Kibana ReadOnlyRest Version: 1.16.33
Elasticsearch ReadOnlyRest Version: 1.16.33
Kibana & Elasticsearch version: 6.5.4
We are running Kibana in a docker container and giving compatible options (https://github.com/elastic/kibana-docker/blob/master/.tedi/template/kibana-docker) as ENV vars, while rest of the configuration as CLI arguments.
The following are the CLI arguments we give:
[ "/usr/local/bin/kibana-docker", "--readonlyrest_kbn.proxy_auth_passthrough=true", "--readonlyrest_kbn.kibanaIndexTemplate=.kibana_template", "--readonlyrest_kbn.cookiePass=cookiepassthathasthirtytwocharactersormore", "--elasticsearch.requestHeadersWhitelist=x-forwarded-user", "--elasticsearch.requestHeadersWhitelist=x-tenant", "--elasticsearch.requestHeadersWhitelist=authorization", "--xpack.spaces.enabled=false" ]
The rest of the configuration such as Elasticsearch URL, password, etc are given as environment variables. This docker container runs inside a Nomad Cluster.
When running just one instance of Kibana with installed ROR, we find that the application works seamlessly.
We are using proxy auth, so it can be said that the setting
--readonlyrest_kbn.proxy_auth_passthrough=true worked. So, we also added the
cookiePass and the
kibanaIndexTemplate settings as CLI arguments. However, we find that:
- When a new user logs in, the
.kibana_templateis not copied to the
- When we run multiple instances of kibana behind the proxy, the auth sessions is not retained and the user gets logged out abruptly.
Is it that these configurations cannot be passed as CLI arguments? Or we are doing something wrong here?