1. 创建 Kibana Token
1 2 3
| curl -X POST "http://localhost:9200/_security/service/elastic/kibana/credential/token/kibana" \ -u elastic:321.321 \ -H "Content-Type: application/json"
|
也可以写成:
1 2
| curl -X POST "http://localhost:9200/_security/service/elastic/kibana/credential/token/kibana?pretty" \ -u elastic:321.321
|
由于该接口没有 Request Body,因此无需 -d '{}'。
返回示例:
1 2 3 4 5 6 7
| { "created": true, "token": { "name": "kibana", "value": "AAEAAWVsYXN0aWMva2liYW5hL2tpYmFuYTo2eE1..." } }
|
其中:
就是需要填入 .env 的值:
1
| ES_TOKEN=AAEAAWVsYXN0aWMva2liYW5hL2tpYmFuYTo2eE1...
|
然后重启 Kibana:
1
| docker compose restart kibana
|
2. 查看当前已有的 Token
1 2
| curl -X GET "http://localhost:9200/_security/service/elastic/kibana/credential?pretty" \ -u elastic:321.321
|
返回类似:
1 2 3 4 5 6 7 8 9 10 11 12
| { "service_account": "elastic/kibana", "count": 2, "tokens": [ { "name": "kibana" }, { "name": "kibana-prod" } ] }
|
3. 删除旧 Token
例如删除 kibana:
1 2
| curl -X DELETE "http://localhost:9200/_security/service/elastic/kibana/credential/token/kibana?pretty" \ -u elastic:321.321
|
4. 验证 Token 是否可用
使用刚创建的 Token:
1 2
| curl -X GET "http://localhost:9200/_security/_authenticate?pretty" \ -H "Authorization: Bearer AAEAAWVsYXN0aWMva2liYW5hL2tpYmFuYTo2eE1..."
|
正常会返回:
1 2 3 4 5 6 7 8
| { "username": "elastic/kibana", "roles": [], "authentication_type": "token", "token": { "name": "kibana" } }
|
5. Docker Compose 配置
Kibana 使用该 Token 时配置如下:
1 2 3 4 5
| kibana: image: docker.elastic.co/kibana/kibana:8.13.4 environment: ELASTICSEARCH_HOSTS: http://elasticsearch:9200 ELASTICSEARCH_SERVICEACCOUNTTOKEN: ${ES_TOKEN}
|
.env:
1 2
| ELASTIC_PASSWORD=321.321 ES_TOKEN=AAEAAWVsYXN0aWMva2liYW5hL2tpYmFuYTo2eE1...
|
补充建议: 如果这是全新的单节点 Docker 环境,其实也可以直接让 Kibana 使用 kibana_system 用户认证:
1 2 3 4
| environment: ELASTICSEARCH_HOSTS: http://elasticsearch:9200 ELASTICSEARCH_USERNAME: kibana_system ELASTICSEARCH_PASSWORD: <kibana_system密码>
|