Set up Kibana on Aptible
❗️ These instructions apply only to Kibana/Elasticsearch versions 7.0 or higher. Earlier versions on Deploy did not make use of Elasaticsearch's native authentication or encryption, so we built our own Kibana App compatible with those versions, which you can find here: aptible/docker-kibana
Deploying Kibana on Aptible is not materially different from deploying any other prepackaged software. Below we will outline the basic configuration and best practices for deploying Elastic's official Kibana image.
Since Elastic provides prebuilt Docker images for Kibana, you can deploy their image directly using the
aptible deploy command:
aptible deploy --app $HANDLE --docker-image kibana:7.8.1 \ RELEASE_HEALTHCHECK_TIMEOUT=300 \ FORCE_SSL=true \ ELASTICSEARCH_HOSTS="$URL" \ ELASTICSEARCH_USERNAME="$USERNAME" \ ELASTICSEARCH_PASSWORD="$PASSWORD"
For the above Elasticsearch settings, refer to the database credentials of your Elasticsearch Database. You must input the
ELASTICSEARCH_HOSTS variable in this format:
📘 Specifying a Kibana image requires a specific version number tag. The
latesttag is not supported. You must specify the same version for Kibana that your Elasticsearch database is running.
You can make additional customizations using environment variables; refer to Elastic's Kibana environment variable documentation for a list of available variables.
You will need to create an HTTP(S) endpoint to expose Kibana for access. While Kibana requires authentication, and you should force users to connect via HTTPS, you should also consider using IP Filtering to prevent unwanted intrusion attempts.
Logging in to Kibana
You can connect to Kibana using the username and password provided by your Elasticsearch database's credentials, or any other user credentials with appropriate permissions.
The default memory limit that Kibana ships with is 1.4 GB, so you should use a 2 GB container size at a minimum to avoid exceeding the memory limit. Kibana can also use a lot of CPU, so even 2 GB may not have the performance you desire due to CPU isolation. As an example, at the 1 GB default Container size, it takes 3 minutes before Kibana starts accepting HTTP requests - hence the
RELEASE_HEALTHCHECK_TIMEOUT Configuration variable is set to 5 minutes above.
You should not scale the Kibana App to more than one container. User session information is not shared between containers, and if you scale the service to more than one container, you will get stuck in an authentication loop.