ROR : 1.67.2
Elastic : 8.10.4
Kibana authentication fails when multiple instance of pods are spun up.
It works well with single pod but performace is stressful
Hello,
Did you configured “ store_sessions_in_index: true” and the same cookiePass on each kibana instance?
Ser our docs: For ECK | ReadonlyREST
Hey Mateusz,
It seems we did.
Below is config from kibana.yaml
# Default Kibana configuration for docker target
#
server.host: “0.0.0.0”
server.shutdownTimeout: “5s”
monitoring.ui.container.elasticsearch.enabled: true
#
# Custom Kibana configuration for docker target
#
elasticsearch.pingTimeout: 2000
elasticsearch.requestTimeout: 45000
elasticsearch.shardTimeout: 0
kibana.index: “.kibana”
server.maxPayloadBytes: 1058576
server.publicBaseUrl: https://laas.d1.adform.zone
logging.appenders[stdout].type: console
logging.appenders[stdout].layout.type: json
logging.root.level: info
logging.root.appenders[0]: stdout
xpack.security.enabled: false
xpack.security.session.idleTimeout: 604800000
xpack.reporting.enabled: true
xpack.reporting.encryptionKey: no_encryption_key
xpack.reporting.queue.indexInterval: day
xpack.spaces.enabled: true
readonlyrest_kbn.whitelistedPaths: [“.*/api/status$”, “.*/_prometheus/metrics$”]
readonlyrest_kbn.session_timeout_minutes: 10080
readonlyrest_kbn.store_sessions_in_index: true
readonlyrest_kbn.sessions_refresh_after: 1000
readonlyrest_kbn.sessions_probe_interval_seconds: 604800
migrations.discardUnknownObjects: 8.10.4
We are PRO subscribers from Adform.
I could not raise ticket through PRO account. It redirects me to public forum when raised ticket with tech support.
Please help us at earliest cuz same issue is replicated across all environments including Prod.
We want to scale up pods due to intense load
Pro account : laas.administrators@adform.com
Sure, @jaihind. We will try to help you with this problem.
Could you please send us ES and KBN logs from the test session in which you experienced the log in issue?
You can use private forum message to do so.
Hello @jaihind
I can’t see readonlyrest_kbn.cookiePass in the provided settings. Could you confirm that it’s the same value in all Kibana instances?
Sure @Mateusz
Let me have a moment of your patience.
This is peak hours for us, Hence Im avoiding to recreate the issue.
I will do that later today and share latest logs of ES and Kibana.
@Dzuming Yes , the cookiepass seems to be same in all Kibana pods.
It is loaded through secrets in cluster.
I see that my account is promoted to editor and My UI has changed a bit.
How can I access Private forums where I can put sensitive details like logs and configs ?
@jaihind done. Please check if you have access
@coutoPL why dont you start the private conversation with him directly? So he follows up with the attachments?
@jaihind send the config files privately, and let’s continue discussing here if possible 
the message sent in the private thread
Hello @jaihind
Thanks for the logs. As I see you use 1.62 Kibana plugin version, and the error about missing encryptedIdentitySessionHeadersis from this Kibana plugin version, however, in your session, there is a new encryptedIdentitySessionHeaders syntax which we introduced in the 1.67 lugin version.
-
Could you verify if all Kibana instances use the same Kibana plugin version (it’s required to make it work correctly)
-
If yes, could you remove the .readonlyrest_kbn_sessions index manually and try to log in again? The index will be recreated again.
I have added the details to Private forum. @Dzuming
Lets continue our discussions there. Thank you