Kibana not accessible via Kubernetes Ingress

Hey,
i have the following Problem which I copy and paste it from Github, anyone here who can help me out with this?

This is the Original Post to Github: Kibana not accessible via Ingress · Issue #172630 · elastic/kibana · GitHub

Kibana version:
Kibana-8.10.4 (Bitnami Helm Chart)

Elasticsearch version:
Elastisearch 8.11.1 (Bitnami Helm Chart)

Server OS version:
Debian-12.2 Bookworm / Kubernetes-1.27.7

Browser version:
Safari-17.1.2 / Chrome-119.0.6045.199

Browser OS version:

MacOS Sonoma 14.1.2

Original install method (e.g. download page, yum, from source, etc.):

Helm Chart (Bitnami)

Describe the bug:

When I try to login to Kibana and I enter my credentials and click on login it loads and send me Back to the login screen (Loop), when I open UP the Developer Tools inside my Browser I get the following error:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.

Steps to reproduce:

1. helm install --namespace elasticsearch elasticsearch bitnami/kibana -f values.yaml
2. I use the following Values.yaml file for my Deployment:

kibana:
  replicaCount: 3
  extraConfiguration:
    "server.publicBaseUrl": "https://kibana-dashboard.domain.tld"
    "xpack.security.sameSiteCookies": None
    "telemetry.allowChangingOptInStatus": false
    "telemetry.optIn": false
  persistence:
    enabled: true
    storageClass: "rook-cephfs"
    accessModes:
      - ReadWriteMany
    size: 10Gi
  ingress:
    enabled: true
    hostname: kibana-dashboard.domain.tld
    annotations:
      cert-manager.io/cluster-issuer: default-clusterissuer
      cert-manager.io/private-key-algorithm: "RSA"
      cert-manager.io/private-key-size: "4096"
      kubernetes.io/tls-acme: "true"
      nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
      nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    tls: true
    selfSigned: false
    ingressClassName: "nginx"
  containerSecurityContext:
    enabled: true
    runAsUser: 1001
    runAsNonRoot: true
    privileged: false
    readOnlyRootFilesystem: false
    allowPrivilegeEscalation: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: "RuntimeDefault"
  metrics:
    enabled: true
    containerSecurityContext:
      enabled: true
      runAsUser: 1001
      runAsNonRoot: true
      privileged: false
      readOnlyRootFilesystem: false
      allowPrivilegeEscalation: false
      capabilities:
        drop: ["ALL"]
      seccompProfile:
        type: "RuntimeDefault"
    serviceMonitor:
      enabled: false
  tls:
    enabled: true
    autoGenerated: true
  elasticsearch:
    hosts:
      - '{{ include "elasticsearch.service.name" . }}'
    port: '{{ include "elasticsearch.service.ports.restAPI" . }}'
    security:
      auth:
        enabled: true
        kibanaPassword: "PASSWORD"
        createSystemUser: true
        elasticsearchPasswordSecret: "elasticsearch"
      tls:
        enabled: true
        existingSecret: "elasticsearch-coordinating-crt"
        usePemCerts: true

I have a feeling this is due to the fact that you have the sameSiteCookies set to None, which requires xpack.security.secureCookies to be set to True. (default is false)

Thank‘s, i will try it out!

Same error with the following settings:

kibana:
  replicaCount: 3
  extraConfiguration:
    "server.publicBaseUrl": "https://kibana.platform-staging.domain.net"
    "xpack.security.sameSiteCookies": None
    "xpack.security.secureCookies": true
    "telemetry.allowChangingOptInStatus": false
    "telemetry.optIn": false

This are the errors inside the Webdeveloper Console.

Bildschirmfoto 2024-01-02 um 16.17.091920×1080 158 KB

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.