'Elasticsearch-Kibana docker-compose - Value of "elastic" is forbidden

I want to run elasticsearch and kibana with docker-compose. This is my docker-compose.yml which I run with docker-compose --env-file dev.env up

Docker Compose

version: '3.1'

services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.1.1
    container_name: elasticsearch
    environment:
      - cluster.name=elasticsearch-cluster
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - discovery.type=single-node
      - xpack.security.enrollment.enabled=true
      - ELASTICSEARCH_USERNAME=${ELASTICSEARCH_USERNAME}
      - ELASTICSEARCH_PASSWORD=${ELASTICSEARCH_PASSWORD}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - esdata:/usr/share/elasticsearch/data
    ports:
      - "9200:9200"
      - "9300:9300"
    networks:
      - esnet
  kibana:
    image: docker.elastic.co/kibana/kibana:8.1.1
    container_name: kibana
    environment:
      - ELASTICSEARCH_HOSTS=${ELASTICSEARCH_HOSTS}
      - ELASTICSEARCH_USERNAME=${ELASTICSEARCH_USERNAME}
      - ELASTICSEARCH_PASSWORD=${ELASTICSEARCH_PASSWORD}
      - xpack.security.enabled=true
    depends_on:
      - elasticsearch
    ports:
      - "5601:5601"
    networks:
      - esnet

volumes:
  esdata:
    driver: local
  postgres-data:
    driver: local

networks:
  esnet:

Stacktrace

Error: [config validation of [elasticsearch].username]: value of "elastic" is forbidden. This is a superuser account that cannot write to system indices that Kibana needs to function. Use a service account token instead

I manage to create service-account token for example for user elastic/kibana, but how can I set it to docker-compose? Is there a specific env variabile that should I use? Or is there a way to make it work without the usage of service account?

dockerdocker-composekibana


Solution 1:[1]

I stumbled upon the same issue and tried using the kibana_admin and kibana_system built-in users but that didn't work either. Maybe you can set the password for these users but I was not able to. The elastic user role is not allowed to have system-index write-access which Kibana needs. This is based on a change by Elastic (Link to Pullrequest).

You should instead use Service Accounts as described in the docs for Service Accounts. Apparently, according to the docs on creating a Service Account Token, you would have to somehow create the Elasticsearch container and create a token before starting the Kibana container. This is also discussed on the Elasticsearch forums.

Downgrading and using a previous ELK version is also a possibility and is what I did, since I only need the cluster for local development.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

docker image - merged/diff/work/LowerDir components of GraphDriver

docker image - merged/diff/work/LowerDir components of GraphDriver

In docker-compose, is it possible to reuse volume configuration between services?

Installing imagemagick in docker container

How to set docker container name in Pycharm Docker Interpreter

Docker. Communication between Laravel containers

E: Package 'mysql-client' has no installation candidate in php-fpm image build using docker compose

M1 chip, Install Puppeteer in Docker NodeJs, The chromium binary is not available for arm64

How do I configure "ulimits" for a Docker container running in AWS ECS?

Travis-ci installs packages from requirements.txt file automatically

How critical is dumb-init for Docker?

docker build failed after pip installed requirements with exit code 137

Error with docker and react, digital envelope routines::unsupported

npm ERR! Tracker "idealTree" already exists while creating the Docker image for Node project

How to access gradle test reports from a docker container