Fleet and Elastic Agent 8.0.0

edit

Review important information about the Fleet and Elastic Agent 8.0.0 releases.

Breaking changes

edit

Breaking changes can prevent your application from optimal operation and performance. Before you upgrade, review the breaking changes, then mitigate the impact to your application.

Fleet Server can no longer use username and password to authenticate with Elasticsearch

Details
Starting in 8.0, Elasticsearch has removed write access to system indices by the superuser. Therefore, Fleet Server can no longer use a username and password to authenticate with Elasticsearch. For more information, refer to #29458.

Impact
If you run a self-managed Fleet Server that authenticates with Elasticsearch through a username and password, you must update the configuration to use a Fleet Server service token instead. For more information, see Add a Fleet Server.

IncludeCreatorMetadata removed from Kubernetes metadata config options

Details
The deprecated and undocumented IncludeCreatorMetadata setting has been removed from the Kubernetes metadata config options. For more information, refer to #28006.

Impact
This change is unlikely to impact existing users because the setting was never documented. However, if your config uses this setting, you must remove it now.

Splits package policy upgrade endpoint for Fleet

Details
For package policy upgrades, the packagePolicy upgrade endpoint format supports a mutative upgrade operation (when dryRun: false) and a read-only dry run operation (when dryRun: true):

 POST /package_policies/upgrade
 {
   packagePolicyIds: [...],
   dryRun: false
 }

For more information, refer to #118854.

Impact
The endpoint is now split into two separate endpoints:

 POST /package_policies/upgrade
 {
   packagePolicyIds: [...]
 }

 POST /package_policies/upgrade/dry_run
 {
   packagePolicyIds: [...]
 }

Deprecations

edit

Deprecated functionality does not have an immediate impact on your application, but we strongly recommend you make the necessary updates after you complete the upgrade.

Fleet
Updates Fleet API to improve consistency

Details
The Fleet API has been updated to improve consistency:

  • Hyphens are changed to underscores in some names.
  • The pkgkey path parameter in the packages endpoint is split.
  • The response and list properties are renamed to items or item in some responses.

For more information, refer to #119494.

Impact
When you upgrade to 8.0.0, use the following API changes:

  • Use enrollment_api_keys instead of enrollment-api-keys.
  • Use agent_status instead of agent-status.
  • Use service_tokens instead of service-tokens.
  • Use /epm/packages/{packageName}/{version} instead of /epm/packages/{pkgkey}.
  • Use items[] instead of response[] in:

    /api/fleet/enrollment_api_keys
    /api/fleet/agents
    /epm/packages/
    /epm/categories
    /epm/packages/_bulk
    /epm/packages/limited
    /epm/packages/{packageName}/{version} 

    Use items[] when the verb is POST or DELETE. Use item when the verb is GET or PUT.

For more information, refer to Fleet APIs.

New features

edit

The 8.0.0 release adds the following new and notable features.

Fleet
Elastic Agent
  • Add --pprof flag to elastic-agent diagnostics command. Also add an elastic-agent pprof command to allow operators to gather pprof data from the Elastic Agent and the Beats running under it. #28798
  • Add --fleet-server-es-ca-trusted-fingerprint flag to allow Elastic Agent and Fleet Server to work with Elasticsearch clusters using self-signed certs. #29128
  • Set agent.id to the Fleet Agent ID in events published from inputs backed by Beats. #21121 #26394 #26548

Bug fixes

edit
Fleet
  • Allow empty strings for required text fields in package policies. #123610
  • Add consistent _meta property to all Fleet ES assets #119380.
Elastic Agent
  • Allow agent containers to use basic auth to create a service token. #29651