Aptible PaaS logoDocs

How to set up Kibana on Aptible

❗️ These instructions apply only to Kibana/Elasticsearch versions 7.0 or higher. Earlier versions on Deploy did not make use of Elasaticsearch's native authentication or encryption, so we built our own Kibana App compatible with those versions, which you can find here: aptible/docker-kibana

Deploying Kibana on Aptible is not materially different from deploying any other prepackaged software. Below we will outline the basic configuration and best practices for deploying Elastic's official Kibana image.

Deploying Kibana

Since Elastic provides prebuilt Docker images for Kibana, you can deploy their image directly using the aptible deploy command:

aptible deploy --app $HANDLE --docker-image kibana:7.8.1 \
  RELEASE_HEALTHCHECK_TIMEOUT=300 \
  FORCE_SSL=true \
  ELASTICSEARCH_HOSTS="$URL" \
  ELASTICSEARCH_USERNAME="$USERNAME" \
  ELASTICSEARCH_PASSWORD="$PASSWORD"

For the above Elasticsearch settings, refer to the database credentials of your Elasticsearch Database. You must input the ELASTICSEARCH_HOSTS variable in this format:https://$HOSTNAME:$PORT/.

📘 Specifying a Kibana image requires a specific version number tag. The latest tag is not supported. You must specify the same version for Kibana that your Elasticsearch database is running.

You can make additional customizations using environment variables; refer to Elastic's Kibana environment variable documentation for a list of available variables.

Exposing Kibana

You will need to create an HTTP(S) endpoint to expose Kibana for access. While Kibana requires authentication, and you should force users to connect via HTTPS, you should also consider using IP Filtering to prevent unwanted intrusion attempts.

Logging in to Kibana

You can connect to Kibana using the username and password provided by your Elasticsearch database's credentials, or any other user credentials with appropriate permissions.

Scaling Kibana

The default memory limit that Kibana ships with is 1.4 GB, so you should use a 2 GB container size at a minimum to avoid exceeding the memory limit. As an example, at the 1 GB default Container size, it takes 3 minutes before Kibana starts accepting HTTP requests - hence the RELEASE_HEALTHCHECK_TIMEOUT Configuration variable is set to 5 minutes above.

You should not scale the Kibana App to more than one container. User session information is not shared between containers, and if you scale the service to more than one container, you will get stuck in an authentication loop.