rancher-partner-charts/charts/elastic/kibana/README.md

22 KiB

Kibana Helm Chart

Build Status Artifact HUB

This Helm chart is a lightweight way to configure and run our official Kibana Docker image.

Warning When it comes to running the Elastic on Kubernetes infrastructure, we recommend Elastic Cloud on Kubernetes (ECK) as the best way to run and manage the Elastic Stack.

ECK offers many operational benefits for both our basic-tier and our enterprise-tier customers, such as spinning up cluster nodes that were lost on failed infrastructure, seamless upgrades, rolling cluster changes, and much much more.

With the release of the Elastic Stack Helm charts for Elastic version 8.5.1, we are handing over the ongoing maintenance of our Elastic Stack Helm charts to the community and contributors. This repository will finally be archived after 6 months time. Elastic Stacks deployed on Kubernetes through Helm charts will still be fully supported under EOL limitations.

Since we want to provide an even better experience for our customers by running the Elastic Stack on Kubernetes, we will continue maintaining the Helm charts applicable to ECK Custom Resources. These charts can be found in the ECK repository.

Helm charts will currently be maintained for ECK Enterprise-tier customers, however, we encourage the community to engage with the existing Helm charts for the Elastic Stack and continue supporting their ongoing maintenance.

See https://github.com/elastic/helm-charts/issues/1731 for more details.

Requirements

See supported configurations for more details.

Installing

Install a released version using the Helm repository

  • Add the Elastic Helm charts repo: helm repo add elastic https://helm.elastic.co

  • Install it: helm install kibana elastic/kibana

Install a development version using the main branch

  • Clone the git repo: git clone git@github.com:elastic/helm-charts.git

  • Install it: helm install kibana ./helm-charts/kibana --set imageTag=8.5.1

Upgrading

Please always check CHANGELOG.md and BREAKING_CHANGES.md before upgrading to a new chart version.

Usage notes

  • Automated testing of this chart is currently only run against GKE (Google Kubernetes Engine).

  • This repo includes several examples of configurations that can be used as a reference. They are also used in the automated testing of this chart.

Configuration

Parameter Description Default
affinity Configurable affinity {}
annotations Configurable annotations on the deployment object {}
automountToken Whether or not to automount the service account token in the Pod true
elasticsearchHosts The URLs used to connect to Elasticsearch https://elasticsearch-master:9200
elasticsearchCertificateSecret The name of the K8S secret that contains the Elasticsearch certificate elasticsearch-master-certs
elasticsearchCertificateAuthoritiesFile The name of the certificate file into the elasticsearchCertificateSecret K8S secret ca.crt
elasticsearchCredentialSecret The name of the K8S secret that contains the Elasticsearch credentials elasticsearch-master-credentials
envFrom Templatable string to be passed to the environment from variables which will be appended to the envFrom: definition for the container []
extraContainers Templatable string of additional containers to be passed to the tpl function []
extraEnvs Extra environment variables which will be appended to the env: definition for the container see values.yaml
extraInitContainers Templatable string of additional containers to be passed to the tpl function []
extraVolumeMounts Configuration for additional volumeMounts []
extraVolumes Configuration for additional volumes []
fullnameOverride Overrides the full name of the resources. If not set the name will default to " .Release.Name - .Values.nameOverride orChart.Name " ""
healthCheckPath The path used for the readinessProbe to check that Kibana is ready. If you are setting server.basePath you will also need to update this to /${basePath}/app/kibana /app/kibana
hostAliases Configurable hostAliases []
httpPort The http port that Kubernetes will use for the healthchecks and the service 5601
imagePullPolicy The Kubernetes imagePullPolicyvalue IfNotPresent
imagePullSecrets Configuration for imagePullSecrets so that you can use a private registry for your image []
imageTag The Kibana Docker image tag 8.5.1
image The Kibana Docker image docker.elastic.co/kibana/kibana
ingress Configurable ingress to expose the Kibana service. see values.yaml
kibanaConfig Allows you to add any config files in /usr/share/kibana/config/ such as kibana.yml See values.yaml for an example of the formatting {}
labels Configurable labels applied to all Kibana pods {}
lifecycle Allows you to add lifecycle hooks. See values.yaml for an example of the formatting {}
nameOverride Overrides the chart name for resources. If not set the name will default to .Chart.Name ""
nodeSelector Configurable nodeSelector so that you can target specific nodes for your Kibana instances {}
podAnnotations Configurable annotations applied to all Kibana pods {}
podSecurityContext Allows you to set the securityContext for the pod see values.yaml
priorityClassName The name of the PriorityClass. No default is supplied as the PriorityClass must be created first ""
protocol The protocol that will be used for the readinessProbe. Change this to https if you have server.ssl.enabled: true set http
readinessProbe Configuration for the readiness probe see values.yaml
replicas Kubernetes replica count for the Deployment (i.e. how many pods) 1
resources Allows you to set the resources for the Deployment see values.yaml
secretMounts Allows you easily mount a secret as a file inside the Deployment. Useful for mounting certificates and other secrets. See values.yaml for an example []
securityContext Allows you to set the securityContext for the container see values.yaml
serverHost The server.host Kibana setting. This is set explicitly so that the default always matches what comes with the Docker image 0.0.0.0
serviceAccount Allows you to overwrite the "default" serviceAccount for the pod []
service Configurable service to expose the Kibana service. see values.yaml
tolerations Configurable tolerations) []
updateStrategy Allows you to change the default updateStrategy for the Deployment. A standard upgrade of Kibana requires a full stop and start which is why the default strategy is set to Recreate type: Recreate

