Releases: elastic/cloud-on-k8s
Releases · elastic/cloud-on-k8s
v2.9.0
Elastic Cloud on Kubernetes 2.9.0
Breaking changes
- Add Support for volumeClaimTemplates for Logstash controller #6884
Enhancements
- Enable runAsNonRoot=true for Beats >= 8.8.x #6793
Bug fixes
- Validating policy ID only when running in Fleet mode for Elastic Agent #6938 (issue: #6903)
- Add Selector to Logstash status #6854
Documentation improvements
- Document Logstash connection to external Elasticsearch #6895
Misc
- Update module golang.org/x/text to v0.11.0 #6976
- Update registry.access.redhat.com/ubi8/ubi-minimal Docker tag to v8.8-1014 #6962
- Disable test agent with fleet mode in 8.0.1 #6957 (issues: #6331, #6956)
- Update module go.elastic.co/apm/v2 to v2.4.3 #6942
- Update module github.com/hashicorp/golang-lru/v2 to v2.0.4 #6935
- Update module github.com/imdario/mergo to v1 #6925
- Update module github.com/prometheus/client_golang to v1.16.0 #6909
- Update k8s to v0.27.3 #6908
- Update module golang.org/x/crypto to v0.10.0 #6900
- Update docker.io/library/golang Docker tag to v1.20.5 #6887
- Update module github.com/spf13/viper to v1.16.0 #6867
- Update module github.com/stretchr/testify to v1.8.4 #6866
- Update module sigs.k8s.io/controller-runtime to v0.15.0 #6847
- Update module github.com/prometheus/common to v0.44.0 #6835
- Update module github.com/google/go-containerregistry to v0.15.2 #6817
- Update module golang.org/x/oauth2 to v0.8.0 #6771
- Update module golang.org/x/net to v0.10.0 #6770
2.8.0
Elastic Cloud on Kubernetes 2.8.0
WarningThis release includes a hardened default security context for Elasticsearch containers. It is highly recommended to test against a staging environment before deploying to production.
Breaking changes
- Use provided base path for stackconfigpolicy's snapshot repository #6689 (issue: #6692)
- APM Server: Fix secret token config for APM Server 8.0+ #6769 (issue: #6768)
New features
Enhancements
Elasticsearch
- Call _nodes/shutdown from pre-stop hook #6544 (issue: #6478)
- Create Elasticsearch client for observer only if needed #6407 (issue: #6090)
- Add the full CA certificate chain to trusted HTTP certs for Elasticsearch #6681 (issue: #6574)
- Allow custom certificates on the transport layer #6727 (issue: #6479)
- Hardened Security Context for Elasticsearch #6703 (issue: #6126)
Helm charts
- Enable hostNetwork support in eck-operator Helm chart #6636
- Add PodDisruptionBudget to eck-operator Helm chart #6671
ECK Operator
- Add operator flag to define webhook port #6691 (issue: #6655)
- Add operator flag to define global container repository #6737 (issue: #6643)
Fleet
Bug fixes
- Fix doc attributes in stack-helm-chart.asciidoc #6742
- Do not set FLEET_CA for well-known CAs #6733 (issue: #6673)
- Fix default
elasticsearch-datavolumeMount configuration #6725 (issue: #6186) - Conditionally set container-suffix in ECK config #6711 (issue: #6695)
- [helm-chart] Include webhook client configuration CA only when certificates are not managed by the operator or cert-manager #6642 (issue: #6641)
- Remove default for daemonset/deployment in eck-beats & eck-agent Helm Charts #6621 (issue: #6330)
Documentation improvements
- Documentation for running ECK, Elasticsearch, and Kibana on GKE Autopilot #6760
- Contributing page updated with Helm chart tests suite #6744
- Documentation for Logstash on ECK #6743
- Add 2.6 and 2.7 to the triggered restart list #6786 (issue: #6765)
Misc
- Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible #6801
- Bump google.golang.org/protobuf from 1.29.0 to 1.29.1 #6549
- Update docker.io/library/golang Docker tag to v1.20.4 #6752
- Update github.com/docker/docker #6654
- Update k8s to v0.26.3 #6546
- Update k8s.io/client-go to v0.26.5 #6849
