[master] Auto pick #4323: fix(kibana): Fix a stack trace int he kibana logs as a

config/enterprise_versions.yml

@@ -47,13 +47,13 @@ components:
     version: master
   # eck-kibana holds the version of Kibana built for tigera/kibana
   eck-kibana:
-    version: 8.18.8
+    version: 8.19.8
   kibana:
     image: kibana
     version: master
   # eck-elasticsearch holds the version of Elasticsearch built for tigera/elasticsearch
   eck-elasticsearch:
-    version: 8.18.8
+    version: 8.19.8
   elasticsearch:
     image: elasticsearch
     version: master

pkg/components/enterprise.go

@@ -85,12 +85,12 @@ var (
 	}
 
 	ComponentEckElasticsearch = Component{
-		Version: "8.18.8",
+		Version: "8.19.8",
 		variant: enterpriseVariant,
 	}
 
 	ComponentEckKibana = Component{
-		Version: "8.18.8",
+		Version: "8.19.8",
 		variant: enterpriseVariant,
 	}
 

pkg/render/logstorage/kibana/kibana.go

@@ -232,6 +232,22 @@ func (k *kibana) kibanaCR() *kbv1.Kibana {
 		// Telemetry is unwanted for the majority of our customers and if enabled can cause blocked flows. This flag
 		// can still be overwritten in the Kibana Settings if the user desires it.
 		"telemetry.optIn": false,
+		// Disabling all the fleet egress is a difficult task. It does not seem to adhere to the doocumented settings.
+		// A combination of settings is required.
+		"xpack.fleet.enabled":        false,
+		"xpack.fleet.agents.enabled": false,
+		"xpack.fleet.isAirGapped":    true,
+		"xpack.fleet.packages":       []string{},
+		"xpack.fleet.registryUrl":    "http://localhost:5601",
+		// Setting this to false will prevent it from connecting to endpoints outside of this cluster.
+		// See: https://www.elastic.co/guide/en/kibana/8.19/settings.html
+		"newsfeed.enabled": false,
+		// Setting this to localhost will prevent AI features from connecting to endpoints outside of this cluster.
+		// No other way of disabling AI is possible at this time. We will still get this log, but at least it
+		// prevents us from seeing denied traffic in the service graph:
+		// "[INFO ][plugins.observabilityAIAssistant] Knowledge base index does not exist. Aborting updating index assets"
+		// "[ERROR][plugins.taskManager] Failed to poll for work: Response aborted while reading the body"
+		"xpack.productDocBase.artifactRepositoryUrl": "http://localhost:5601",
 	}
 
 	var initContainers []corev1.Container

pkg/render/logstorage/kibana/kibana_test.go

@@ -146,7 +146,13 @@ var _ = Describe("Kibana rendering tests", func() {
 				"kibana.k8s.elastic.co", "v1", "Kibana").(*kbv1.Kibana)
 			Expect(resultKB.Spec.Config.Data["xpack.security.session.lifespan"]).To(Equal("8h"))
 			Expect(resultKB.Spec.Config.Data["xpack.security.session.idleTimeout"]).To(Equal("30m"))
-
+			Expect(resultKB.Spec.Config.Data["xpack.fleet.enabled"]).To(BeFalse())
+			Expect(resultKB.Spec.Config.Data["xpack.fleet.agents.enabled"]).To(BeFalse())
+			Expect(resultKB.Spec.Config.Data["xpack.fleet.isAirGapped"]).To(BeTrue())
+			Expect(resultKB.Spec.Config.Data["xpack.fleet.packages"]).To(Equal([]string{}))
+			Expect(resultKB.Spec.Config.Data["xpack.fleet.registryUrl"]).To(Equal("http://localhost:5601"))
+			Expect(resultKB.Spec.Config.Data["newsfeed.enabled"]).To(BeFalse())
+			Expect(resultKB.Spec.Config.Data["xpack.productDocBase.artifactRepositoryUrl"]).To(Equal("http://localhost:5601"))
 		})
 
 		It("should render toleration on GKE", func() {