MultiTenancy for Kibana
Kibana as a part of ELKStack is suitable tool to display collected logs in variety of built in visualization.
However it does lack multi-tenancy layer that would help to distinguish logs of one project (tenant) from another.
Kibana in multi-tenancy would offer:
- project (tenant) oriented separation of the data
* index patterns
* dashboards
* visualizations
- automatic index pattern creation based on project id associated with token-
preventing access to logs to non-authorized projects (tenants)
* created index patterns must contain fully qualified project id (tenant id)
- storing project related/scoped settings/data (visualization, dashboards) in .kibana-{projectId} index, accessible by users having access to the given project.
Entire functionality is based on specific token property - token is one side correlated with user and on the other side with project.
Project association is used to determine what data should be visible for logged user and how to write the data back (dashboards, visualizations, etc.) to ElasticSearch on behalf of Kibana.
The implementation should be done in form of the Kibana plugin.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Tomasz Trębski
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Discussion
- Series goal:
- None
- Implementation:
-
Implemented
- Milestone target:
- None
- Started by
- Tomasz Trębski
- Completed by
- Witek Bedyk
Related branches
Related bugs
Sprints
Whiteboard
Code reference: https:/
Follow ups:
-----
During the OpenStack summit @ Barcelona 2016 several ideas regarding the multi tenancy @ Kibana were proposed:
- pulling Kibana out of monasca-ui (no proxy) which means having the login/logout capabilities. Apart from that login page could support (or not, see next point) listing all the projects user has access to and allowing him to pick one of those projects
- listing all the logs from all the projects user has access to by the means of * as the index pattern