- Update module cloud.google.com/go/storage to v1.30.0 #6531
- Update module github.com/go-git/go-git/v5 to v5.6.1 #6536
- Update module github.com/go-logr/logr to v1.2.4 #6625
- Update module github.com/google/go-containerregistry to v0.14.0 #6532
- Update module github.com/hashicorp/vault/api to v1.9.1 #6707
- Update module github.com/imdario/mergo to v0.3.15 #6581
- Update module github.com/operator-framework/operator-registry to v1.26.5 #6622
- Update module github.com/prometheus/client_golang to v1.15.0 #6686
- Update module github.com/spf13/cobra to v1.7.0 #6647
- Update module go.elastic.co/apm/module/apmelasticsearch/v2 to v2.3.0 #6631
- Update module go.elastic.co/apm/module/apmzap/v2 to v2.3.0 #6633
- Update module go.uber.org/automaxprocs to v1.5.2 #6547
- Update module golang.org/x/crypto to v0.8.0 #6669
- Update module golang.org/x/text to v0.9.0 #6666
- Update module google.golang.org/api to v0.115.0 #6651
- Update module sigs.k8s.io/controller-runtime to v0.14.6 #6614
- Update module sigs.k8s.io/controller-tools to v0.11.4 #6718
- Update modules go.elastic.co/apm/* to v2.4.1 #6739
- Update registry.access.redhat.com/ubi8/ubi-minimal Docker tag to v8.7-1107 #6646
2.7.0
Elastic Cloud on Kubernetes 2.7.0
Enhancements
- Add a new role for APM Server 8.7.0+ #6605
- Remove deprecation note for APM Server standalone #6601 (#6207)
- Expose all fields below spec in eck-elasticsearch Helm chart #6492 (#6451)
- Allow optional SSL client authentication setting #6440 (#6369)
- Allow setting of volumeClaimDeletePolicy in eck-elasticsearch Helm chart #6409 (#6249)
- Update ECK OperatorHub capability level to L4 #6318
- Support auth for custom users and roles in eck-elasticsearch Helm chart #6306
- Do not overwrite deployment status when reconciling #6302
- Move to vX.X.X tags for easier go module imports #6298 (#6134)
Bug fixes
- Add missing maps webhook, fix inconsistencies #6489 (#6151, #6152)
- Fix handling of unmanaged esRef in Beats Stack Monitoring #6482 (#5880, #6230)
- Fix EnterpriseSearch upgrade with TLS disabled #6224 (#6185)
Documentation improvements
- Update OpenShift supported versions to 4.8-4.12 #6597
- Update Kubernetes supported versions to 1.22-1.26 #6593 (#6571)
- Document FIPS image and OpenShift default namespace limitation #6428 (#6332)
- Adding an exhaustive list of Helm chart values to eck-elasticsearch Helm chart #6336 (#6187)
- Update Logstash recipe #6333 (#6258, #6328)
- Fix yaml Kibana example in saml authentication doc #6301
- Fix minor typo in upgrading-eck doc #6198
Misc
- Update module github.com/prometheus/common to v0.42.0 #6500
- Update docker.io/library/golang Docker tag to v1.20.2 #6497
- Update module golang.org/x/crypto to v0.7.0 #6486
- Update module golang.org/x/text to v0.8.0 #6484
- Update module sigs.k8s.io/controller-runtime to v0.14.5 #6474
- Update module k8s.io/klog/v2 to v2.90.1 #6473
- Update k8s to v0.26.2 #6466
- Update module github.com/stretchr/testify to v1.8.2 #6456
- Update module github.com/gobuffalo/flect to v1.0.2 #6455
- Update registry.access.redhat.com/ubi8/ubi-minimal Docker tag to v8.7-1085 #6438
- Update module github.com/hashicorp/vault/api to v1.9.0 #6403
- Update github.com/dgryski/go-lttb digest to f8fc36c #6387
- Update module sigs.k8s.io/controller-tools to v0.11.3 #6366
- Update module github.com/google/go-containerregistry to v0.13.0 #6353
- Update module github.com/spf13/viper to v1.15.0 #6343
- Update module gopkg.in/yaml.v2 to v3 #6252
- Update module github.com/hashicorp/golang-lru to v2 #6251
- Update module github.com/go-test/deep to v1.1.0 #6222
- Update module github.com/magiconair/properties to v1.8.7 #6217
- Update module go.uber.org/zap to v1.24.0 #6202
