Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.
This repository has been archived by the owner on May 16, 2023. It is now read-only.

Kibana health check fails when Auth is enabled because readiness probe 302's to login #442

Closed
Closed
Kibana health check fails when Auth is enabled because readiness probe 302's to login#442

Description

@justinturpin

justinturpin
openedon Jan 10, 2020

Chart version:

7.5.1

Kubernetes version:

1.13.1-eks

Kubernetes provider: E.g. GKE (Google Kubernetes Engine)

EKS

Helm Version:

2.14.3

helm get release output

e.g. helm get elasticsearch (replace elasticsearch with the name of your helm release)

Be careful to obfuscate every secrets (credentials, token, public IP, ...) that could be visible in the output before copy-pasting.

If you find some secrets in plain text in helm get release output you should use Kubernetes Secrets to managed them is a secure way (see Security Example).

Output of helm get release

Describe the bug:

Kibana never becomes healthy when Auth is enabled (by setting ELASTICSEARCH_USERNAME and ELASTICSEARCH_PASSWORD environment variables). The readiness probe includes:

              STATUS=$(curl --output /dev/null --write-out "%{http_code}" -k "$@" "http://localhost:5601${path}")
              if [[ "${STATUS}" -eq 200 ]]; then
                exit 0
              fi

However this does not 200, but instead 302's to /login:

bash-4.2$ curl http://localhost:5601/app/kibana -vvv
* About to connect() to localhost port 5601 (#0)
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 5601 (#0)
> GET /app/kibana HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost:5601
> Accept: */*
> 
< HTTP/1.1 302 Found
< location: /login?next=%2Fapp%2Fkibana
< cache-control: no-cache
< content-length: 0
< Date: Fri, 10 Jan 2020 20:34:29 GMT
< Connection: keep-alive

This is confirmed with logs:

{"type":"response","@timestamp":"2020-01-10T20:39:43Z","tags":[],"pid":8,"method":"get","statusCode":302,"req":{"url":"/app/kibana","method":"get","headers":{"user-agent":"curl/7.29.0","host":"localhost:5601","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"127.0.0.1"},"res":{"statusCode":302,"responseTime":24,"contentLength":9},"message":"GET /app/kibana 302 24ms - 9.0B"}

Any additional context:

It might be sufficient to just have a health check that instead of checks for an explicit 200, makes sure its less than a 400 or 500.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions