Elastic Cloud on Kubernetes 2.14.0

• Release highlights
• Quickstart guide

New features

• Ingress support for Elasticsearch and Kibana Helm Charts #7941
• Add option to disable self-signed transport certs #7925 (issue: #6954)

Enhancements

• Use Elasticsearch readiness port #7847 (issue: #7841) Note that this change is also referenced in the bug section as it fixes a bug in the previous implementation of the readiness probe.
• Handle Serverless version in association versions check #7896
• Use hash for secure settings secret updates #7843 (issue: #7842)
• Report memory usage by application #7966 (issue: #7866)

Bug fixes

• Fix Discrepancy between Logstash Helm Chart and docs for pipelinesRef #7958 (issue: #7957)
• Fix Logstash service to preserve user defined labels #7895 (issue: #7855)
• Handle empty NODE_ID in Elasticsearch PreStop hook #7892
• Elasticsearch controller: fix panic and dropped error result during node shutdown #7875
• Do not log registrations to prevent mapping explosion #7869 (issue: #7748)
• Use Elasticsearch readiness port #7847 (issue: #7841)

Documentation improvements

• Document how to connect to unmanaged resources #7965 (issue: #6449)
• Fix typo on SAML Authentication docs page #7950
• [OpenShift Route apiVersion must be route.openshift.io/v1 #7834

Misc

• update docker.io/library/golang docker tag to v1.22.5 #7930
• update github.com/gkampitakis/go-snaps to v0.5.5 #7947
• update github.com/go-logr/logr to v1.4.2 #7850
• update github.com/go-test/deep to v1.1.1 #7916
• update github.com/google/go-containerregistry to v0.20.1 #7934
• update github.com/hashicorp/go-retryablehttp from 0.7.6 to 0.7.7 #7920
• update github.com/hashicorp/vault/api to v1.14.0 #7852
• update github.com/prometheus/client_golang to v1.19.1 #7796
• update github.com/prometheus/common to v0.55.0 #7923
• update github.com/sethvargo/go-password to v0.3.1 #7922
• update github.com/spf13/cobra to v1.8.1 #7903
• update github.com/spf13/viper to v1.19.0 #7864
• update golang.org/x/crypto to v0.25.0 #7932
• update k8s to v0.30.3 #7946
• update module k8s.io/klog/v2 to v2.130.1 #7917
• update registry.access.redhat.com/ubi9/ubi-minimal docker tag to v9.4-1134 #7900
• update sigs.k8s.io/controller-runtime to v0.18.4 #7882
• update sigs.k8s.io/controller-tools to v0.15.0 and k8s to v0.30.0 #7807

Elastic Cloud on Kubernetes 2.13.0

• Release highlights
• Quickstart guide

New features

• ECK Enterprise Search Helm Chart. #7744

Enhancements

• Account for Logstash memory in resource aggregator #7853
• Add Helm annotation to CRDs to prevent accidental deletion. #7811 (issue: #5117)
• Allow disabling of elastic user. #7723 (issue: #7719 )
• Make automountServiceAccountToken configurable on operator Pods via Helm #7690
• Support setting labels and annotations on operator statefulset via Helm #7688
• Fix Logstash keystore performance #7642 (issue: #7027 )
• Support api_key authentication for agent-elasticsearch association #7598

Bug fixes

• Increase default memory for agent #7789
• Correct StatefulSet name label for Logstash pods #7788 (issue: #7742)
• Fix webhook certname in Helm template #7775 (issue: #7771 )
• Support loadBalancerClass in service reconciliation #7706 (issue: #7691 )
• [Autoscaling] Do not delete existing resources #7678
• Fix namespace logged twice #7640
• Fix cluster name label of es scripts config map #7630

Documentation improvements

• Add note that autoscalers are not yet supported by Logstash on ECK #7821 (issue: #7820)
• Update indentation of ldap example #7725
• Add Logstash Plugins on ECK documentation and remove technical preview tags #7702
• Update saml-authentication.asciidoc #7680
• Update stack version in recipes #7651

Misc

• fix(deps): update module github.com/sethvargo/go-password to v0.3.0 #7736
• fix(deps): update module github.com/prometheus/common to v0.53.0 #7735
• fix(deps): update module github.com/hashicorp/vault/api to v1.13.0 #7734
• Bump golang.org/x/net from 0.22.0 to 0.23.0 #7729
• fix(deps): update module go.elastic.co/apm to v2.6.0 #7714
• fix(deps): update module sigs.k8s.io/controller-runtime to v0.17.3 #7705
• fix(deps): update module golang.org/x/crypto to v0.22.0 #7696
• Update buildkite agent image (golang 1.22.2) #7694
• Update docker.io/library/golang docker tag to v1.22.2 #7693
• Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible #7645
• fix(deps): update module github.com/elastic/go-ucfg to v0.8.8 #7641
• fix(deps): update module google.golang.org/api to v0.170.0 #7639
• fix(deps): update module helm.sh/helm/v3 to v3.14.3 #7634
• fix(deps): update module github.com/google/go-containerregistry to v0.19.1 #7632
• fix(deps): update k8s to v0.29.3 #7631
• chore(deps): update registry.access.redhat.com/ubi9/ubi-minimal docker tag to v9.3-1612 #7609
• chore(deps): update docker.io/library/golang docker tag to v1.22.1 #7608
• Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 #7602
• fix(deps): update module github.com/stretchr/testify to v1.9.0 #7593
• fix(deps): update module github.com/prometheus/client_golang to v1.19.0 #7591

Elastic Cloud on Kubernetes 2.12.1

• Release highlights
• Quickstart guide

Bug fixes

• Move desired nodes version gate in the client #7663 (#7664)

