Install Kibana with Docker

edit

Install Kibana with Docker

edit

Docker images for Kibana are available from the Elastic Docker registry. The base image is ubuntu:20.04.

A list of all published Docker images and tags is available at www.docker.elastic.co. The source code is in GitHub.

These images contain both free and subscription features. Start a 30-day trial to try out all of the features.

Run Kibana in Docker for development

edit

Use Docker commands to run Kibana on a single-node Elasticsearch cluster for development or testing.

This setup doesn’t run multiple Elasticsearch nodes by default. To create a multi-node cluster with Kibana, use Docker Compose instead. Refer to Start a multi-node cluster with Docker Compose in the Elasticsearch documentation.

  1. Install Docker. Visit Get Docker to install Docker for your environment.

    If using Docker Desktop, make sure to allocate at least 4GB of memory. You can adjust memory usage in Docker Desktop by going to Settings > Resources.

  2. Create a new Docker network for Elasticsearch and Kibana.

    docker network create elastic
  3. Pull the Elasticsearch Docker image.

    docker pull docker.elastic.co/elasticsearch/elasticsearch:8.17.0
  4. Optional: Install Cosign for your environment. Then use Cosign to verify the Elasticsearch image’s signature.

    wget https://artifacts.elastic.co/cosign.pub
    cosign verify --key cosign.pub docker.elastic.co/elasticsearch/elasticsearch:8.17.0

    The cosign command prints the check results and the signature payload in JSON format:

    Verification for docker.elastic.co/elasticsearch/elasticsearch:8.17.0 --
    The following checks were performed on each of these signatures:
      - The cosign claims were validated
      - Existence of the claims in the transparency log was verified offline
      - The signatures were verified against the specified public key
  5. Start an Elasticsearch container.

    docker run --name es01 --net elastic -p 9200:9200 -it -m 1GB docker.elastic.co/elasticsearch/elasticsearch:8.17.0

    Use the -m flag to set a memory limit for the container. This removes the need to manually set the JVM size.

    The command prints the elastic user password and an enrollment token for Kibana.

  6. Copy the generated elastic password and enrollment token. These credentials are only shown when you start Elasticsearch for the first time. You can regenerate the credentials using the following commands.

    docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
    docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
  7. Pull the Kibana Docker image.

    docker pull docker.elastic.co/kibana/kibana:8.17.0
  8. Optional: Verify the Kibana image’s signature.

    wget https://artifacts.elastic.co/cosign.pub
    cosign verify --key cosign.pub docker.elastic.co/kibana/kibana:8.17.0
  9. Start a Kibana container.

    docker run --name kib01 --net elastic -p 5601:5601 docker.elastic.co/kibana/kibana:8.17.0
  10. When Kibana starts, it outputs a unique generated link to the terminal. To access Kibana, open this link in a web browser.
  11. In your browser, enter the enrollment token that was generated when you started Elasticsearch.

    To regenerate the token, run:

    docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
  12. Log in to Kibana as the elastic user with the password that was generated when you started Elasticsearch.

    To regenerate the password, run:

    docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic

Remove Docker containers

edit

To remove the containers and their network, run:

# Remove the Elastic network
docker network rm elastic

# Remove the Elasticsearch container
docker rm es01

# Remove the Kibana container
docker rm kib01

Configure Kibana on Docker

edit

The Docker images provide several methods for configuring Kibana. The conventional approach is to provide a kibana.yml file as described in Configuring Kibana, but it’s also possible to use environment variables to define settings.

Bind-mounted configuration

edit

One way to configure Kibana on Docker is to provide kibana.yml via bind-mounting. With docker-compose, the bind-mount can be specified like this:

version: '2'
services:
  kibana:
    image: docker.elastic.co/kibana/kibana:8.17.0
    volumes:
      - ./kibana.yml:/usr/share/kibana/config/kibana.yml

Persist the Kibana keystore

edit

By default, Kibana auto-generates a keystore file for secure settings at startup. To persist your secure settings, use the kibana-keystore utility to bind-mount the parent directory of the keystore to the container. For example:

docker run -it --rm -v full_path_to/config:/usr/share/kibana/config -v full_path_to/data:/usr/share/kibana/data docker.elastic.co/kibana/kibana:8.17.0 bin/kibana-keystore create
docker run -it --rm -v full_path_to/config:/usr/share/kibana/config -v full_path_to/data:/usr/share/kibana/data docker.elastic.co/kibana/kibana:8.17.0 bin/kibana-keystore add test_keystore_setting

Environment variable configuration

edit

Under Docker, Kibana can be configured via environment variables. When the container starts, a helper process checks the environment for variables that can be mapped to Kibana command-line arguments.

For compatibility with container orchestration systems, these environment variables are written in all capitals, with underscores as word separators. The helper translates these names to valid Kibana setting names.

All information that you include in environment variables is visible through the ps command, including sensitive information.

Some example translations are shown here:

Table 1. Example Docker Environment Variables

Environment Variable

Kibana Setting

SERVER_NAME

server.name

SERVER_BASEPATH

server.basePath

ELASTICSEARCH_HOSTS

elasticsearch.hosts

In general, any setting listed in Configure Kibana can be configured with this technique.

Supplying array options can be tricky. The following example shows the syntax for providing an array to ELASTICSEARCH_HOSTS.

These variables can be set with docker-compose like this:

version: '2'
services:
  kibana:
    image: docker.elastic.co/kibana/kibana:8.17.0
    environment:
      SERVER_NAME: kibana.example.org
      ELASTICSEARCH_HOSTS: '["http://es01:9200","http://es02:9200","http://es03:9200"]'

Since environment variables are translated to CLI arguments, they take precedence over settings configured in kibana.yml.

Docker defaults

edit

The following settings have different default values when using the Docker images:

server.host

"0.0.0.0"

server.shutdownTimeout

"5s"

elasticsearch.hosts

http://elasticsearch:9200

monitoring.ui.container.elasticsearch.enabled

true

These settings are defined in the default kibana.yml. They can be overridden with a custom kibana.yml or via environment variables.

If replacing kibana.yml with a custom version, be sure to copy the defaults to the custom file if you want to retain them. If not, they will be "masked" by the new file.