Advanced configuration

edit

If you already looked at the Elasticsearch on ECK documentation, some of these concepts might sound familiar to you. The resource definitions in ECK share the same philosophy when you want to:

  • Customize the Pod configuration
  • Customize the product configuration
  • Manage HTTP settings
  • Use secure settings

Pod configuration

edit

You can customize the Kibana Pod using a Pod template.

The following example demonstrates how to create a Kibana deployment with custom node affinity, increased heap size, and resource limits.

apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: kibana-sample
spec:
  version: 8.17.0
  count: 1
  elasticsearchRef:
    name: "elasticsearch-sample"
  podTemplate:
    spec:
      containers:
      - name: kibana
        env:
          - name: NODE_OPTIONS
            value: "--max-old-space-size=2048"
        resources:
          requests:
            memory: 1Gi
            cpu: 0.5
          limits:
            memory: 2.5Gi
            cpu: 2
      nodeSelector:
        type: frontend

The name of the container in the Pod template must be kibana.

Check Set compute resources for Kibana, Enterprise Search, Elastic Maps Server, APM Server and Logstash for more information.

Kibana configuration

edit

You can add your own Kibana settings to the spec.config section.

The following example demonstrates how to set the elasticsearch.requestHeadersWhitelist configuration option.

apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: kibana-sample
spec:
  version: 8.17.0
  count: 1
  elasticsearchRef:
    name: "elasticsearch-sample"
  config:
     elasticsearch.requestHeadersWhitelist:
     - authorization

Scale out a Kibana deployment

edit

To deploy more than one instance of Kibana, all the instances must share a same set of encryption keys. The following keys are automatically generated by the operator:

  • xpack.security.encryptionKey
  • xpack.reporting.encryptionKey
  • xpack.encryptedSavedObjects.encryptionKey

If you need to access these encryption keys, you can find them using the kubectl get secrets command.

The secret is named after the corresponding Kibana instance. For example, for a Kibana named my-kibana, you can run the following command to retrieve the current encryption keys:

kubectl get secret my-kibana-kb-config -o jsonpath='{ .data.kibana\.yml }' | base64 --decode | grep -A1 encryptedSavedObjects

You can provide your own encryption keys using a secure setting, as described in Secure settings.

While most reconfigurations of your Kibana instances are carried out in rolling upgrade fashion, all version upgrades will cause Kibana downtime. This happens because you can only run a single version of Kibana at any given time. For more information, check Upgrade Kibana.