Original install method (e.g. download page, yum, from source, etc.): Docker
Describe the bug:
Running the official kibana/kibana Docker Image and connecting to an elasticsearch/elasticsearch Docker container results in an error on the Stack Monitoring page within Kibana when logged in with the elastic superuser:
Access Denied
You are not authorized to access Monitoring. To use Monitoring, you need the privileges granted by both the kibana_admin and monitoring_user roles.
If you are attempting to access a dedicated monitoring cluster, this might be because you are logged in as a user that is not configured on the monitoring cluster.
Since Cross Cluster Search is enabled (monitoring.ui.ccs.enabled is set to true), make sure your cluster has the remote_cluster_client role on at least one node.
Trying to update the monitoring.ui.ccs.enabled setting with an equivalent env var when starting the Docker container (e.g. MONITORING_UI_CCS_ENABLED=false) makes no difference, i.e. the env var is ignored.
Steps to reproduce:
Start elasticsearch/elasticsearch Docker Image as a container
Start kibana/kibana Docker Image as a container, setting the ELASTICSEARCH_HOSTS to point at the Elasticsearch container
Login to Kibana as the elastic user
Menu > Stack Monitoring
Expected behavior: Stack Monitoring can be enabled (without CCS) using Kibana env vars in a Docker container
Screenshots (if relevant):
Errors in browser console (if relevant):
Provide logs and/or server output (if relevant):
2024-05-18 14:54:58 [2024-05-18T13:54:58.535+00:00][ERROR][plugins.monitoring.monitoring] Error: Cluster has no remote_cluster_client role
2024-05-18 14:54:58 at verifyClusterHasRemoteClusterClientRole (/usr/share/kibana/node_modules/@kbn/monitoring-plugin/server/routes/api/v1/check_access/check_access.js:59:23)
2024-05-18 14:54:58 at processTicksAndRejections (node:internal/process/task_queues:95:5)
2024-05-18 14:54:58 at Object.handler (/usr/share/kibana/node_modules/@kbn/monitoring-plugin/server/routes/api/v1/check_access/check_access.js:35:11)
2024-05-18 14:54:58 at handler (/usr/share/kibana/node_modules/@kbn/monitoring-plugin/server/plugin.js:315:28)
2024-05-18 14:54:58 at Router.handle (/usr/share/kibana/node_modules/@kbn/core-http-router-server-internal/src/router.js:171:30)
2024-05-18 14:54:58 at handler (/usr/share/kibana/node_modules/@kbn/core-http-router-server-internal/src/router.js:113:50)
2024-05-18 14:54:58 at exports.Manager.execute (/usr/share/kibana/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
2024-05-18 14:54:58 at Object.internals.handler (/usr/share/kibana/node_modules/@hapi/hapi/lib/handler.js:46:20)
2024-05-18 14:54:58 at exports.execute (/usr/share/kibana/node_modules/@hapi/hapi/lib/handler.js:31:20)
2024-05-18 14:54:58 at Request._lifecycle (/usr/share/kibana/node_modules/@hapi/hapi/lib/request.js:371:32)
2024-05-18 14:54:58 at Request._execute (/usr/share/kibana/node_modules/@hapi/hapi/lib/request.js:281:9)
Any additional context:
Works as expected if setting the monitoring.ui.ccs.enabled: false directly in the kibana.yml (e.g. via bind mount or an echo in a Docker container command override)
Kibana version: 8.13.4
Elasticsearch version: 8.13.4
Server OS version: Docker
Browser version: Chrome 125
Browser OS version: MacOS 14.5
Original install method (e.g. download page, yum, from source, etc.): Docker
Describe the bug:
Running the official
kibana/kibana
Docker Image and connecting to anelasticsearch/elasticsearch
Docker container results in an error on theStack Monitoring
page within Kibana when logged in with theelastic
superuser:Trying to update the
monitoring.ui.ccs.enabled
setting with an equivalent env var when starting the Docker container (e.g.MONITORING_UI_CCS_ENABLED=false
) makes no difference, i.e. the env var is ignored.Steps to reproduce:
elasticsearch/elasticsearch
Docker Image as a containerkibana/kibana
Docker Image as a container, setting theELASTICSEARCH_HOSTS
to point at the Elasticsearch containerelastic
userExpected behavior: Stack Monitoring can be enabled (without CCS) using Kibana env vars in a Docker container
Screenshots (if relevant):
Errors in browser console (if relevant):
Provide logs and/or server output (if relevant):
Any additional context:
Works as expected if setting the
monitoring.ui.ccs.enabled: false
directly in thekibana.yml
(e.g. via bind mount or anecho
in a Docker containercommand
override)