Elastic Cloud on Kubernetes 2.12.0

• Release highlights
• Quickstart guide

Enhancements

• Remove noisy stack config policy log line #7582 (issue: #7529)
• Increase the default PVC size for logstash #7540 (issue: #7538)
• Add eck-apm-server Helm Chart #7533 (issue: #7489)
• Add Health to Logstash Status #7528 (issue: #7527)
• Add resourceStatuses back into stack config policy status for backwards compatibility #7500
• Add support for updateStrategy in Logstash #7466
• Add TLS and basic authentication integration to Logstash API server #7408 (issue: #6971)
• Add support for securing the operator metrics endpoint with RBAC and TLS #7567
• Remove Enterprise license restriction from ECK stack Helm charts #7621

Bug fixes

• Fix having multiple type keys in eck-beats chart #7523 (issue: #7487)
• Use eck-operator UBI image when ubiOnly=true. #7486 (issue: #7485)
• Fix Logstash crashes with env #7475 (issue: #7450)

Documentation improvements

• Fix Logstash quickstart docs using single-quote EOF to avoid expanding variables #7580 (issue: #7572)
• Fix typo in managing-compute-resources documentation #7563
• Update APM Server docs for use since 8.x requiring Kibana #7559 (issue: #7541)
• Remove initContainer section in Logstash plugin docs #7557
• Add caution concerning running differing versions of CRDs + operator #7503
• Fix small typo in uninstall docs #7436

Misc

• fix(deps): update module golang.org/x/crypto to v0.20.0 #7578
• fix(deps): update module go.uber.org/zap to v1.27.0 #7577
• fix(deps): update module github.com/prometheus/common to v0.48.0 #7570
• fix(deps): update k8s to v0.29.2 and controller-runtime to v0.17.2 #7568
• fix(deps): update module github.com/hashicorp/vault/api to v1.12.0 #7550
• chore(deps): update docker.io/library/golang docker tag to v1.22.0 #7549
• fix(deps): update module github.com/google/go-containerregistry to v0.19.0 #7517
• fix(deps): update k8s to v0.29.1 #7505
• chore(deps): update registry.access.redhat.com/ubi9/ubi-minimal docker tag to v9.3-1552 #7501
• fix(deps): update module github.com/google/uuid to v1.6.0 #7496
• fix(deps): update module k8s.io/klog/v2 to v2.120.1 #7484
• fix(deps): update module go.elastic.co/apm/v2 to v2.4.8 #7472
• fix(deps): update module sigs.k8s.io/controller-tools to v0.14.0 #7461
• fix(deps): update module github.com/spf13/viper to v1.18.2 #7458
• fix(deps): update module github.com/prometheus/client_golang to v1.18.0 #7417
• fix(deps): update module github.com/go-logr/logr to v1.4.1 #7409

Elastic Cloud on Kubernetes 2.11.1

• Release highlights
• Quickstart guide

Bug fixes

• Add resourceStatuses back into the status subresource section of the Stack Configuration Policy for backwards compatability #7500

Elastic Cloud on Kubernetes 2.11.0

• Release highlights
• Quickstart guide

New features

• Introduce Kibana config field in stack config policy #7324
• Introduce Elasticsearch config and additional secret mounts to stack config policy #7233
• Add StatefulSet as a deployment option for Elastic Agent #7357

Enhancements

• Allow Agent and Elastic stack in different namespaces. #7382 (issue: #7352)
• Support -ubi suffix starting 8.12.0 and 7.17.16 #7368
• Update to ubi9 and use -ubi prefix for operator image #7321
• Allow setting additional operator flags via the Helm chart #7252 (issue: #6091)
• Support configuring "ca-dir" operator setting via helm #7243 (issues: #6091, #6435)

Bug fixes

• Update eck-elasticsearch default secureSettings values to be slice. #7397
• Fix recipe name to run Fleet as non-root #7313 (issue: #7312)

Documentation improvements

• Document how to use stack config policies to manage authentication #7381
• Fix secure settings link on stack config policy page #7377
• Document known issue with Kibana 8.11.2 using secure settings #7373 (issue: #7371)
• Add details about rolling restart behavior #7372
• Update node configuration documentation to note reserved settings. #7351
• Use docker.io/bash for sleep container of max-map-count-setter Daemonset #7332
• Update Beats stack monitoring recipe #7322
• Document basic snapshot repository setup for Azure #7308
• Documentation link replaced with markup in 2.10 release notes #7306
• Make plugin installation via initContainer more robust #7305
• Add additional details on CA requirements. #7271
• Document how to provide container registry credentials in air-gapped environments #7256)

Misc

• Bump golang.org/x/crypto from 0.16.0 to 0.17.0 #7394
• chore(deps): update docker.io/library/golang docker tag to v1.21.5 #7366
• fix(deps): update module github.com/google/go-containerregistry to v0.17.0 #7355
• fix(deps): update module go.elastic.co/apm/v2 to v2.4.7 #7337
• Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 #7329
• chore(deps): update registry.access.redhat.com/ubi9/ubi-minimal docker tag to v9 #7326
• fix(deps): update k8s to v0.28.4 #7319
• fix(deps): update module github.com/spf13/cobra to v1.8.0 #7288
• Update docker v24.0.7+incompatible #7282
• fix(deps): update module k8s.io/klog/v2 to v2.110.1 #7278
• fix(deps): update module github.com/go-logr/logr to v1.3.0 #7272
• fix(deps): update module github.com/google/uuid to v1.4.0 #7270
• fix(deps): update module sigs.k8s.io/controller-runtime to v0.16.3 #7249
• fix(deps): update module github.com/prometheus/common to v0.45.0 #7246

Elastic Cloud on Kubernetes 2.10.0

• Release highlights
• Quickstart guide

Enhancements

• Allow setting additional operator flags via the Helm chart #7252
• Support configuring "ca-dir" operator setting via Helm #7243
• Logstash Elastic Stack Helm Chart #7143
• Support for Logstash secure settings from Kubernetes Secrets using keystore #7024
• Support running Agent as a non-root #6700

