Kibana vulnerability mitigation in VIP Authentication Hub
search cancel

Kibana vulnerability mitigation in VIP Authentication Hub

book

Article ID: 280132

calendar_today

Updated On:

Products

VIP Authentication Hub

Issue/Introduction


Running VIP Authentication Hub, some vulnerabilities in the Kibana product are reported.

How to upgrade Kibana to 8.12?

 

Resolution


Here's the procedure to upgrade to Elastic Search version 8.12.0 and Elastic Operator version 2.11.0:

  1. Load elastic helm repo

    # helm repo add elastic https://helm.elastic.co
    # helm repo update

  2. Upgrade elastic-operator

    # helm upgrade --install elastic-operator elastic/eck-operator -n logging --set imagePullSecrets[0].name="docker-registry-creds" --version=2.11.0

  3. Apply CRDs

    # kubectl apply -f https://download.elastic.co/downloads/eck/2.11.0/crds.yaml -n logging

  4. Configure Elasticsearch

    # cat <<EOF | kubectl apply -f -
      apiVersion: elasticsearch.k8s.elastic.co/v1
      kind: Elasticsearch
      metadata:
       name: elasticsearch
       labels:
         app: elasticsearch-master
       namespace: logging
      spec:
       version: 8.12.0
       image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0
       http:
         service:
           metadata:
       nodeSets:
         - config:
             node.roles:
               - master
               - data
             node.store.allow_mmap: false
           podTemplate:
             metadata:
               labels:
                 app: elasticsearch-master
             spec:
               imagePullSecrets:
               - name: <docker-registry-secret>
               containers:
               - name: elasticsearch
                 resources:
                   requests:
                     memory: 4Gi
                     cpu: 1
                   limits:
                     memory: 4Gi
                     cpu: 1
           volumeClaimTemplates:
           - metadata:
               name: elasticsearch-data
             spec:
               #storageClassName: fast
               accessModes:
               - ReadWriteOnce
               resources:
                 requests:
                   storage: 20Gi
           name: default
           count: 1
       volumeClaimDeletePolicy: DeleteOnScaledownOnly
       auth:
         fileRealm:
           - secretName: kibana-user  
      EOF

  5. Upgrade Kibana

    # cat <<EOF | kubectl apply -n logging -f -
      apiVersion: kibana.k8s.elastic.co/v1
      kind: Kibana
      metadata:
       name: kibana
       namespace: logging
      spec:
       version: 8.12.0
       image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0
       elasticsearchRef:
         name: elasticsearch
         namespace: logging
         serviceName: elasticsearch-es-http
       http:
         service:
           spec:
             type: ClusterIP
         tls:
           selfSignedCertificate:
             subjectAltNames:
             - dns: <kibana_ing_hostname>
       podTemplate:
         metadata:
           labels:
             app: kibana
         spec:
           imagePullSecrets:
           - name: <docker-registry-secret>  
           containers:
             - name: kibana
               resources:
                 requests:
                   memory: 1Gi
                   cpu: 0.5
                 limits:
                   memory: 2Gi
                   cpu: 1
       count: 1
      EOF

 

Powered by Wolken Software