- Update module github.com/Masterminds/sprig/v3 to v3.2.3 #6197
2.6.1
Elastic Cloud on Kubernetes 2.6.1
Bug fixes
2.6.0
Elastic Cloud on Kubernetes v2.6.0
New features
- New CRD StackConfigPolicy to declaratively configure multiple Elasticsearch clusters. #6148
- ECK resources Helm Chart - Beats. #5899 (issue: #5505)
Enhancements
- Expose Kubernetes client QPS as a flag. #6157
- Extend existing reattach-pv tool to allow using existing PVs to create newly named cluster. #6118
- Add container-suffix operator flag to allow users to specify a container suffix to be applied across all Elastic stack container images. #6086 (issue: #6064)
- Elasticsearch observer improvements to avoid blocking between workers. #6084 (issue: #6078)
- Improve user password hash comparison performance by utilizing an LRU cache. #6080 (issue: #6076)
- Add default securityContext to the manager container in Operator Helm Chart. #6047
- Allow Fleet Server to be run without TLS. #6020 (issue: #6000)
Bug fixes
- Fix potential panic in Elasticsearch client equal function. #6128
- Increment ECK-stack Helm chart version to support addition of Agent/Fleet Server. #6179
- Try to reconcile license even in absence of known health status #6278 (issue: #6274)
Documentation improvements
- Add experimental label to the StackConfigPolicy doc. #6247
- Document Elastic Stack configuration policies. #6215
- Update eck-diagnostics documentation for filters. #6191
- Add additional Helm documentation for Fleet Server, and Agent. #6154
- Update the list of Kibana keys managed by the operator. #6119
- Document limitation on Minikube without CNI. #6075
- Add latest APM fleet package in Kibana examples when using standalone APM server. #6063 (issue: #5059)
Misc
- Update module github.com/hashicorp/golang-lru to v0.6.0 #6172
- Update module github.com/google/go-containerregistry to v0.12.1 #6168
- Update k8s to v0.25.4 #6167
- Update module helm.sh/helm/v3 to v3.10.2 #6166
- Update module golang.org/x/oauth2 to v0.2.0 #6159
- Update module golang.org/x/crypto to v0.2.0 #6158
- Update module golang.org/x/net to v0.2.0 #6155
- Update module github.com/prometheus/client_golang to v1.14.0 #6150
- Update module github.com/spf13/viper to v1.14.0 #6145
- Update module sigs.k8s.io/controller-runtime to v0.13.1 #6141
- Update module github.com/prometheus/client_golang to v1.13.1 #6136
- Update docker.io/library/golang Docker tag to v1.19.3 #6135
- Update module go.elastic.co/apm/module/apmzap/v2 to v2.2.0 #6131
- Update module go.elastic.co/apm/module/apmelasticsearch/v2 to v2.2.0 #6129
- Update module github.com/hashicorp/vault/api to v1.8.2 #6127
- Update module github.com/spf13/cobra to v1.6.1 #6110
- Update module golang.org/x/text to v0.4.0 #6100
2.5.0
Elastic Cloud on Kubernetes 2.5.0
New features
- Autoscaling Elasticsearch: Introduce a dedicated custom resource #5978 (issue: #5997)
- ECK resources Helm chart - Elastic Agent & Elastic Fleet Server Agent #5889 (issue: #5505)
- Enable Beats stack monitoring configuration #5878 (issue: #5563)
Enhancement
- Surface Kubernetes client rate limiter metrics #6007
- Add Elasticsearch observation interval as configurable value to Helm Chart #5989 (issue: #5988)
- Don’t log non-standard ES JSON error responses as errors #5971 (issue: #5473)
- Report incorrect license type in logs and events #5966 (issue: #5963)
- Inherit all environment variables from ES container in initContainers #5962 (issue: #5577)
- Elasticsearch: always set discovery.seed_hosts to empty array #5950 (issue: #5834)
- [Autoscaling] Add CPU recommender #5924 (issue: #5823)
- Log correlation for operator APM traces #5883
Bug fixes
- Increment desired nodes version on each call #6037 (issue: #5979)
