Elastic Cloud on Kubernetes release notes

Review the changes, fixes, and more in each release of Elastic Cloud on Kubernetes.

ECK now supports integration with Elastic AutoOps through a new AutoOpsAgentPolicy custom resource. This allows you to instrument multiple Elasticsearch clusters at once for automated health monitoring and performance recommendations. The AutoOps documentation provides more details.

ECK now supports deploying and managing Elastic Package Registry (EPR) through a new PackageRegistry custom resource. This is particularly useful for air-gapped environments, enabling Kibana to reference a self-hosted registry instead of the public one. The package registry documentation provides more details.

ECK now includes support for multiple Stack Config Policies targeting the same Elasticsearch cluster or Kibana instance, using a weight-based priority system for deterministic policy composition. The Stack Config Policy documentation provides more details.

• AutoOpsAgentPolicy support #8941 (issue: #8789)
• ElasticPackageRegistry support #8800 (issue: #8925)
• Stack Config Policies composition support #8917
• Use standard Kibana labels and Helm labels on the ECK Operator pod #8840 (issue: #8584)
• Add service customization support for Elasticsearch remote cluster server #8892
• Removal of Elasticsearch 6.x support from codebase #8979

• Upgrade master StatefulSets last when performing a version upgrade of Elasticsearch #8871 (issue: #8429)
• Fix race condition for pre-existing Stack Config Policy #8928 (issue: #8912)
• Do not set Kibana server.name #8930 (issue: #8929)
• Do not write elasticsearch.k8s.elastic.co/managed-remote-clusters when not necessary #8932 (issue: #8781)
• Cleanup orphaned secret mounts when removed from StackConfigPolicy #8937 (issue: #8921)
• Avoid duplicate error logging for generate GET operations on a GVK #8957
• Remove single master at a time upscale restriction #8940 (issue: #8939)

• Update Google Cloud LoadBalancer recipe for new requirements #8843
• Fix minUnavailable typo in PDB documentation #8898
• Use GKE ComputeClass instead of DaemonSet for GKE AutoPilot #8982
• Adjust vm.max_map_count to 1048576 in GKE AutoPilot recipes #8986
• Remove support for Stack 7.17. #9038

ECK now offers better out-of-the-box PodDisruptionBudgets that automatically keep your cluster available as Pods move across nodes. The new policy calculates the number of Pods per tier that can sustain replacement, and automatically generates a PodDisruptionBudget for each tier. This enables the Elasticsearch cluster to vacate Kubernetes nodes more quickly, while considering cluster health, without interruption. The documentation about PodDisruptionBudget has more information and details.

ECK now supports configuring the length of the generated password for the administrative user of each Elasticsearch cluster. While the default length remains 24 characters, this can now be configured up to a maximum of 72 characters. The password incorporates alphabetic and numeric characters to ensure strong complexity. Refer to the managed credentials page for examples and more details.

• Enable certificate reloading for stack monitoring Beats #8833 (issue: #5448)
• Allow configuration of file-based password character set and length #8817 (issues: #2795, #8693)
• Automatically set GOMEMLIMIT based on cgroups memory limits #8814 (issue: #8790)
• Introduce granular PodDisruptionBudgets based on node roles #8780 (issue: #2936)

• Gate advanced Fleet config logic to Agent v8.13 and later #8869
• Ensure Agent configuration and state persist across restarts in Fleet mode #8856 (issue: #8819)
• Do not set credentials label on Kibana config secret #8852 (issue: #8839)
• Allow elasticsearchRef.secretName in Kibana helm validation #8822 (issue: #8816)

• Update Logstash recipes from to filestream input #8801
• Recipe for exposing Fleet server to outside of the Kubernetes cluster #8788
• Clarify secretName restrictions #8782
• Update ES_JAVA_OPTS comments and explain auto-heap behavior #8753

It is now possible to propagate metadata from the parent custom resource to the child resources created by the operator. If you add labels or annotations on an Elasticsearch, Kibana, or Agent resource, for example, these can be automatically propagated to the Pods, Services, and other resources created by the operator. Refer to the Propagate Labels and Annotations page for examples and more details.

To reduce the attack surface and improve overall security UBI images are now based on the UBI micro base image.

• UBI: Use micro image instead of minimal #8704
• Propagate metadata to children #8673 (issue: #2652)
• Allow advanced configuration for fleet-managed Elastic Agents #8623 (issue: #8619)

• Set owner on service account Secret, update it when application is recreated #8716
• fix: Cannot disable TLS in Logstash #8706 (issue: #8600)
• Move from deprecated container input to filestream #8679 (issue: #8667)
• Add automated workaround for 9.0.0 maps issue #8665 (issue: #8655)
• Bump go.mod to v3 #8609
• Helm: Add support for missing remoteClusterServer value #8612
• Add logs volume for Filebeat and Metricbeat in stack monitoring #8606 (issue: #8605)

• [Helm] Fix examples/logstash/basic-eck.yaml #8695

• ECK 3.0.0 adds support for Elastic Stack version 9.0.0. Elastic Stack version 9.0.0 is not supported on ECK operators running versions earlier than 3.0.0.

• Add support for defining dnsPolicy and dnsConfig options for the ECK operator StatefulSet #7999
• Config: Allow escaping dots in keys via [unsplit.key] syntax #8512 (issue: #8499)
• Enable copying of ECK images to Amazon ECR to make it easier for users to find our own ECK operator in the AWS marketplace #8427
• Support new agent image path as of 9.0 #8518
• Remove ubi suffix for 9.x images #8509
• Remove support for 6.x Stack version #8507
• Log resourceVersion on Create and Update #8503
• Remove policyID validation #8449 (issue: #8446)
• Refactor APM server for 9.0.0 #8448 (issue: #8447)
• Improve error messages and events during Fleet setup #8350
• Validate updates to 9.0 go through 8.18 #8559 (issue: #8557)

• Correctly parse managed namespaces when specified as an environment variable #8513 (issue: #7542)

• [DOCS] Updates release notes title (#8599)
• Updates for Istio 1.24 (#8476)
• Fix unresolved attribute in ECK Quickstart (#8432)
• [Docs] Add synthetic monitoring example (#8385) (issue: #6294)
• [docs] Update heap dump command to use the most recent Java process (#8294)
• [DOC] Document the need for an ingest node for Enterprise Search analytics (#8271)