Bug fixes

• Update ECK-Beats default values to not include ElasticsearchRef. #7228
• Updating scripts configMap no longer causes Elasticsearch restart #7114 (issue: #6963)
• Remove volumeClaimTemplates status sub-resource from Elasticsearch CRD #7097
• Fix indentation to specify affinity, nodeSelector and tolerations in operator Helm chart #7084

Documentation improvements

• Better sample command outputs in the Agent Fleet documentation #7213
• Improved documentation about how to reset the default user's password #7181 (issue: #7182)
• Removed trailing whitespaces from operator's values.yaml file. #7179 (issue: #7178)
• Update beat/agent doc with missing RBAC rules required from 8.9.0 #7161 (issue: #6946)
• Better documentation of podDisruptionBudget for Elasticsearch.spec #7155
• Kubernetes 1.28 added to supported versions #7147
• Fix incorrect Pod template spec in Logstash docs #7124
• SAML documentation examples no longer use a deprecated callback URL #7117 (issue:#7118)
• SAML documentation examples have a trailing slash in sp.entity_id #7115 (issue: #7116)
• Fix manifest example to update JVM options for Logstash #7113
• Stack monitoring documentation examples updated to use v1alpha1 as Logstash k8s api version #7111
• Update saml-authentication.asciidoc #7101
• Fix sed command to use FIPS compatible operator image in FIPS doc #7076
• Update docs concerning intermediate CAs #7066
• Stack config policies are no longer marked as experimental #7044
• Air-gapped documentation describes how to use a mirrored operator image #7019
• Update Fleet Server quickstart documentation to use emptyDir for agent-data volumes #6563

Misc

• Update module golang.org/x/net to 0.17.0 #7229
• fix(deps): update module go.elastic.co/apm/v2 to v2.4.5 #7218
• fix(deps): update module github.com/google/go-cmp to v0.6.0 #7216
• chore(deps): update docker.io/library/golang docker tag to v1.21.3 #7215
• fix(deps): update module google.golang.org/api to v0.146.0 #7211
• chore(deps): update registry.access.redhat.com/ubi8/ubi-minimal docker tag to v8.8-1072.1696517598 #7210
• fix(deps): update module github.com/spf13/viper to v1.17.0 #7209
• fix(deps): update module golang.org/x/crypto to v0.14.0 #7203
• fix(deps): update module github.com/hashicorp/golang-lru/v2 to v2.0.7 #7193
• fix(deps): update module github.com/prometheus/client_golang to v1.17.0 #7186
• fix(deps): update module sigs.k8s.io/controller-runtime to v0.16.2 #7185
• fix(deps): update module go.uber.org/zap to v1.26.0 #7169
• fix(deps): update k8s to v0.28.2 #7165
• fix(deps): update module github.com/hashicorp/vault/api to v1.10.0 #7152
• Update module github.com/google/go-containerregistry to v0.16.1 #7073
• Update module go.uber.org/automaxprocs to v1.5.3 #7042
• Update module sigs.k8s.io/controller-tools to v0.12.1 #7011

Elastic Cloud on Kubernetes 2.9.0

• Release highlights
• Quickstart guide

Breaking changes

• Add Support for volumeClaimTemplates for Logstash controller #6884

Enhancements

• Enable runAsNonRoot=true for Beats >= 8.8.x #6793

Bug fixes

• Validating policy ID only when running in Fleet mode for Elastic Agent #6938 (issue: #6903)
• Add Selector to Logstash status #6854

Documentation improvements

• Document Logstash connection to external Elasticsearch #6895

Misc

• Update module golang.org/x/text to v0.11.0 #6976
• Update registry.access.redhat.com/ubi8/ubi-minimal Docker tag to v8.8-1014 #6962
• Disable test agent with fleet mode in 8.0.1 #6957 (issues: #6331, #6956)
• Update module go.elastic.co/apm/v2 to v2.4.3 #6942
• Update module github.com/hashicorp/golang-lru/v2 to v2.0.4 #6935
• Update module github.com/imdario/mergo to v1 #6925
• Update module github.com/prometheus/client_golang to v1.16.0 #6909
• Update k8s to v0.27.3 #6908
• Update module golang.org/x/crypto to v0.10.0 #6900
• Update docker.io/library/golang Docker tag to v1.20.5 #6887
• Update module github.com/spf13/viper to v1.16.0 #6867
• Update module github.com/stretchr/testify to v1.8.4 #6866
• Update module sigs.k8s.io/controller-runtime to v0.15.0 #6847
• Update module github.com/prometheus/common to v0.44.0 #6835
• Update module github.com/google/go-containerregistry to v0.15.2 #6817
• Update module golang.org/x/oauth2 to v0.8.0 #6771
• Update module golang.org/x/net to v0.10.0 #6770

Elastic Cloud on Kubernetes 2.8.0

Warning This release includes a hardened default security context for Elasticsearch containers. It is highly recommended to test against a staging environment before deploying to production.

• Release highlights
• Quickstart guide

Breaking changes

• Use provided base path for stackconfigpolicy's snapshot repository #6689 (issue: #6692)
• APM Server: Fix secret token config for APM Server 8.0+ #6769 (issue: #6768)

New features

• Introduce the Logstash operator for ECK #6732 (issue: #1453)

Enhancements

Elasticsearch

• Call _nodes/shutdown from pre-stop hook #6544 (issue: #6478)
• Create Elasticsearch client for observer only if needed #6407 (issue: #6090)
• Add the full CA certificate chain to trusted HTTP certs for Elasticsearch #6681 (issue: #6574)
• Allow custom certificates on the transport layer #6727 (issue: #6479)
• Hardened Security Context for Elasticsearch #6703 (issue: #6126)

Helm charts

• Enable hostNetwork support in eck-operator Helm chart #6636
• Add PodDisruptionBudget to eck-operator Helm chart #6671

ECK Operator

• Add operator flag to define webhook port #6691 (issue: #6655)
• Add operator flag to define global container repository #6737 (issue: #6643)

Fleet

• Deprecate is_default and is_default_fleet_server flags #6724 (issue: #6678)