FAQ

How to deploy this chart on a specific K8S distribution?

This chart is highly tested with GKE, but some K8S distribution also requires specific configurations.

We provide examples of configuration for the following K8S providers:

How to use Kibana with security (authentication and TLS) enabled?

Starting with 8.x the default Elasticsearch Helm chart is automatically configured with security enabled (authentification and TLS).

As the Elasticsearch credentials and certificates are available in some Kubernetes secrets generated by the Elasticsearch chart, the Kibana chart is configured to read these secrets to configure the secure connection to Elasticsearch (The secrets names can be overrided in the chart values).

Therefore, Kibana is automatically configured to required authentication. You can connect to Kibana with the elastic user account that comes from Elasticsearch. The password can be find in the elasticsearchCredentialSecret (see the chart notes).

⚠️ Note that in production, the elastic user should only be used to create new users.

This Helm chart can also use existing Kubernetes secrets to set up TLS certificates. These secrets should be created outside of this chart and accessed using the environment variables and volumes.

An example can be found in examples/security.

How to install plugins?

The recommended way to install plugins into our Docker images is to create a custom Docker image.

The Dockerfile would look something like this:

ARG kibana_version
FROM docker.elastic.co/kibana/kibana:${kibana_version}

RUN bin/kibana-plugin install <plugin_url>

And then updating the image in values to point to your custom image.

There are a couple of reasons we recommend this:

  1. Tying the availability of Kibana to the download service to install plugins is not a great idea or something that we recommend. Especially in Kubernetes where it is normal and expected for a container to be moved to another host at random times.
  2. Mutating the state of a running Docker image (by installing plugins) goes against the best practices of containers and immutable infrastructure.

How to import objects post-deployment?

You can use postStart lifecycle hooks to run code triggered after a container is created.

Here is an example of postStart hook to import an index-pattern and a dashboard:

lifecycle:
  postStart:
    exec:
      command:
        - bash
        - -c
        - |
          #!/bin/bash
          # Import a dashboard
          KB_URL=http://localhost:5601
          while [[ "$(curl -s -o /dev/null -w '%{http_code}\n' -L $KB_URL)" != "200" ]]; do sleep 1; done
          curl -XPOST "$KB_URL/api/kibana/dashboards/import" -H "Content-Type: application/json" -H 'kbn-xsrf: true' -d'{"objects":[{"type":"index-pattern","id":"my-pattern","attributes":{"title":"my-pattern-*"}},{"type":"dashboard","id":"my-dashboard","attributes":{"title":"Look at my dashboard"}}]}'          

Contributing

Please check CONTRIBUTING.md before any contribution or for any questions about our development and testing process.