Kubernetes: how to run HA kibana behind service? - Login fails if using more than one instance

asp · August 6, 2019, 9:04am

Hi,

I am running elastic stack with enabled security module (TLS + authentication) in kubernetes.
My Infrastructure inside kubernetes looks like this:

I have one issue and one question:

Issue:
If running only one kibana pod, Login is running fine, I can work with kibana. But If I run 2 pods behind the kibana service, I the Login window comes back after entering credentials. I am caught in a loop.

So what do I need to to if I want to use multiple kibana instances behind a service / loadbalancer?
I think I read somewhere of a parameter / key / cookie stuff which should be configured identically on all kibana instances which are behind a loadbalancer. But I am not too sure about it and I cannot find this information again.

Question:
Is that picture shown best practice for running kibana + elasticsearch in kubernetes or is it still better to run kibana against it's own coordinating only node as described in production recommendations?

Thanks a lot,
Andreas

PS: I did not set any session affinity yet.

ikakavas · August 6, 2019, 9:09am

You need to set xpack.security.encryptionKey to be the same in all of your Kibana instances as by default this will be auto-generated with a different value every time Kibana starts. See Security settings in Kibana | Kibana Guide [8.11] | Elastic

asp · August 6, 2019, 9:24am

great, that was the link I lost

I just added xpack.security.encryptionKey to keystore and it works again. Many thanks.

Can anyone please also answer the Best practice question above?

system · September 3, 2019, 9:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.