Bug fixes

• Fix doc attributes in stack-helm-chart.asciidoc #6742
• Do not set FLEET_CA for well-known CAs #6733 (issue: #6673)
• Fix default elasticsearch-data volumeMount configuration #6725 (issue: #6186)
• Conditionally set container-suffix in ECK config #6711 (issue: #6695)
• [helm-chart] Include webhook client configuration CA only when certificates are not managed by the operator or cert-manager #6642 (issue: #6641)
• Remove default for daemonset/deployment in eck-beats & eck-agent Helm Charts #6621 (issue: #6330)

Documentation improvements

• Documentation for running ECK, Elasticsearch, and Kibana on GKE Autopilot #6760
• Contributing page updated with Helm chart tests suite #6744
• Documentation for Logstash on ECK #6743
• Add 2.6 and 2.7 to the triggered restart list #6786 (issue: #6765)

Misc

• Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible #6801
• Bump google.golang.org/protobuf from 1.29.0 to 1.29.1 #6549
• Update docker.io/library/golang Docker tag to v1.20.4 #6752
• Update github.com/docker/docker #6654
• Update k8s to v0.26.3 #6546
• Update k8s.io/client-go to v0.26.5 #6849
• Update module cloud.google.com/go/storage to v1.30.0 #6531
• Update module github.com/go-git/go-git/v5 to v5.6.1 #6536
• Update module github.com/go-logr/logr to v1.2.4 #6625
• Update module github.com/google/go-containerregistry to v0.14.0 #6532
• Update module github.com/hashicorp/vault/api to v1.9.1 #6707
• Update module github.com/imdario/mergo to v0.3.15 #6581
• Update module github.com/operator-framework/operator-registry to v1.26.5 #6622
• Update module github.com/prometheus/client_golang to v1.15.0 #6686
• Update module github.com/spf13/cobra to v1.7.0 #6647
• Update module go.elastic.co/apm/module/apmelasticsearch/v2 to v2.3.0 #6631
• Update module go.elastic.co/apm/module/apmzap/v2 to v2.3.0 #6633
• Update module go.uber.org/automaxprocs to v1.5.2 #6547
• Update module golang.org/x/crypto to v0.8.0 #6669
• Update module golang.org/x/text to v0.9.0 #6666
• Update module google.golang.org/api to v0.115.0 #6651
• Update module sigs.k8s.io/controller-runtime to v0.14.6 #6614
• Update module sigs.k8s.io/controller-tools to v0.11.4 #6718
• Update modules go.elastic.co/apm/* to v2.4.1 #6739
• Update registry.access.redhat.com/ubi8/ubi-minimal Docker tag to v8.7-1107 #6646

Elastic Cloud on Kubernetes 2.7.0

• Release highlights
• Quickstart guide

Enhancements

• Add a new role for APM Server 8.7.0+ #6605
• Remove deprecation note for APM Server standalone #6601 (#6207)
• Expose all fields below spec in eck-elasticsearch Helm chart #6492 (#6451)
• Allow optional SSL client authentication setting #6440 (#6369)
• Allow setting of volumeClaimDeletePolicy in eck-elasticsearch Helm chart #6409 (#6249)
• Update ECK OperatorHub capability level to L4 #6318
• Support auth for custom users and roles in eck-elasticsearch Helm chart #6306
• Do not overwrite deployment status when reconciling #6302
• Move to vX.X.X tags for easier go module imports #6298 (#6134)

Bug fixes

• Add missing maps webhook, fix inconsistencies #6489 (#6151, #6152)
• Fix handling of unmanaged esRef in Beats Stack Monitoring #6482 (#5880, #6230)
• Fix EnterpriseSearch upgrade with TLS disabled #6224 (#6185)

Documentation improvements

• Update OpenShift supported versions to 4.8-4.12 #6597
• Update Kubernetes supported versions to 1.22-1.26 #6593 (#6571)
• Document FIPS image and OpenShift default namespace limitation #6428 (#6332)
• Adding an exhaustive list of Helm chart values to eck-elasticsearch Helm chart #6336 (#6187)
• Update Logstash recipe #6333 (#6258, #6328)
• Fix yaml Kibana example in saml authentication doc #6301
• Fix minor typo in upgrading-eck doc #6198

Misc

• Update module github.com/prometheus/common to v0.42.0 #6500
• Update docker.io/library/golang Docker tag to v1.20.2 #6497
• Update module golang.org/x/crypto to v0.7.0 #6486
• Update module golang.org/x/text to v0.8.0 #6484
• Update module sigs.k8s.io/controller-runtime to v0.14.5 #6474
• Update module k8s.io/klog/v2 to v2.90.1 #6473
• Update k8s to v0.26.2 #6466
• Update module github.com/stretchr/testify to v1.8.2 #6456
• Update module github.com/gobuffalo/flect to v1.0.2 #6455
• Update registry.access.redhat.com/ubi8/ubi-minimal Docker tag to v8.7-1085 #6438
• Update module github.com/hashicorp/vault/api to v1.9.0 #6403
• Update github.com/dgryski/go-lttb digest to f8fc36c #6387
• Update module sigs.k8s.io/controller-tools to v0.11.3 #6366
• Update module github.com/google/go-containerregistry to v0.13.0 #6353
• Update module github.com/spf13/viper to v1.15.0 #6343
• Update module gopkg.in/yaml.v2 to v3 #6252
• Update module github.com/hashicorp/golang-lru to v2 #6251
• Update module github.com/go-test/deep to v1.1.0 #6222
• Update module github.com/magiconair/properties to v1.8.7 #6217
• Update module go.uber.org/zap to v1.24.0 #6202
• Update module github.com/Masterminds/sprig/v3 to v3.2.3 #6197

Elastic Cloud on Kubernetes 2.6.1

• Release highlights
• Quickstart guide

Bug fixes

• Update minimum version to use Elasticsearch file-based settings feature #6305 (issue: #6303)

