Conversation
| throw new IllegalArgumentException("Kibana credentials cannot have leading or trailing whitespace"); | ||
| } | ||
| if ("elastic".equals(username)) { | ||
| throw new IllegalArgumentException("Username 'elastic' is reserved for internal use by Elasticsearch"); |
There was a problem hiding this comment.
Are you sure on this one make sense? Isn't elastic the default username for ES?
There was a problem hiding this comment.
Hi!
elastic can be used as the "default" superuser account for human operators. To store its internal data, Kibana needs a different one, by default "kibana_system". Ideally there's a system token (which is the default for the managed mode), which doesn't require a user name.
https://discuss.elastic.co/t/kibana-error-not-allowed-to-use-elastic-user/304356
https://www.elastic.co/docs/deploy-manage/users-roles/cluster-or-deployment-auth/built-in-users#built-in-users
https://www.elastic.co/docs/deploy-manage/security/set-up-minimal-security#add-built-in-users
There was a problem hiding this comment.
This is the exact error, when elastic is used here:
FATAL Error: [config validation of [elasticsearch].username]: value of "elastic" is forbidden. This is a superuser account that cannot write to system indices that Kibana needs to function. Use a service account token instead. Learn more: https://www.elastic.co/guide/en/elasticsearch/reference/8.0/service-accounts.html
2 participants
This change doesn't create a new module, adds a new container to the Elasticsearch module, to support Kibana. Hence the new container is called
KibanaContainer.The idea is: a
KibanaContainercan be created with settings allowing connecting to Elasticsearch anywhere (as long as ES is reachable) or fromElasticsearchContainer, and then the settings are applied automatically, based on ES setup).