feat: New input added to the DA (kibana_image_port) allowing the ab…

…ility to specify the the port number used to connect to the Kibana service exposed by the container image when `enable_kibana_dashboard` is set to true<br>- Added new input `kibana_visibility` to specify the visibility of the Kibana application in order to define which endpoint is available for receiving the requests (#346)
terraform-ibm-modules · Feb 4, 2025 · 4c479d8 · 4c479d8
1 parent e06dfff
commit 4c479d8
Show file tree

Hide file tree

Showing 5 changed files with 49 additions and 4 deletions.
diff --git a/ibm_catalog.json b/ibm_catalog.json
@@ -351,6 +351,26 @@
                 },
                 {
                   "key": "kibana_image_digest"
+                },
+                {
+                  "key": "kibana_image_port"
+                },
+                {
+                  "key": "kibana_visibility",
+                  "options": [
+                    {
+                      "displayname": "local_public",
+                      "value": "local_public"
+                    },
+                    {
+                      "displayname": "local_private",
+                      "value": "local_private"
+                    },
+                    {
+                      "displayname": "local",
+                      "value": "local"
+                    }
+                  ]
                 }
               ]
           }

diff --git a/solutions/standard/DA-types.md b/solutions/standard/DA-types.md
@@ -198,3 +198,7 @@ The following example includes all the configuration options for four service cr
   }
 ]
 ```
+### Options for kibana_visibility
+
+When the Kibana application visibility is changed from private to public using `kibana_visibility` variable, it will become accessible from the public Internet. However, access via the IBM Cloud private network will no longer be available. This change takes effect immediately, potentially impacting active users or integrations. It is important to consider the associated security implications before proceeding, [learn more](https://cloud.ibm.com/docs/codeengine?topic=codeengine-application-workloads#optionsvisibility).
+If Kibana is enabled, you can access the Kibana application over a IBM private network using the method outlined [here](https://cloud.ibm.com/docs/codeengine?topic=codeengine-vpe).
diff --git a/solutions/standard/README.md b/solutions/standard/README.md
@@ -6,7 +6,12 @@ This architecture creates an instance of IBM Cloud Databases for Elasticsearch a
 - A KMS root key, if one is not passed in.
 - An IBM Cloud Databases for Elasticsearch instance with KMS encryption.
 - Autoscaling rules for the database instance, if provided.
-- Kibana dashboard for Elasticsearch.
+- Install and start the Elastic's Natural Language Processing model, if enabled.
+- Kibana dashboard for Elasticsearch, if enabled.
+
+**Note on accessing Kibana:** If Kibana is enabled, you can access the Kibana application over a IBM private network using the method outlined [here](https://cloud.ibm.com/docs/codeengine?topic=codeengine-vpe).
+
+**Note on setting kibana_visibility:** When the Kibana application visibility is changed from private to public using kibana_visibility variable, it will become accessible from the public Internet. However, access via the IBM Cloud private network will no longer be available. This change takes effect immediately, potentially impacting active users or integrations. It is important to consider the associated security implications before proceeding.
 
 ![fscloud-elastic-search](../../reference-architecture/deployable-architecture-elasticsearch.svg)
 

diff --git a/solutions/standard/main.tf b/solutions/standard/main.tf
@@ -463,7 +463,7 @@ module "code_engine_kibana" {
   apps = {
     (local.code_engine_app_name) = {
       image_reference = var.kibana_image_digest != null ? "${var.kibana_registry_namespace_image}@${var.kibana_image_digest}" : "${var.kibana_registry_namespace_image}:${local.kibana_version}"
-      image_port      = 5601
+      image_port      = var.kibana_image_port
       run_env_variables = [{
         type  = "literal"
         name  = "ELASTICSEARCH_HOSTS"
@@ -496,8 +496,9 @@ module "code_engine_kibana" {
           value = "none"
         }
       ]
-      scale_min_instances = 1
-      scale_max_instances = 3
+      scale_min_instances     = 1
+      scale_max_instances     = 3
+      managed_domain_mappings = var.kibana_visibility
     }
   }
 }
diff --git a/solutions/standard/variables.tf b/solutions/standard/variables.tf
@@ -379,3 +379,18 @@ variable "kibana_image_digest" {
 
 
 }
+variable "kibana_image_port" {
+  description = "Specify the port number used to connect to the Kibana service exposed by the container image. Default port is 5601 and it is only applicable if `enable_kibana_dashboard` is true"
+  type        = number
+  default     = 5601
+}
+
+variable "kibana_visibility" {
+  description = "Specify the visibility of Kibana application in order to define which endpoint is available for receiving the requests. Valid values are 'local_public', 'local_private' and 'local' and it is only applicable if `enable_kibana_dashboard` is true. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-icd-elasticsearch/blob/main/solutions/standard/DA-types.md#options-for-kibana_visibility)."
+  type        = string
+  default     = "local_private"
+  validation {
+    condition     = can(regex("local_public|local_private|local", var.kibana_visibility))
+    error_message = "Valid values are 'local_public', 'local_private', or 'local'."
+  }
+}