Elastic Cloud on Kubernetes v2.6.0

• Release highlights
• Quickstart guide

New features

• New CRD StackConfigPolicy to declaratively configure multiple Elasticsearch clusters. #6148
• ECK resources Helm Chart - Beats. #5899 (issue: #5505)

Enhancements

• Expose Kubernetes client QPS as a flag. #6157
• Extend existing reattach-pv tool to allow using existing PVs to create newly named cluster. #6118
• Add container-suffix operator flag to allow users to specify a container suffix to be applied across all Elastic stack container images. #6086 (issue: #6064)
• Elasticsearch observer improvements to avoid blocking between workers. #6084 (issue: #6078)
• Improve user password hash comparison performance by utilizing an LRU cache. #6080 (issue: #6076)
• Add default securityContext to the manager container in Operator Helm Chart. #6047
• Allow Fleet Server to be run without TLS. #6020 (issue: #6000)

Bug fixes

• Fix potential panic in Elasticsearch client equal function. #6128
• Increment ECK-stack Helm chart version to support addition of Agent/Fleet Server. #6179
• Try to reconcile license even in absence of known health status #6278 (issue: #6274)

Documentation improvements

• Add experimental label to the StackConfigPolicy doc. #6247
• Document Elastic Stack configuration policies. #6215
• Update eck-diagnostics documentation for filters. #6191
• Add additional Helm documentation for Fleet Server, and Agent. #6154
• Update the list of Kibana keys managed by the operator. #6119
• Document limitation on Minikube without CNI. #6075
• Add latest APM fleet package in Kibana examples when using standalone APM server. #6063 (issue: #5059)

Misc

• Update module github.com/hashicorp/golang-lru to v0.6.0 #6172
• Update module github.com/google/go-containerregistry to v0.12.1 #6168
• Update k8s to v0.25.4 #6167
• Update module helm.sh/helm/v3 to v3.10.2 #6166
• Update module golang.org/x/oauth2 to v0.2.0 #6159
• Update module golang.org/x/crypto to v0.2.0 #6158
• Update module golang.org/x/net to v0.2.0 #6155
• Update module github.com/prometheus/client_golang to v1.14.0 #6150
• Update module github.com/spf13/viper to v1.14.0 #6145
• Update module sigs.k8s.io/controller-runtime to v0.13.1 #6141
• Update module github.com/prometheus/client_golang to v1.13.1 #6136
• Update docker.io/library/golang Docker tag to v1.19.3 #6135
• Update module go.elastic.co/apm/module/apmzap/v2 to v2.2.0 #6131
• Update module go.elastic.co/apm/module/apmelasticsearch/v2 to v2.2.0 #6129
• Update module github.com/hashicorp/vault/api to v1.8.2 #6127
• Update module github.com/spf13/cobra to v1.6.1 #6110
• Update module golang.org/x/text to v0.4.0 #6100

Elastic Cloud on Kubernetes 2.5.0

• Release highlights
• Quickstart guide

New features

• Autoscaling Elasticsearch: Introduce a dedicated custom resource #5978 (issue: #5997)
• ECK resources Helm chart - Elastic Agent & Elastic Fleet Server Agent #5889 (issue: #5505)
• Enable Beats stack monitoring configuration #5878 (issue: #5563)

Enhancement

• Surface Kubernetes client rate limiter metrics #6007
• Add Elasticsearch observation interval as configurable value to Helm Chart #5989 (issue: #5988)
• Don’t log non-standard ES JSON error responses as errors #5971 (issue: #5473)
• Report incorrect license type in logs and events #5966 (issue: #5963)
• Inherit all environment variables from ES container in initContainers #5962 (issue: #5577)
• Elasticsearch: always set discovery.seed_hosts to empty array #5950 (issue: #5834)
• [Autoscaling] Add CPU recommender #5924 (issue: #5823)
• Log correlation for operator APM traces #5883

Bug fixes

• Increment desired nodes version on each call #6037 (issue: #5979)
• Ignore unmanaged namespaces in webhook validation for all resources. #6013 (issue: #5814)
• Fix helm chart rendering issues associated with indentation #6004
• Stack monitoring: trust custom cert. in output configuration #5945 (issue: #5917)

Documentation improvements

• Add License files for Helm Charts and Updating Chart README #6008 (issue: #6005)
• Rewrite snapshot documentation and add CSP specific setups #5969 (issues: #5230, #5652)
• Restructure secure settings docs and minor additions #5965 (issue: #5425)
• Update documentation to clarify ES node.processors section. #5941 (issue: #5940)
• Fix typo in "manage compute resources" doc #5929

Misc

• Update module go to 1.19 #6040
• Update k8s to v0.25.2 #6032
• Update module sigs.k8s.io/controller-tools to v0.10.0 #6031
• Update module helm.sh/helm/v3 to v3.10.0 #6030
• Update module github.com/hashicorp/vault/api to v1.8.0 #6022
• Update k8s to v0.25.1 #6018
• Update registry.access.redhat.com/ubi8/ubi-minimal Docker tag to v8.6-941 #6012
• Update module k8s.io/klog/v2 to v2.80.1 #6009
• Update module github.com/google/go-cmp to v0.5.9 #6006
• Update docker.io/library/golang Docker tag to v1.19.1 #6003
• Update module github.com/spf13/viper to v1.13.0 #6001
• Update module github.com/gobuffalo/flect to v0.3.0 #5996
• Update module sigs.k8s.io/controller-runtime to v0.13.0 #5995
• Update module go.uber.org/zap to v1.23.0 #5972
• Update golang to 1.19 #5939
• Update module github.com/prometheus/client_golang to v1.13.0 #5930
• Update module sigs.k8s.io/kustomize/kyaml to v0.13.9 #5918
• Update dependency registry.access.redhat.com/ubi8/ubi-minimal to v8.6-902 #5914
• Update module github.com/stretchr/testify to v1.8.0 #5912
• Update module github.com/prometheus/common to v0.37.0 #5911
• Update module github.com/google/go-containerregistry to v0.11.0 #5910

Elastic Cloud on Kubernetes 2.4.0

• Release highlights
• Quickstart guide

Breaking changes

• Configure Elastic Agent host path volume to point to correct path #5890 (issue: #4428)

  Fleet-managed Elastic Agents now default to use a hostPath volume for storing their state. This will prevent more than one Pod from the same Elastic Agent Deployment to be deployed on the same Kubernetes node. For cases where this is desired, the volume type can be changed to an emptyDir volume. Check the docs to learn more.

