Kibana Helm Chart
November 16, 2022 ยท View on GitHub
This Helm chart is a lightweight way to configure and run our official Kibana Docker image.
Warning When it comes to running the Elastic on Kubernetes infrastructure, we recommend Elastic Cloud on Kubernetes (ECK) as the best way to run and manage the Elastic Stack.
ECK offers many operational benefits for both our basic-tier and our enterprise-tier customers, such as spinning up cluster nodes that were lost on failed infrastructure, seamless upgrades, rolling cluster changes, and much much more.
With the release of the Elastic Stack Helm charts for Elastic version 8.5.1, we are handing over the ongoing maintenance of our Elastic Stack Helm charts to the community and contributors. This repository will finally be archived after 6 months time. Elastic Stacks deployed on Kubernetes through Helm charts will still be fully supported under EOL limitations.
Since we want to provide an even better experience for our customers by running the Elastic Stack on Kubernetes, we will continue maintaining the Helm charts applicable to ECK Custom Resources. These charts can be found in the ECK repository.
Helm charts will currently be maintained for ECK Enterprise-tier customers, however, we encourage the community to engage with the existing Helm charts for the Elastic Stack and continue supporting their ongoing maintenance.
See https://github.com/elastic/helm-charts/issues/1731 for more details.
Requirements
See supported configurations for more details.
Installing
Install a released version using the Helm repository
-
Add the Elastic Helm charts repo:
helm repo add elastic https://helm.elastic.co -
Install it:
helm install kibana elastic/kibana
Install a development version using the main branch
-
Clone the git repo:
git clone git@github.com:elastic/helm-charts.git -
Install it:
helm install kibana ./helm-charts/kibana --set imageTag=8.5.1
Upgrading
Please always check CHANGELOG.md and BREAKING_CHANGES.md before upgrading to a new chart version.
Usage notes
-
Automated testing of this chart is currently only run against GKE (Google Kubernetes Engine).
-
This repo includes several examples of configurations that can be used as a reference. They are also used in the automated testing of this chart.
Configuration
| Parameter | Description | Default |
|---|---|---|
affinity | Configurable affinity | {} |
annotations | Configurable annotations on the deployment object | {} |
automountToken | Whether or not to automount the service account token in the Pod | true |
elasticsearchHosts | The URLs used to connect to Elasticsearch | https://elasticsearch-master:9200 |
elasticsearchCertificateSecret | The name of the K8S secret that contains the Elasticsearch certificate | elasticsearch-master-certs |
elasticsearchCertificateAuthoritiesFile | The name of the certificate file into the elasticsearchCertificateSecret K8S secret | ca.crt |
elasticsearchCredentialSecret | The name of the K8S secret that contains the Elasticsearch credentials | elasticsearch-master-credentials |
envFrom | Templatable string to be passed to the environment from variables which will be appended to the envFrom: definition for the container | [] |
extraContainers | Templatable string of additional containers to be passed to the tpl function | [] |
extraEnvs | Extra environment variables which will be appended to the env: definition for the container | see values.yaml |
extraInitContainers | Templatable string of additional containers to be passed to the tpl function | [] |
extraVolumeMounts | Configuration for additional volumeMounts | [] |
extraVolumes | Configuration for additional volumes | [] |
fullnameOverride | Overrides the full name of the resources. If not set the name will default to " .Release.Name - .Values.nameOverride orChart.Name " | "" |
healthCheckPath | The path used for the readinessProbe to check that Kibana is ready. If you are setting server.basePath you will also need to update this to /${basePath}/app/kibana | /app/kibana |
hostAliases | Configurable hostAliases | [] |
httpPort | The http port that Kubernetes will use for the healthchecks and the service | 5601 |
imagePullPolicy | The Kubernetes imagePullPolicyvalue | IfNotPresent |
imagePullSecrets | Configuration for imagePullSecrets so that you can use a private registry for your image | [] |
imageTag | The Kibana Docker image tag | 8.5.1 |
image | The Kibana Docker image | docker.elastic.co/kibana/kibana |
ingress | Configurable ingress to expose the Kibana service. | see values.yaml |
kibanaConfig | Allows you to add any config files in /usr/share/kibana/config/ such as kibana.yml See values.yaml for an example of the formatting | {} |
labels | Configurable labels applied to all Kibana pods | {} |
