I have Elasticsearch and kibana running on version 7.9.2 for a very long time without issues. Lately, when I started to deploy Elasticsearch and kibana 7.16.2, I see the 403 error below:
{"type":"log","@timestamp":"2022-01-07T00:21:30+00:00","tags":["info","savedobjects-service"],"pid":1,"message":"Starting saved objects migrations"}
{"type":"log","@timestamp":"2022-01-07T00:21:31+00:00","tags":["info","savedobjects-service"],"pid":1,"message":"[.kibana] INIT -> OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT. took: 34ms."}
{"type":"log","@timestamp":"2022-01-07T00:21:31+00:00","tags":["info","savedobjects-service"],"pid":1,"message":"[.kibana] OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT -> OUTDATED_DOCUMENTS_SEARCH_READ. took: 4ms."}
{"type":"log","@timestamp":"2022-01-07T00:21:31+00:00","tags":["info","savedobjects-service"],"pid":1,"message":"[.kibana] OUTDATED_DOCUMENTS_SEARCH_READ -> OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT. took: 11ms."}
{"type":"log","@timestamp":"2022-01-07T00:21:31+00:00","tags":["info","savedobjects-service"],"pid":1,"message":"[.kibana] OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT -> UPDATE_TARGET_MAPPINGS. took: 4ms."}
{"type":"log","@timestamp":"2022-01-07T00:21:31+00:00","tags":["error","savedobjects-service"],"pid":1,"message":"[.kibana] Action failed with '<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access this resource.</p>\n</body></html>\n'. Retrying attempt 1 in 2 seconds."}
{"type":"log","@timestamp":"2022-01-07T00:21:31+00:00","tags":["info","savedobjects-service"],"pid":1,"message":"[.kibana] UPDATE_TARGET_MAPPINGS -> UPDATE_TARGET_MAPPINGS. took: 85ms."}
{"type":"log","@timestamp":"2022-01-07T00:21:31+00:00","tags":["info","savedobjects-service"],"pid":1,"message":"[.kibana_task_manager] INIT -> OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT. took: 149ms."}
{"type":"log","@timestamp":"2022-01-07T00:21:31+00:00","tags":["info","savedobjects-service"],"pid":1,"message":"[.kibana_task_manager] OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT -> OUTDATED_DOCUMENTS_SEARCH_READ. took: 7ms."}
{"type":"log","@timestamp":"2022-01-07T00:21:31+00:00","tags":["info","savedobjects-service"],"pid":1,"message":"[.kibana_task_manager] OUTDATED_DOCUMENTS_SEARCH_READ -> OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT. took: 25ms."}
{"type":"log","@timestamp":"2022-01-07T00:21:31+00:00","tags":["info","savedobjects-service"],"pid":1,"message":"[.kibana_task_manager] OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT -> UPDATE_TARGET_MAPPINGS. took: 5ms."}
{"type":"log","@timestamp":"2022-01-07T00:21:31+00:00","tags":["error","savedobjects-service"],"pid":1,"message":"[.kibana_task_manager] Action failed with '<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access this resource.</p>\n</body></html>\n'. Retrying attempt 1 in 2 seconds."}
{"type":"log","@timestamp":"2022-01-07T00:21:31+00:00","tags":["info","savedobjects-service"],"pid":1,"message":"[.kibana_task_manager] UPDATE_TARGET_MAPPINGS -> UPDATE_TARGET_MAPPINGS. took: 13ms."}
{"type":"log","@timestamp":"2022-01-07T00:21:33+00:00","tags":["error","savedobjects-service"],"pid":1,"message":"[.kibana_task_manager] Action failed with '<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access this resource.</p>\n</body></html>\n'. Retrying attempt 2 in 4 seconds."}
{"type":"log","@timestamp":"2022-01-07T00:21:33+00:00","tags":["info","savedobjects-service"],"pid":1,"message":"[.kibana_task_manager] UPDATE_TARGET_MAPPINGS -> UPDATE_TARGET_MAPPINGS. took: 2027ms."}
{"type":"log","@timestamp":"2022-01-07T00:21:33+00:00","tags":["error","savedobjects-service"],"pid":1,"message":"[.kibana] Action failed with '<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access this resource.</p>\n</body></html>\n'. Retrying attempt 2 in 4 seconds."}
The only change I have made for the Elasticsearch.yml config file is that I added the "xpack.security.enabled: false". This is due to our implementation in which we have a front-end apache-proxy that handle basic authentication and therefore we choose to disable it in Elasticsearch.
Note that we use kubernetes to deploy multiple instances of Elasticsearch cluster pods and kibana pods. All Elasticsearch pods come up normal. The kibana pods that failed to come up will have the 403 error as shown above.
Also, output for GET _cat/indices/.kibana*:
green open .kibana_task_manager_7.16.2_001 zVI70QI4RV-kpGT0Wt7nWQ 1 1 17 2 77.7kb 38.8kb
green open .kibana_7.16.2_001 -oplNmORQom9owJbQiKiYQ 1 1 66 5 4.7mb 2.3mb
green open .kibana-event-log-7.16.2-000001 aUIzudR1QBKre1qKHt7Zuw 1 1 2 0 12.9kb 6.4kb
Is this issue related to xpack.security.enabled setting or mismatch of .kibana vs .kibana_7.16.2_001 indices or something else?
Kindly request for help.