New features

• Introduce ECK-managed resources Helm Charts #5781 (issue: #5505)

Enhancements

• Add new operator flag to control Elasticsearch health observation intervals #5861 (issue: #5839)
• Make xpack.security.http.ssl.client_authentication an unsupported setting #5852 (issue: #5817)
• Use static transaction names for APM #5850 (issue: #5840)
• Create Elastic Agent enrolment tokens in the operator #5846 (issue: #5779)
• Support RevisionHistoryLimit for all ECK-managed resources #5818 (issue: #5789)
• Stricter notion of esReacheable: require health response #5796 (issue: #5776)
• Increase default Beats guaranteed memory to 300Mi #5793 (issue: #5036)

Bug fixes

• Move first ES cluster state observation out of go routine #5783 (issue: #5812)
• Check shard activity before removing a node #5758 (issues: #3070, #5713)

Documentation improvements

• Remove experimental label from Elastic Agent docs #5894
• Improve "Operator crashes on startup with OOMKilled" docs section #5836
• Expose recipes in ECK product documentation #5763 (issue: #5012)
• Fix minimum Helm supported version 3.2.0 in README #5753

Misc

• Update dependency docker.io/library/golang to v1.18.5 #5907
• Update k8s to v0.24.3 #5904
• Update module sigs.k8s.io/kustomize/kyaml to v0.13.8 #5900
• Update module helm.sh/helm/v3 to v3.9.2 #5876
• Update dependency golang to v1.18.4 #5873
• Update dependency registry.access.redhat.com/ubi8/ubi-minimal to v8.6-854 #5855
• Update module sigs.k8s.io/controller-tools to v0.9.1 #5842
• Update module github.com/elastic/go-ucfg to v0.8.6 #5841
• Update module sigs.k8s.io/controller-runtime to v0.12.2 #5828
• Update module github.com/google/go-containerregistry to v0.10.0 #5821
• Update module k8s.io/klog/v2 to v2.70.0 #5819
• Update module github.com/spf13/cobra to v1.5.0 #5811
• Update module github.com/prometheus/common to v0.35.0 #5808
• Update module github.com/stretchr/testify to v1.7.3 #5807
• Update module github.com/hashicorp/vault/api to v1.7.2 #5761

Elastic Cloud on Kubernetes 2.3.0

• Release highlights
• Quickstart guide

New features

• Allow providing cleartext passwords for creating Elasticsearch users #5613 (issue: #3056)
• Support a globally shared CA #5539

Enhancements

• Set status.ObservedGeneration from metadata.Generation:
  • Elastic Maps #5536 (issue: #3392)
  • EnterpriseSearch #5526 (issue: #3392)
  • Elastic APM Server #5470 (issue: #3392)
• Upgrade PodDisruptionBudget from v1beta1 to v1 #5709
• Support disable-downgrade-validation for all relevant apps #5680 (issue: #5531)
• Allow non-IPs in service spec to avoid noop updates #5663 (issue: #5657)
• Add APM tracing for client-go requests to the Kubernetes API #5651
• Add support for the desired nodes API #5650
• Base ECK docker image on distroless instead of UBI by default #5580 (issue: #4561)
• Added priority class and leader election to operator Helm chart #5538
• Log info for service not found error when reconciling associations #5533

Bug fixes

• Do not use service accounts until Elasticsearch nodes have been upgraded #5830 (issue: #5684)
• Ensure CA is always updated in HTTP Secret #5622 (issue: #5621)
• Fix resources limits conversion in ToInt64() used for logging #5596
• Fix non-closed http responses #5755

Documentation improvements

• a11y Fix "below" occurrences #5714 (issue: #5306)
• a11y Fix "above" occurrences #5672 (issue: #5306)
• Change references to the master branch to main in the CONTRIBUTING guide. #5741
• Fix Helm command examples in docs #5737
• Update list of ECK versions that triggers a rolling restart #5715 (issue: #5648)
• Update documentation pages that use the repository-gcs plugin #5700 (issue: #5457)
• CronJob batch/v1beta1 no longer served in 1.25 #5685
• Update documentation to customize pods #5660
• Wrong indentation of the kibana config #5595
• Update recommended reading Kubebuilder links #5593 (issue: #5584)
• Add APM Server Deprecation Message #5575 (issue: #5419)
• Update license usage data example #5569

Misc

• Update dependency golang to v1.18.3 #5722
• Update k8s to v0.24.1 #5703
• Update module sigs.k8s.io/controller-runtime to v0.12.1 #5697
• Update module sigs.k8s.io/controller-tools to v0.9.0 #5688
• Update module sigs.k8s.io/kustomize/kyaml to v0.13.7 #5682
• Update module github.com/elastic/go-ucfg to v0.8.5 #5661
• Update module github.com/google/go-cmp to v0.5.8 #5619
• Update module github.com/google/go-containerregistry to v0.9.0 #5675
• Update module github.com/hashicorp/vault/api to v1.6.0 #5702
• Update module github.com/imdario/mergo to v0.3.13 #5701
• Update module github.com/jonboulle/clockwork to v0.3.0 #5606
• Update module github.com/prometheus/client_golang to v1.12.2 #5667
• Update module github.com/prometheus/common to v0.34.0 #5594
• Update module github.com/spf13/viper to v1.12.0 #5704
• Update module go.elastic.co/apm/module/apmelasticsearch/v2 to v2.1.0 #5693
• Update module go.uber.org/automaxprocs to v1.5.1 #5560
• Update module gopkg.in/yaml.v3 to v3.0.1 #5706
• Update module helm.sh/helm/v3 to v3.9.0 #5678
• Update dependency registry.access.redhat.com/ubi8/ubi-minimal to v8.6 #5654

Elastic Cloud on Kubernetes 2.2.0

• Release highlights
• Quickstart guide

Enhancements

• Report total managed memory in GiB and raw bytes #5527 (issue: #5465)
• Use service accounts for Kibana and Fleet Server #5468 (issue: #5244)
• Support custom Secret for associating external Elastic resources not managed by ECK #5240 (issue: #5078)

Bug fixes

• Update operator Pod to speed up secret propagation #5519 (issue: #3321)
• Reset phase on each reconciliation in Elasticsearch status #5507 (issue: #5506)
• Make nodes field in status optional #5496 (issue: #5493)
• Make sure to read association configuration again from annotations if it was cleared #5489 (issue: #4709)
• Avoid unnecessary DELETE for non-existent secrets #5488 (issue: #5450)
• Avoid unnecessary DELETE calls to manage legacy transport secret #5461 (issue: #5450)
• Avoid unnecessary UPDATE calls when reconciling PVC owner refs #5459 (issue: #5451)
• Do not upgrade all Elasticsearch nodes of a given tier at once #5452 (issue: #1753)
• Operatorhub: Ensure local YAML files have a proper "end of directives" marker #5447

Documentation improvements

• Update license usage data example #5569
• Fix YAML example in custom HTTP certificate doc #5529
• Update the license documentation #5509 (issue: #5475)
• Remove ECK 1.7 from the list of versions that cause a restart on upgrade #5503
• Add known issue for Red Hat certified operator upgrades #5492
• Update example with init container to increase vm.max_map_count #5469 (issue: #5410)
• Fix latinisms occurrences #5456 (issue: #5306)
• Add explicit assumptions before the installation steps #5455 (issue: #5275)

Misc

• Update module go.uber.org/automaxprocs to v1.5.0 #5552
• Update module github.com/gobuffalo/flect to v0.2.5 #5550
• Update module sigs.k8s.io/controller-runtime to v0.11.2 #5541
• Update module github.com/prometheus/common to v0.33.0 #5530
• Update module github.com/hashicorp/vault/api to v1.5.0 #5522
• Update module sigs.k8s.io/kustomize/kyaml to v0.13.6 #5521
• Update module github.com/prometheus/client_golang to v1.12.1 #5517
• Update module github.com/jonboulle/clockwork to v0.2.3 #5516
• Update module k8s.io/klog/v2 to v2.60.1 #5502
• Update module github.com/go-logr/logr to v1.2.3 #5494
• Update k8s to v0.23.5 #5491
• Update module github.com/stretchr/testify to v1.7.1 #5476
• Update module github.com/spf13/cobra to v1.4.0 #5463
• Update module helm.sh/helm/v3 to v3.8.1 #5454

Elastic Cloud on Kubernetes 2.1.0

• Release highlights
• Quickstart guide

New features

• Allow predicates to be disabled on a case-by-case basis through annotation. #5284 (issue: #2092)

Enhancements

• Elasticsearch: Set status.ObservedGeneration from metadata.Generation #5331 (issue: #3392)
• Kibana: Set status.ObservedGeneration from metadata.Generation #5409 (issue: #3392)
• Extend full upgrade to any version upgrade of non-HA Elasticsearch #5408
• Handle resource conflict while updating status in association reconciler #5337
• Improve Elasticsearch status sub-resource #5328
• Use new node.roles notation in all example manifests #5289 (issue: #4130)
• Handle data tiers during rolling upgrades #5248 (issue: #5228)
• Isolate operator from HTTP service misconfiguration - Use internal service #5211 (issue: #4394)
• Improve handling of managed namespaces - resolving 'unknown namespace for the cache' errors #5187

Bug fixes

• Avoid reporting outdated Elasticsearch health on reconciliation error that prevents getting the real one #5349 (issue: #5330)
• Only configure Stack Monitoring if association reconciled #5339
• Do not attempt rolling upgrades for non-HA Elasticsearch clusters #5327 (issue: #5321)
• Use precondition when deleting secrets #5273 (issue: #5249)
• Support new Agent base image as of 7.17 #5268
• Fix webhook match policy for OLM based installations #5437 (issue: #5423)
• Fix Agent trust CA commands for all image variants #5438 (issue: #5434)

Documentation improvements

• Add a sentence explaining the upgrade strategy restriction for non-HA Elasticsearch clusters #5400
• Add example code to the Quickstart #5378 (issue: #5322)
• Fix links to Elasticsearch upgrade docs #5347
• Adjust Fleet recipes for default policy change #5281 (issue: #5262)

Misc

• Update golang version to v1.17.8 #5440
• Update module sigs.k8s.io/controller-runtime to v0.11.1 #5384
• Update module sigs.k8s.io/kustomize/kyaml to v0.13.3 #5380
• Update module github.com/google/go-cmp to v0.5.7 #5264

Elastic Cloud on Kubernetes 2.0.0

• Release highlights
• Quickstart guide

Breaking changes

IMPORTANT
Operator Lifecycle Manager (OLM) and OpenShift OperatorHub users that run with automatic upgrades enabled, are advised to set the set-default-security-context operator flag explicitly before upgrading to ECK 2.0. If not set ECK can fail to auto-detect the correct security context configuration and Elasticsearch Pods may not be allowed to run.

