There are certain environments in which network traffic restrictions are mandatory. In these environments, the Kibana instance isn’t able to reach the public Elastic Package Registry (EPR) endpoints, like epr.elastic.co, to download package metadata and content.
There are two workarounds in this situation — use a proxy server as network gateway to reach the public endpoints, or deploy your own instance of the Elastic Package Registry.
Use a proxy serveredit
If you can route traffic to the public endpoint of EPR through a network gateway, there is a property in Kibana that can orchestrate to use a proxy server:
For more information, see the Fleet and Elastic Agent Guide.
Host your own Elastic Package Registryedit
This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
If routing traffic through a proxy server is not an option, you can host your own Elastic Package Registry. The Package Storage instance must be deployed and hosted on-site as a Docker container. Package Storage is a special distribution of the Package Registry which already includes packages. There are different distributions available:
docker.elastic.co/package-registry/distribution:production- stable, tested package revisions
docker.elastic.co/package-registry/distribution:staging- package revisions ready for testing before release
docker.elastic.co/package-registry/distribution:snapshot- package revisions updated on daily basis
If you want to update the Package Storage image, you need to re-pull the image and restart docker container.
Every distribution contains packages that can be used by different versions of the Elastic Stack. As we adopted a continuous delivery pipeline for packages, we haven’t introduced the box release approach so far (7.13.0, 7.14.0, etc.). The Package Registry API exposes a Kibana version constraint that allows for filtering packages that are compatible with particular stack version.
These steps use the standard Docker CLI, but it shouldn’t be hard to transform them into Kubernetes descriptor file. Here is the k8s descriptor used by the e2e-testing project: yaml files.
Pull the Docker image from the public Docker registry:
docker pull docker.elastic.co/package-registry/distribution:production
Save the Docker image locally:
docker save -o epr.tar docker.elastic.co/package-registry/distribution:production
please mind the image size, so you won’t hit any capacity limit.
Transfer the image to the air-gapped environment and load:
docker load -i epr.tar
Run the Package Registry:
docker run -it docker.elastic.co/package-registry/distribution:production
(Optional) Define the internal healthcheck for the service as:
curl -f http://127.0.0.1:8080
Connect Kibana to the hosted Package Registryedit
There is a dedicated property in the Kibana config to change the URL of the Package Registry’s endpoint to a custom one. The example below connects to an internally hosted instance: