Connect to an Elasticsearch cluster

ECK

You can connect an Elasticsearch cluster that is either managed by ECK or not managed by ECK.

Elasticsearch is managed by ECK

It is quite straightforward to connect a Kibana instance to an Elasticsearch cluster managed by ECK:

		apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: quickstart
spec:
  version: 8.16.1
  count: 1
  elasticsearchRef:
    name: quickstart
    namespace: default

	

The use of namespace is optional if the Elasticsearch cluster is running in the same namespace as Kibana. An additional serviceName attribute can be specified to target a custom Kubernetes service. Refer to Traffic Splitting for more information. The Kibana configuration file is automatically setup by ECK to establish a secure connection to Elasticsearch.

Note

Any Kibana can reference (and thus access) any Elasticsearch instance as long as they are both in namespaces that are watched by the same ECK instance. ECK will copy the required Secret from Elasticsearch to Kibana namespace. Kibana cannot automatically connect to Elasticsearch (through elasticsearchRef) in a namespace managed by a different ECK instance. For more information, check Restrict cross-namespace resource associations.

Elasticsearch is not managed by ECK

You can also configure Kibana to connect to an Elasticsearch cluster that is managed by a different installation of ECK, or runs outside the Kubernetes cluster. In this case, you need the IP address or URL of the Elasticsearch cluster and a valid username and password pair to access the cluster.

Using a Secret

Refer to Connect to external Elastic resources to automatically configure Kibana using connection settings from a Secret.

Using secure settings

For example, use the secure settings mechanism to securely store the default elastic user’s $PASSWORD credential of the external Elasticsearch cluster as set under Deploy an Elasticsearch cluster:

		kubectl create secret generic kibana-elasticsearch-credentials --from-literal=elasticsearch.password=$PASSWORD

	

		apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: kibana-sample
spec:
  version: 8.16.1
  count: 1
  config:
    elasticsearch.hosts:
      - https://elasticsearch.example.com:9200
    elasticsearch.username: elastic
  secureSettings:
    - secretName: kibana-elasticsearch-credentials

	

If the external Elasticsearch cluster is using a self-signed certificate, create a Secret containing the CA certificate and mount it to the Kibana container as follows:

		apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: kibana-sample
spec:
  version: 8.16.1
  count: 1
  config:
    elasticsearch.hosts:
      - https://elasticsearch-sample-es-http:9200
    elasticsearch.username: elastic
    elasticsearch.ssl.certificateAuthorities: /etc/certs/ca.crt
  secureSettings:
    - secretName: kibana-elasticsearch-credentials
  podTemplate:
    spec:
      volumes:
        - name: elasticsearch-certs
          secret:
            secretName: elasticsearch-certs-secret
      containers:
        - name: kibana
          volumeMounts:
            - name: elasticsearch-certs
              mountPath: /etc/certs
              readOnly: true

	