Kibana Docker startup does not allow configuration of CCS Monitoring via env vars

Kibana version: 8.13.4

Elasticsearch version: 8.13.4

Server OS version: Docker

Browser version: Chrome 125

Browser OS version: MacOS 14.5

Original install method (e.g. download page, yum, from source, etc.): Docker

Describe the bug:

Running the official kibana/kibana Docker Image and connecting to an elasticsearch/elasticsearch Docker container results in an error on the Stack Monitoring page within Kibana when logged in with the elastic superuser:

Access Denied

You are not authorized to access Monitoring. To use Monitoring, you need the privileges granted by both the kibana_admin and monitoring_user roles.

If you are attempting to access a dedicated monitoring cluster, this might be because you are logged in as a user that is not configured on the monitoring cluster.

Since Cross Cluster Search is enabled (monitoring.ui.ccs.enabled is set to true), make sure your cluster has the remote_cluster_client role on at least one node.

Trying to update the monitoring.ui.ccs.enabled setting with an equivalent env var when starting the Docker container (e.g. MONITORING_UI_CCS_ENABLED=false) makes no difference, i.e. the env var is ignored.

Steps to reproduce:

Start elasticsearch/elasticsearch Docker Image as a container
Start kibana/kibana Docker Image as a container, setting the ELASTICSEARCH_HOSTS to point at the Elasticsearch container
Login to Kibana as the elastic user
Menu > Stack Monitoring

Expected behavior: Stack Monitoring can be enabled (without CCS) using Kibana env vars in a Docker container

Screenshots (if relevant):

Errors in browser console (if relevant):

Provide logs and/or server output (if relevant):

2024-05-18 14:54:58 [2024-05-18T13:54:58.535+00:00][ERROR][plugins.monitoring.monitoring] Error: Cluster has no remote_cluster_client role
2024-05-18 14:54:58     at verifyClusterHasRemoteClusterClientRole (/usr/share/kibana/node_modules/@kbn/monitoring-plugin/server/routes/api/v1/check_access/check_access.js:59:23)
2024-05-18 14:54:58     at processTicksAndRejections (node:internal/process/task_queues:95:5)
2024-05-18 14:54:58     at Object.handler (/usr/share/kibana/node_modules/@kbn/monitoring-plugin/server/routes/api/v1/check_access/check_access.js:35:11)
2024-05-18 14:54:58     at handler (/usr/share/kibana/node_modules/@kbn/monitoring-plugin/server/plugin.js:315:28)
2024-05-18 14:54:58     at Router.handle (/usr/share/kibana/node_modules/@kbn/core-http-router-server-internal/src/router.js:171:30)
2024-05-18 14:54:58     at handler (/usr/share/kibana/node_modules/@kbn/core-http-router-server-internal/src/router.js:113:50)
2024-05-18 14:54:58     at exports.Manager.execute (/usr/share/kibana/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
2024-05-18 14:54:58     at Object.internals.handler (/usr/share/kibana/node_modules/@hapi/hapi/lib/handler.js:46:20)
2024-05-18 14:54:58     at exports.execute (/usr/share/kibana/node_modules/@hapi/hapi/lib/handler.js:31:20)
2024-05-18 14:54:58     at Request._lifecycle (/usr/share/kibana/node_modules/@hapi/hapi/lib/request.js:371:32)
2024-05-18 14:54:58     at Request._execute (/usr/share/kibana/node_modules/@hapi/hapi/lib/request.js:281:9)

Any additional context:

Works as expected if setting the monitoring.ui.ccs.enabled: false directly in the kibana.yml (e.g. via bind mount or an echo in a Docker container command override)

elastic / kibana

Kibana Docker startup does not allow configuration of CCS Monitoring via env vars #183795