Setup HTTPS / TLS for Kibana with Helm & cert-manager.io

1 min readJun 9, 2021

In this short story, I am going to show you how run Kibana with elastic Helm chart, generate TLS certificate/key with cert-manager.io and setup Kibana HTTPS with it.

Generate certificate files

At X.com, we run all our workloads on kubernetes, and we love cert-manager.io!

cert-manager.io must be already setup, and an Issuer CRD been deployed on your namespace. (In order to issue any certificates, you’ll need to configure an Issuer resource first, this is another story ...)

Via a small k8S CRD, we ask to it to generate a TLS secret:

Certificate Resources

In cert-manager, the Certificate resource represents a human readable definition of a certificate request that is to be…

cert-manager.io

Quite obvious ^^, this will generate a secret with tls.key and tls.crt files.

Kibana

Configure Kibana is easy, from documentation:

Encrypting communications in Kibana | Kibana Guide [6.8] | Elastic

Kibana supports Transport Layer Security (TLS/SSL) encryption for client requests. If you are using X-Pack security or…

www.elastic.co

Helm chart

Using official elastic Helm chart

We must mount the secret as a container volume, the chart have a value for this:

You can notice also, we use cert-manager.io for ingress, we must tell to Nginx to use HTTPS. As our infra team have setup cert-manager.io perfectly, we can also ask Nginx to verify the certificate.