These instructions apply only to Kibana/Elasticsearch versions 7.0 or higher. Earlier versions on Deploy did not make use of Elasaticsearch's native authentication or encryption, so we built our own Kibana App compatible with those versions, which you can find here: github.com/aptible/docker-kibana
Deploying Kibana on Aptible is not materially different in any way than deploying any other prepackaged software. Below we will outline the basic configuration and best practices for deploying Elastic's official Kibana image.
Since Elastic provides prebuilt Docker images for Kibana, you can deploy their image directly using the
aptible deploy command:
aptible deploy --app $HANDLE --docker-image kibana:7.8.1 \ RELEASE_HEALTHCHECK_TIMEOUT=300 \ FORCE_SSL=true \ ELASTICSEARCH_HOSTS="$URL" \ ELASTICSEARCH_USERNAME="$USERNAME" \ ELASTICSEARCH_PASSWORD="$PASSWORD"
For the the above Elasticsearch settings, refer to the Database Credentials of your Elasticsearch Database. The
ELASTICSEARCH_HOSTS variable must be provided in the form
Specifying a Kibana image requires a specific version number tag. The
latesttag is not supported. You must specify the same version for Kibana that your Elasticsearch Database is running.
Further customization can be made using environment variables, please refer to Elastic's Kibana environment variable documentation.
You will need to create an HTTP(S) Endpoint to expose Kibana for access. While Kibana requires authentication, and you should be forcing users to connect via HTTPS, you should consider using IP Filtering to prevent unwanted intrusion attempts.
You will be able to connect to Kibana using the username and password provided by your Elasticsearch Database's Database Credentials, or any other appropriately permissioned user you have created.
The default memory limit that Kibana ships with is 1.4 GB, so you should use a 2 GB container size at a minimum to avoid exceeding the memory limit. Kibana can also use a lot of CPU, so you may find even even 2 GB may not have the performance you desire due to CPU Limits. As an examaple, at the 1 GB default container size it takes 3 minutes before Kibana starts accepting HTTP requests - hence the
RELEASE_HEALTHCHECK_TIMEOUT Configuration variable is set to 5 minutes above.
You should not scale the Kibana App to more than one container. User session information is not shared between containers, and if you scale the service to more than one container, you will get stuck in an authentication loop.
Updated 6 months ago