- Ignore unmanaged namespaces in webhook validation for all resources. #6013 (issue: #5814)
- Fix helm chart rendering issues associated with indentation #6004
- Stack monitoring: trust custom cert. in output configuration #5945 (issue: #5917)
Documentation improvements
- Add License files for Helm Charts and Updating Chart README #6008 (issue: #6005)
- Rewrite snapshot documentation and add CSP specific setups #5969 (issues: #5230, #5652)
- Restructure secure settings docs and minor additions #5965 (issue: #5425)
- Update documentation to clarify ES node.processors section. #5941 (issue: #5940)
- Fix typo in "manage compute resources" doc #5929
Misc
- Update module go to 1.19 #6040
- Update k8s to v0.25.2 #6032
- Update module sigs.k8s.io/controller-tools to v0.10.0 #6031
- Update module helm.sh/helm/v3 to v3.10.0 #6030
- Update module github.com/hashicorp/vault/api to v1.8.0 #6022
- Update k8s to v0.25.1 #6018
- Update registry.access.redhat.com/ubi8/ubi-minimal Docker tag to v8.6-941 #6012
- Update module k8s.io/klog/v2 to v2.80.1 #6009
- Update module github.com/google/go-cmp to v0.5.9 #6006
- Update docker.io/library/golang Docker tag to v1.19.1 #6003
- Update module github.com/spf13/viper to v1.13.0 #6001
- Update module github.com/gobuffalo/flect to v0.3.0 #5996
- Update module sigs.k8s.io/controller-runtime to v0.13.0 #5995
- Update module go.uber.org/zap to v1.23.0 #5972
- Update golang to 1.19 #5939
- Update module github.com/prometheus/client_golang to v1.13.0 #5930
- Update module sigs.k8s.io/kustomize/kyaml to v0.13.9 #5918
- Update dependency registry.access.redhat.com/ubi8/ubi-minimal to v8.6-902 #5914
- Update module github.com/stretchr/testify to v1.8.0 #5912
- Update module github.com/prometheus/common to v0.37.0 #5911
- Update module github.com/google/go-containerregistry to v0.11.0 #5910
2.4.0
Elastic Cloud on Kubernetes 2.4.0
Breaking changes
-
Configure Elastic Agent host path volume to point to correct path #5890 (issue: #4428)
Fleet-managed Elastic Agents now default to use a
hostPathvolume for storing their state. This will prevent more than one Pod from the same Elastic Agent Deployment to be deployed on the same Kubernetes node. For cases where this is desired, the volume type can be changed to anemptyDirvolume. Check the docs to learn more.
New features
Enhancements
- Add new operator flag to control Elasticsearch health observation intervals #5861 (issue: #5839)
- Make xpack.security.http.ssl.client_authentication an unsupported setting #5852 (issue: #5817)
- Use static transaction names for APM #5850 (issue: #5840)
- Create Elastic Agent enrolment tokens in the operator #5846 (issue: #5779)
- Support RevisionHistoryLimit for all ECK-managed resources #5818 (issue: #5789)
- Stricter notion of esReacheable: require health response #5796 (issue: #5776)
- Increase default Beats guaranteed memory to 300Mi #5793 (issue: #5036)
Bug fixes
- Move first ES cluster state observation out of go routine #5783 (issue: #5812)
- Check shard activity before removing a node #5758 (issues: #3070, #5713)
Documentation improvements
- Remove experimental label from Elastic Agent docs #5894
- Improve "Operator crashes on startup with
OOMKilled" docs section #5836 - Expose recipes in ECK product documentation #5763 (issue: #5012)
- Fix minimum Helm supported version 3.2.0 in README #5753
Misc
- Update dependency docker.io/library/golang to v1.18.5 #5907
- Update k8s to v0.24.3 #5904
- Update module sigs.k8s.io/kustomize/kyaml to v0.13.8 #5900
- Update module helm.sh/helm/v3 to v3.9.2 #5876
- Update dependency golang to v1.18.4 #5873
- Update dependency registry.access.redhat.com/ubi8/ubi-minimal to v8.6-854 #5855
- Update module sigs.k8s.io/controller-tools to v0.9.1 #5842