• Remove legacy v1beta1 CRDs #5029 (issue: #4885)

New features

• Allow K8S node labels to be propagated as Pod annotations #5054 (issue: #3933)

Enhancements

• Allow users to disable version validation to downgrade clusters #5272 (issue: #5259)
• Add support for transport TLS certificate other/common name suffix #5189 (issue: #5148)
• Bump the operator memory limit to 1Gi for larger deployments #5185 (issue: #5177)
• Move config hash stored in Pod labels to Pod annotations #5175 (issue: #5071)
• Elastic Maps Server: no Elasticsearch connection required since 7.14 #5172
• Add autodetect option to security context configuration #5150 (issue: #5061)
• Stop using deprecated host field in Beat configs #5113 (issue: #4954)
• Stop using deprecated xpack.fleet.agents.elasticsearch.host Kibana config #5112 (issue: #5091)
• Set Enterprise Search config kibana.host defaults in advance of 8.0 #5109 (issue: #4952)
• Support trial licenses inside enterprise_trial orchestration licenses #5097
• Include license expiry date in licensing config map #5013 (issue: #5008)
• Reuse existing private key for CA rotation #4947 (issue: #507)
• Use node shutdown API for rolling upgrades and downscales #4597

Bug fixes

• Fix Stack Monitoring with custom certificate without CA #5310 (issue: #5309)
• Enterprise Search: avoid generating invalid config in the presence of user overrides #5298 (issue: #5290)
• Support new Agent base image as of 7.17 #5268
• Change upgrade path validation for 8.0 to only allow 7.17 #5261 (issue: #5258)
• Adjust Agent startup command to Ubuntu base image #5253 (issue: #5250)
• Do not delete last master-eligible node if other nodes are not up-to-date #5242 (issue: #5241)
• Add missing nodes resource RBAC permission in recipes #5178
• Main go routine does not exit if there's no error #5106

Documentation improvements

• Document node labels propagation feature #5254 (issue: #5098)
• Update Kubernetes/OCP compatibility statements for ECK 2.0 #5239

Misc

• Update golang Docker tag to v1.17.6 #5234
• Update module sigs.k8s.io/controller-tools to v0.8.0 #5233
• Update module go.uber.org/zap to v1.20.0 #5224
• Update module github.com/go-logr/logr to v1.2.2 #5220
• Update k8s to v0.23.1 #5219
• Update module github.com/hashicorp/vault/api to v1.3.1 #5208
• Update module k8s.io/klog/v2 to v2.40.1 #5184
• Update module github.com/spf13/viper to v1.10.1 #5171
• Update module github.com/spf13/cobra to v1.3.0 #5163
• Update module sigs.k8s.io/controller-runtime to v0.11.0 #5161
• Update module github.com/elastic/go-ucfg to v0.8.4 #5037
• Update registry.access.redhat.com/ubi8/ubi-minimal Docker tag to v8.5 #5034
• Update golang Docker tag to v1.17.3 #5018
• Update module sigs.k8s.io/kustomize/kyaml to v0.12.0 #5004
• Update module go.elastic.co/apm/module/apmelasticsearch to v1.14.0 #5002
• Update module go.elastic.co/apm to v1.14.0 #5001

Elastic Cloud on Kubernetes 1.9.1

• Release highlights
• Quickstart guide

Enhancements

• Add log4j2.formatMsgNoLookups logging property to ES < 7.2 #5157

This change will mitigate the Log4Shell vulnerability (CVE-2021-44228) in susceptible Elasticsearch clusters (below version 7.2). ECK will prepend the -Dlog4j2.formatMsgNoLookups=true JVM parameter to the environment variable ES_JAVA_OPTS if it is not yet defined by the user. This triggers a rolling restart of all Pods of the affected Elasticsearch clusters to apply these changes.

• Add internal product header to requests #5129

Bug fixes

• Resource aggregator should handle missing memory settings #5158

Misc

• Update golang Docker tag to v1.17.5 #5149

Elastic Cloud on Kubernetes 1.9.0

• Release highlights
• Quickstart guide

Breaking changes

IMPORTANT

For Operator Lifecycle Manager (OLM) and OpenShift OperatorHub users that run with automatic upgrades enabled, it is advised to set set-default-security-context operator flag explicitly before next ECK release. Next version of ECK will introduce a change that could result in setting an invalid Pod Security Context to Elasticsearch Pods.

• Inherit resource requirements in init containers #4963

All init containers will inherit resource requirements from the main containers by default.

• Move to env vars based Fleet mode configuration #4889

ECK operator will configure Elastic Agent in Fleet mode using environment variables instead of a configuration file. This method allows you to easily override the default settings. If the override is configured with any other method, an additional step is required before the operator upgrade.

1. Update your Agent resources such that environment variables are set for settings you'd like to override, for example:

...
spec:
  deployment:
    podTemplate:
      spec:
        containers:
        - name: agent
          env:
          - name: KIBANA_FLEET_HOST
            value: "https://kibana.example.com:443"
...

2. Upgrade ECK to version 1.9.x.
3. Remove any modification and references to fleet-setup.yml. As ECK 1.9.x uses environment variables to set the default config, the environment variables you've set in step 1. override the default values.

New features

• Allow users to suspend Elasticsearch Pods for debugging purposes #4946 (issue: #4546)

Enhancements

• Add logging for call to ES #4958 (issue: #4935)
• Shorten the reconciliation loop duration if Elasticsearch is down #4938 (issues: #2939, #3496)
• Ignore ClusterIPs, and IPFamilyPolicy in services, and timestamp in license during reconciliation #4929
• Add operator license key check #4925
• Skip remote clusters reconciliation earlier if remote clusters are not configured #4924
• Refactor Elasticsearch HTTP error handling #4922 (issue: #4918)
• Verify supported Elasticsearch distribution during license reconciliation #4920
• Remove permissions not used by the operator #4823

Bug fixes

• Avoid updating the association status when no association #4986 (issue: #4985)
• Forcibly recreate Beat keystore #4942 (issues: #4527, #4926)
• Init. fs container: make cp more resilient #4888 (issue: #4877)
• Allow the upgrade of a single node cluster with yellow status #4787 (issue: #4625)

Misc

• Update module github.com/go-test/deep to v1.0.8 #4948
• Update golang Docker tag to v1.17.2 #4934
• Update module github.com/spf13/viper to v1.9.0 #4847