Kubernetes: how to run HA kibana behind service? - Login fails if using more than one instance

Hi,

I am running elastic stack with enabled security module (TLS + authentication) in kubernetes.
My Infrastructure inside kubernetes looks like this:

I have one issue and one question:

Issue:
If running only one kibana pod, Login is running fine, I can work with kibana. But If I run 2 pods behind the kibana service, I the Login window comes back after entering credentials. I am caught in a loop.

So what do I need to to if I want to use multiple kibana instances behind a service / loadbalancer?
I think I read somewhere of a parameter / key / cookie stuff which should be configured identically on all kibana instances which are behind a loadbalancer. But I am not too sure about it and I cannot find this information again.

Question:
Is that picture shown best practice for running kibana + elasticsearch in kubernetes or is it still better to run kibana against it's own coordinating only node as described in production recommendations?

Thanks a lot,
Andreas

PS: I did not set any session affinity yet.

You need to set xpack.security.encryptionKey to be the same in all of your Kibana instances as by default this will be auto-generated with a different value every time Kibana starts. See https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html#security-ui-settings

great, that was the link I lost :wink:

I just added xpack.security.encryptionKey to keystore and it works again. Many thanks.

Can anyone please also answer the Best practice question above?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.