the generation of the self-signed certificate and hence disable TLS.
apiVersion: kibana.k8s.elastic.co/v1beta1 kind: Kibana metadata: name: kibana-sample spec: version: 8.17.0 count: 1 elasticsearchRef: name: "elasticsearch-sample" http: tls: selfSignedCertificate: disabled: true