lifecycle | Allows you to add lifecycle hooks. See values.yaml for an example of the formatting | {} |
nameOverride | Overrides the chart name for resources. If not set the name will default to .Chart.Name | "" |
nodeSelector | Configurable nodeSelector so that you can target specific nodes for your Kibana instances | {} |
podAnnotations | Configurable annotations applied to all Kibana pods | {} |
podSecurityContext | Allows you to set the securityContext for the pod | see values.yaml |
priorityClassName | The name of the PriorityClass. No default is supplied as the PriorityClass must be created first | "" |
protocol | The protocol that will be used for the readinessProbe. Change this to https if you have server.ssl.enabled: true set | http |
readinessProbe | Configuration for the readiness probe | see values.yaml |
replicas | Kubernetes replica count for the Deployment (i.e. how many pods) | 1 |
resources | Allows you to set the resources for the Deployment | see values.yaml |
secretMounts | Allows you easily mount a secret as a file inside the Deployment. Useful for mounting certificates and other secrets. See values.yaml for an example | [] |
securityContext | Allows you to set the securityContext for the container | see values.yaml |
serverHost | The server.host Kibana setting. This is set explicitly so that the default always matches what comes with the Docker image | 0.0.0.0 |
serviceAccount | Allows you to overwrite the "default" serviceAccount for the pod | [] |
service | Configurable service to expose the Kibana service. | see values.yaml |
tolerations | Configurable tolerations) | [] |
updateStrategy | Allows you to change the default updateStrategy for the Deployment. A standard upgrade of Kibana requires a full stop and start which is why the default strategy is set to Recreate | type: Recreate |
FAQ
How to deploy this chart on a specific K8S distribution?
This chart is highly tested with GKE, but some K8S distribution also requires specific configurations.
We provide examples of configuration for the following K8S providers:
How to use Kibana with security (authentication and TLS) enabled?
Starting with 8.x the default Elasticsearch Helm chart is automatically configured with security enabled (authentification and TLS).
As the Elasticsearch credentials and certificates are available in some Kubernetes secrets generated by the Elasticsearch chart, the Kibana chart is configured to read these secrets to configure the secure connection to Elasticsearch (The secrets names can be overrided in the chart values).
Therefore, Kibana is automatically configured to required authentication. You
can connect to Kibana with the elastic user account that comes from
Elasticsearch. The password can be find in the elasticsearchCredentialSecret
(see the chart notes).
:warning: Note that in production, the elastic user should only be used to
create new users.
This Helm chart can also use existing Kubernetes secrets to set up TLS certificates. These secrets should be created outside of this chart and accessed using the environment variables and volumes.
An example can be found in examples/security.
How to install plugins?
The recommended way to install plugins into our Docker images is to create a custom Docker image.
The Dockerfile would look something like this:
ARG kibana_version
FROM docker.elastic.co/kibana/kibana:${kibana_version}
RUN bin/kibana-plugin install <plugin_url>
And then updating the image in values to point to your custom image.
There are a couple of reasons we recommend this:
- Tying the availability of Kibana to the download service to install plugins is not a great idea or something that we recommend. Especially in Kubernetes where it is normal and expected for a container to be moved to another host at random times.
- Mutating the state of a running Docker image (by installing plugins) goes against the best practices of containers and immutable infrastructure.
How to import objects post-deployment?
You can use postStart lifecycle hooks to run code triggered after a
container is created.
Here is an example of postStart hook to import an index-pattern and a
dashboard:
lifecycle:
postStart:
exec:
command:
- bash
- -c
- |
#!/bin/bash
# Import a dashboard
KB_URL=http://localhost:5601
while [[ "$(curl -s -o /dev/null -w '%{http_code}\n' -L $KB_URL)" != "200" ]]; do sleep 1; done
curl -XPOST "$KB_URL/api/kibana/dashboards/import" -H "Content-Type: application/json" -H 'kbn-xsrf: true' -d'{"objects":[{"type":"index-pattern","id":"my-pattern","attributes":{"title":"my-pattern-*"}},{"type":"dashboard","id":"my-dashboard","attributes":{"title":"Look at my dashboard"}}]}'
Contributing
Please check CONTRIBUTING.md before any contribution or for any questions about our development and testing process.