- Update module github.com/elastic/go-ucfg to v0.8.6 #5841
- Update module sigs.k8s.io/controller-runtime to v0.12.2 #5828
- Update module github.com/google/go-containerregistry to v0.10.0 #5821
- Update module k8s.io/klog/v2 to v2.70.0 #5819
- Update module github.com/spf13/cobra to v1.5.0 #5811
- Update module github.com/prometheus/common to v0.35.0 #5808
- Update module github.com/stretchr/testify to v1.7.3 #5807
- Update module github.com/hashicorp/vault/api to v1.7.2 #5761
2.3.0
Elastic Cloud on Kubernetes 2.3.0
New features
- Allow providing cleartext passwords for creating Elasticsearch users #5613 (issue: #3056)
- Support a globally shared CA #5539
Enhancements
- Set
status.ObservedGenerationfrommetadata.Generation: - Upgrade PodDisruptionBudget from v1beta1 to v1 #5709
- Support disable-downgrade-validation for all relevant apps #5680 (issue: #5531)
- Allow non-IPs in service spec to avoid noop updates #5663 (issue: #5657)
- Add APM tracing for client-go requests to the Kubernetes API #5651
- Add support for the desired nodes API #5650
- Base ECK docker image on distroless instead of UBI by default #5580 (issue: #4561)
- Added priority class and leader election to operator Helm chart #5538
- Log info for service not found error when reconciling associations #5533
Bug fixes
- Do not use service accounts until Elasticsearch nodes have been upgraded #5830 (issue: #5684)
- Ensure CA is always updated in HTTP Secret #5622 (issue: #5621)
- Fix resources limits conversion in ToInt64() used for logging #5596
- Fix non-closed http responses #5755
Documentation improvements
- a11y Fix "below" occurrences #5714 (issue: #5306)
- a11y Fix "above" occurrences #5672 (issue: #5306)
- Change references to the master branch to main in the CONTRIBUTING guide. #5741
- Fix Helm command examples in docs #5737
- Update list of ECK versions that triggers a rolling restart #5715 (issue: #5648)
- Update documentation pages that use the repository-gcs plugin #5700 (issue: #5457)
- CronJob batch/v1beta1 no longer served in 1.25 #5685
- Update documentation to customize pods #5660
- Wrong indentation of the kibana config #5595
- Update recommended reading Kubebuilder links #5593 (issue: #5584)
- Add APM Server Deprecation Message #5575 (issue: #5419)
- Update license usage data example #5569
Misc
- Update dependency golang to v1.18.3 #5722
- Update k8s to v0.24.1 #5703
- Update module sigs.k8s.io/controller-runtime to v0.12.1 #5697
- Update module sigs.k8s.io/controller-tools to v0.9.0 #5688
- Update module sigs.k8s.io/kustomize/kyaml to v0.13.7 #5682
- Update module github.com/elastic/go-ucfg to v0.8.5 #5661
- Update module github.com/google/go-cmp to v0.5.8 #5619
- Update module github.com/google/go-containerregistry to v0.9.0 #5675
- Update module github.com/hashicorp/vault/api to v1.6.0 #5702
- Update module github.com/imdario/mergo to v0.3.13 #5701
- Update module github.com/jonboulle/clockwork to v0.3.0 #5606
- Update module github.com/prometheus/client_golang to v1.12.2 #5667
- Update module github.com/prometheus/common to v0.34.0 #5594
- Update module github.com/spf13/viper to v1.12.0 #5704
- Update module go.elastic.co/apm/module/apmelasticsearch/v2 to v2.1.0 #5693
- Update module go.uber.org/automaxprocs to v1.5.1 #5560
- Update module gopkg.in/yaml.v3 to v3.0.1 #5706
- Update module helm.sh/helm/v3 to v3.9.0 #5678
- Update dependency registry.access.redhat.com/ubi8/ubi-minimal to v8.6 #5654
2.2.0
Elastic Cloud on Kubernetes 2.2.0
Enhancements
- Report total managed memory in GiB and raw bytes #5527 (issue: #5465)
- Use service accounts for Kibana and Fleet Server #5468 (issue: #5244)
- Support custom Secret for associating external Elastic resources not managed by ECK #5240 (issue: #5078)
