When setting environment variable to `I18N_LOCALE: zh-CN`, Kibana’s Security icon is broken

[linghengqian]

Kibana version:

• 8.1.2

Elasticsearch version:

• 8.1.2

Server OS version:

• Windows 22000.593

Browser version:

• Google Chrome 100.0.4896.75

Browser OS version:

• Same as Browser version

Original install method (e.g. download page, yum, from source, etc.):

• docker compose v2

Describe the bug:

• When setting environment variable to I18N_LOCALE: zh-CN, Kibana’s Security icon is broken

Steps to reproduce:

1. Assuming the following docker-compose.yml file, the kibana API key is generated by bin/elasticsearch-create-enrollment-token -s kibana.

   version: "3.8"
   services:
   elasticsearch-node01:
   image: elastic/elasticsearch:8.1.2
   environment:
     bootstrap.memory_lock: true
     ELASTIC_PASSWORD: "1234AF12-12CA-B2E0-BE8B-12345D5C123E"
     ES_JAVA_OPTS: "-Xms4g -Xmx4g"
   volumes:
     - elasticsearch-data01:/usr/share/elasticsearch/data
     - elasticsearch-config01:/usr/share/elasticsearch/config:rw
   ports:
     - "9200:9200"
     - "9300:9300"
   ulimits:
     memlock:
       soft: -1
       hard: -1
   kibana-node01:
   image: elastic/kibana:8.1.2
   ports:
     - "5601:5601"
   volumes:
     - kibana-data01:/usr/share/kibana/data
     - kibana-config01:/usr/share/kibana/config
   volumes:
   elasticsearch-data01:
   driver: local
   elasticsearch-config01:
   driver: local
   kibana-data01:
   driver: local
   kibana-config01:
   driver: local

2. Start with docker compose up -d. Open Kibana normally, and the icon is normal at this time.

   • 

3. Then change docker-compose.yml as follows, add environment variable I18N_LOCALE: zh-CN, and docker compose up -d again.

   version: "3.8"
   services:
   elasticsearch-node01:
   image: elastic/elasticsearch:8.1.2
   environment:
     bootstrap.memory_lock: true
     ELASTIC_PASSWORD: "1234AF12-12CA-B2E0-BE8B-12345D5C123E"
     ES_JAVA_OPTS: "-Xms4g -Xmx4g"
   volumes:
     - elasticsearch-data01:/usr/share/elasticsearch/data
     - elasticsearch-config01:/usr/share/elasticsearch/config:rw
   ports:
     - "9200:9200"
     - "9300:9300"
   ulimits:
     memlock:
       soft: -1
       hard: -1
   kibana-node01:
   image: elastic/kibana:8.1.2
   ports:
     - "5601:5601"
   environment:
     I18N_LOCALE: zh-CN
   volumes:
     - kibana-data01:/usr/share/kibana/data
     - kibana-config01:/usr/share/kibana/config
   volumes:
   elasticsearch-data01:
   driver: local
   elasticsearch-config01:
   driver: local
   kibana-data01:
   driver: local
   kibana-config01:
   driver: local

4. At this time, the Security icon of Kibana is damaged and cannot be viewed, which should not be normal behavior.

Expected behavior:

• The icon is normal. Just like when I18N_LOCALE: zh-CN is not configured.

Screenshots (if relevant):

• 

Errors in browser console (if relevant):

• No, Kibana's docker log has no related warn and error

Provide logs and/or server output (if relevant):

• Not at all.

Any additional context:

• No.

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[linghengqian]

• @azasypkin @MindyRS @kevinlog @elasticmachine So, 2 years later I'm back testing the Elastic Stack. This interface no longer appears to exist, so there seems to be no point in keeping this issue open.
• 
• I tested this with the following Docker Compose file under Docker Engine 27.1.2 and Docker Compose 2.29.1.

  
  services:
  setup:
  image: docker.elastic.co/elasticsearch/elasticsearch:8.15.0
  volumes:
    - certs:/usr/share/elasticsearch/config/certs
  user: "0"
  command: >
    bash -c '
      if [ ! -f config/certs/ca.zip ]; then
        bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
        unzip config/certs/ca.zip -d config/certs;
      fi;
      if [ ! -f config/certs/certs.zip ]; then
        echo -ne \
        "instances:\n"\
        "  - name: es01\n"\
        "    dns:\n"\
        "      - es01\n"\
        "      - localhost\n"\
        "    ip:\n"\
        "      - 127.0.0.1\n"\
        > config/certs/instances.yml;
        bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
        unzip config/certs/certs.zip -d config/certs;
      fi;
      chown -R root:root config/certs;
      find . -type d -exec chmod 750 \{\} \;;
      find . -type f -exec chmod 640 \{\} \;;
      until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
      until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:es01changeme" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"kibanachangeme\"}" | grep -q "^{}"; do sleep 10; done;
    '
  healthcheck:
    test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
    interval: 1s
    timeout: 5s
    retries: 120
  es01:
  depends_on:
    setup:
      condition: service_healthy
  image: docker.elastic.co/elasticsearch/elasticsearch:8.15.0
  volumes:
    - certs:/usr/share/elasticsearch/config/certs
    - esdata01:/usr/share/elasticsearch/data
  ports:
    - "127.0.0.1:9200:9200"
  environment:
    - node.name=es01
    - cluster.name=elasticsearch-shardingsphere
    - cluster.initial_master_nodes=es01
    - discovery.seed_hosts=127.0.0.1,[::1]
    - ELASTIC_PASSWORD=es01changeme
    - bootstrap.memory_lock=true
    - xpack.security.enabled=true
    - xpack.security.http.ssl.enabled=true
    - xpack.security.http.ssl.key=certs/es01/es01.key
    - xpack.security.http.ssl.certificate=certs/es01/es01.crt
    - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
    - xpack.security.transport.ssl.enabled=true
    - xpack.security.transport.ssl.key=certs/es01/es01.key
    - xpack.security.transport.ssl.certificate=certs/es01/es01.crt
    - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
    - xpack.security.transport.ssl.verification_mode=certificate
    - xpack.license.self_generated.type=basic
  mem_limit: '1gb'
  ulimits:
    memlock:
      soft: -1
      hard: -1
  healthcheck:
    test:
      [
        "CMD-SHELL",
        "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
      ]
    interval: 10s
    timeout: 10s
    retries: 120
  kibana:
  depends_on:
    es01:
      condition: service_healthy
  image: docker.elastic.co/kibana/kibana:8.15.0
  volumes:
    - certs:/usr/share/kibana/config/certs
    - kibanadata:/usr/share/kibana/data
  ports:
    - "5601:5601"
  environment:
    - SERVERNAME=kibana
    - ELASTICSEARCH_HOSTS=https://es01:9200
    - ELASTICSEARCH_USERNAME=kibana_system
    - ELASTICSEARCH_PASSWORD=kibanachangeme
    - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
    - I18N_LOCALE=zh-CN
  mem_limit: '1gb'
  healthcheck:
    test:
      [
        "CMD-SHELL",
        "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
      ]
    interval: 10s
    timeout: 10s
    retries: 120
  volumes:
  certs:
  esdata01:
  kibanadata:

- Should this issue be closed?

[azasypkin]

@azasypkin @MindyRS @kevinlog @elasticmachine So, 2 years later I'm back testing the Elastic Stack. This interface no longer appears to exist, so there seems to be no point in keeping this issue open.

I'll defer that decision to @MindyRS @kevinlog