Cannot access Kibana in docker

#1

Hello,

I have the following configuration file for Kibana and Elasticsearch operating in a swarm, i deploy with docker stack:

version: '3'
services:
  kibana-node1:
    image: amazon/opendistro-for-elasticsearch-kibana:0.8.0
    #container_name: kibana-node1
    deploy:
      placement:
        constraints: [node.hostname == kb01a.hostname]
    ports:
      - "5601:5601"
    networks:
      - test-net
    environment:
      ELASTICSEARCH_URL: https://test_es-node1:9200
  es-node1:
    image: amazon/opendistro-for-elasticsearch:0.8.0
    #container_name: es-node1
    deploy:
      placement:
        constraints: [node.hostname == es01a.hostname]
    environment:
      - cluster.name=test-cluster
        #- bootstrap.memory_lock=true # along with the memlock settings below, disables swapping
      - "ES_JAVA_OPTS=-Xms2048m -Xmx2048m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - test-data:/usr/share/elasticsearch/data
    ports:
      - "9200:9200"
      - "9600:9600" # required for Performance Analyzer
    networks:
      - test-net
volumes:
  test-data:
networks:
  test-net:

I can curl https://127.0.0.1:9200/_cluster/health but i cannot access kibana on port 5601.

Docker service ls:

ID                  NAME                MODE                REPLICAS            IMAGE                                              PORTS
s6saye28ib0p        test_es-node1       replicated          1/1                 amazon/opendistro-for-elasticsearch:0.8.0          *:9200->9200/tcp, *:9600->9600/tcp
mbeczgli0ark        test_kibana-node1   replicated          1/1                 amazon/opendistro-for-elasticsearch-kibana:0.8.0   *:5601->5601/tcp

However if i run docker ps -a on the node that is running the kibana container we can see that it does not expose any ports:

CONTAINER ID        IMAGE                                              COMMAND                  CREATED             STATUS              PORTS               NAMES
0b16574cc2b9        amazon/opendistro-for-elasticsearch-kibana:0.8.0   "/usr/local/bin/kiba…"   51 seconds ago      Up 49 seconds                           test_kibana-node1.1.ko0wszldf2dg7epu5zhsy2wsv

I have no firewall enabled, output of iptables -L:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-INGRESS  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (2 references)
target     prot opt source               destination

Chain DOCKER-INGRESS (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:5601
ACCEPT     tcp  --  anywhere             anywhere             state RELATED,ESTABLISHED tcp spt:5601
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9600
ACCEPT     tcp  --  anywhere             anywhere             state RELATED,ESTABLISHED tcp spt:9600
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9200
ACCEPT     tcp  --  anywhere             anywhere             state RELATED,ESTABLISHED tcp spt:9200
RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
#2

If i run the same docker-compose files and add the “expose” flag, it works. But only if i use docker-compose up and not docker stack deploy…

Is there no way to get this to work with docker stack?