Bug fixes
- Update operator Pod to speed up secret propagation #5519 (issue: #3321)
- Reset phase on each reconciliation in Elasticsearch status #5507 (issue: #5506)
- Make nodes field in status optional #5496 (issue: #5493)
- Make sure to read association configuration again from annotations if it was cleared #5489 (issue: #4709)
- Avoid unnecessary DELETE for non-existent secrets #5488 (issue: #5450)
- Avoid unnecessary DELETE calls to manage legacy transport secret #5461 (issue: #5450)
- Avoid unnecessary UPDATE calls when reconciling PVC owner refs #5459 (issue: #5451)
- Do not upgrade all Elasticsearch nodes of a given tier at once #5452 (issue: #1753)
- Operatorhub: Ensure local YAML files have a proper "end of directives" marker #5447
Documentation improvements
- Update license usage data example #5569
- Fix YAML example in custom HTTP certificate doc #5529
- Update the license documentation #5509 (issue: #5475)
- Remove ECK 1.7 from the list of versions that cause a restart on upgrade #5503
- Add known issue for Red Hat certified operator upgrades #5492
- Update example with init container to increase vm.max_map_count #5469 (issue: #5410)
- Fix latinisms occurrences #5456 (issue: #5306)
- Add explicit assumptions before the installation steps #5455 (issue: #5275)
Misc
- Update module go.uber.org/automaxprocs to v1.5.0 #5552
- Update module github.com/gobuffalo/flect to v0.2.5 #5550
- Update module sigs.k8s.io/controller-runtime to v0.11.2 #5541
- Update module github.com/prometheus/common to v0.33.0 #5530
- Update module github.com/hashicorp/vault/api to v1.5.0 #5522
- Update module sigs.k8s.io/kustomize/kyaml to v0.13.6 #5521
- Update module github.com/prometheus/client_golang to v1.12.1 #5517
- Update module github.com/jonboulle/clockwork to v0.2.3 #5516
- Update module k8s.io/klog/v2 to v2.60.1 #5502
- Update module github.com/go-logr/logr to v1.2.3 #5494
- Update k8s to v0.23.5 #5491
- Update module github.com/stretchr/testify to v1.7.1 #5476
- Update module github.com/spf13/cobra to v1.4.0 #5463
- Update module helm.sh/helm/v3 to v3.8.1 #5454
2.1.0
Elastic Cloud on Kubernetes 2.1.0
New features
Enhancements
- Elasticsearch: Set status.ObservedGeneration from metadata.Generation #5331 (issue: #3392)
- Kibana: Set status.ObservedGeneration from metadata.Generation #5409 (issue: #3392)
- Extend full upgrade to any version upgrade of non-HA Elasticsearch #5408
- Handle resource conflict while updating status in association reconciler #5337
- Improve Elasticsearch status sub-resource #5328
- Use new node.roles notation in all example manifests #5289 (issue: #4130)
- Handle data tiers during rolling upgrades #5248 (issue: #5228)
- Isolate operator from HTTP service misconfiguration - Use internal service #5211 (issue: #4394)
- Improve handling of managed namespaces - resolving 'unknown namespace for the cache' errors #5187
Bug fixes
- Avoid reporting outdated Elasticsearch health on reconciliation error that prevents getting the real one #5349 (issue: #5330)
- Only configure Stack Monitoring if association reconciled #5339
- Do not attempt rolling upgrades for non-HA Elasticsearch clusters #5327 (issue: #5321)
- Use precondition when deleting secrets #5273 (issue: #5249)
- Support new Agent base image as of 7.17 #5268
- Fix webhook match policy for OLM based installations #5437 (issue: #5423)
- Fix Agent trust CA commands for all image variants #5438 (issue: #5434)
Documentation improvements
- Add a sentence explaining the upgrade strategy restriction for non-HA Elasticsearch clusters #5400
- Add example code to the Quickstart #5378 (issue: #5322)
- Fix links to Elasticsearch upgrade docs #5347
- Adjust Fleet recipes for default policy change #5281 (issue: #5262)