rapps/kibana-8.1.2.yaml

#
# ============LICENSE_START=======================================================
#  Copyright (C) 2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
#
apiVersion: v1
kind: ConfigMap
metadata:
  name: kibana-config
  namespace: logging
data:
  kibana.yml: |
   server.name: kibana
   server.host: 0.0.0.0
   elasticsearch.hosts: [ "https://elasticsearch:9200" ]
   xpack.monitoring.ui.container.elasticsearch.enabled: true
   xpack.security.encryptionKey: 38747239hdjksdkjasdu291834zejhb38747239hdj
   xpack.encryptedSavedObjects.encryptionKey: 38747239hdjksdkjasdu291834zejhb38747239hdj
   elasticsearch.username: "kibana_system"
   elasticsearch.password: "secret" 
   elasticsearch.ssl:
     certificateAuthorities: /usr/share/kibana/config/certs/ca/ca.crt 
     verificationMode: certificate 
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: kibana-pw-script
  namespace: logging
data:
  setup_pw.sh: |
   #!/bin/bash
   KIBANA_HOME=/usr/share/kibana
   ELASTIC_PASSWORD=secret
   KIBANA_PASSWORD=secret
   cd $KIBANA_HOME
   echo "Waiting for Elasticsearch availability";
   until curl -s --cacert /ca-dir/ca.crt https://elasticsearch:9200 | grep -q "missing authentication credentials"; \
   do sleep 30; done;
   echo "Setting kibana_system password";
   until curl -s -X POST --cacert /ca-dir/ca.crt -u elastic:${ELASTIC_PASSWORD} -H "Content-Type: application/json" \
   https://elasticsearch:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; \
   do sleep 10; done;
   echo "All done!";
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kibana
  namespace: logging
spec:
  selector:
    matchLabels:
      run: kibana
  template:
    metadata:
      labels:
        run: kibana
    spec:
      containers:
      - name: kibana
        image: docker.elastic.co/kibana/kibana:8.1.2
        ports:
        - containerPort: 5601
          name: http
          protocol: TCP
        volumeMounts:
        - name : config
          mountPath: /usr/share/kibana/config/kibana.yml 
          subPath: kibana.yml
          readOnly: true 
        - name : kibana-ca-cert 
          mountPath: /usr/share/kibana/config/certs/ca
          readOnly: true
      initContainers:
      - name: init-kibana
        image: docker.elastic.co/kibana/kibana:8.1.2 
        imagePullPolicy: IfNotPresent
        command: ['/bin/bash', '-c', '/usr/share/kibana/bin/setup_pw.sh']
        volumeMounts:
        - name: kibana-ca-cert 
          mountPath: "/ca-dir"
        - name: kibana-pw-init
          mountPath: /usr/share/kibana/bin/setup_pw.sh
          subPath: setup_pw.sh
      volumes:
      - name: config
        configMap:
          name: kibana-config
      - name: kibana-ca-cert 
        hostPath:
          # Ensure the file directory is created.
           path: /var/elasticsearch/config/certs/ca
           type: DirectoryOrCreate
      - name: kibana-pw-init
        configMap:
          name: kibana-pw-script
          defaultMode: 0755
---
apiVersion: v1
kind: Service
metadata:
  name: kibana
  namespace: logging
  labels:
    service: kibana
spec:
  type: LoadBalancer 
  selector:
    run: kibana
  ports:
  - port: 5601
    targetPort: 5601