Advanced configuration
editAdvanced configuration
editIf you already looked at the Elasticsearch on ECK documentation, some of these concepts might sound familiar to you. The resource definitions in ECK share the same philosophy when you want to:
- Customize the Pod configuration
- Customize the product configuration
- Manage HTTP settings
- Use secure settings
Pod configuration
editYou can customize the Kibana Pod using a Pod template.
The following example demonstrates how to create a Kibana deployment with custom node affinity, increased heap size, and resource limits.
apiVersion: kibana.k8s.elastic.co/v1 kind: Kibana metadata: name: kibana-sample spec: version: 8.16.1 count: 1 elasticsearchRef: name: "elasticsearch-sample" podTemplate: spec: containers: - name: kibana env: - name: NODE_OPTIONS value: "--max-old-space-size=2048" resources: requests: memory: 1Gi cpu: 0.5 limits: memory: 2.5Gi cpu: 2 nodeSelector: type: frontend
The name of the container in the Pod template must be kibana
.
Check Set compute resources for Kibana, Enterprise Search, Elastic Maps Server, APM Server and Logstash for more information.
Kibana configuration
editYou can add your own Kibana settings to the spec.config
section.
The following example demonstrates how to set the elasticsearch.requestHeadersWhitelist
configuration option.
apiVersion: kibana.k8s.elastic.co/v1 kind: Kibana metadata: name: kibana-sample spec: version: 8.16.1 count: 1 elasticsearchRef: name: "elasticsearch-sample" config: elasticsearch.requestHeadersWhitelist: - authorization
Scale out a Kibana deployment
editTo deploy more than one instance of Kibana, all the instances must share a same set of encryption keys. The following keys are automatically generated by the operator:
-
xpack.security.encryptionKey
-
xpack.reporting.encryptionKey
-
xpack.encryptedSavedObjects.encryptionKey
If you need to access these encryption keys, you can find them using the kubectl get secrets
command.
The secret is named after the corresponding Kibana instance. For example, for a Kibana named my-kibana
, you can run the following command to retrieve the current encryption keys:
kubectl get secret my-kibana-kb-config -o jsonpath='{ .data.kibana\.yml }' | base64 --decode | grep -A1 encryptedSavedObjects
You can provide your own encryption keys using a secure setting, as described in Secure settings.
While most reconfigurations of your Kibana instances are carried out in rolling upgrade fashion, all version upgrades will cause Kibana downtime. This happens because you can only run a single version of Kibana at any given time. For more information, check Upgrade Kibana.