Skip to content

Commit 5723ccf

Browse files
Merge branch 'main' into esql-multi-values-controls
2 parents 0f8bf2b + 9bd37fc commit 5723ccf

File tree

269 files changed

+4480
-1483
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

269 files changed

+4480
-1483
lines changed

contribute-docs/index.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ We have two distinct systems for contributing to the current Elastic docs:
1212

1313
|System|What it covers|Published at|Format|How to contribute
1414
|----|----|----|----|----|----|
15-
|Main docs|Guides, Troubleshooting, release notes, etc.|[elastic.co/docs](https://www.elastic.co/docs)|Markdown+|- [DocsV3](https://elastic.github.io/docs-builder/contribute/) <br><br> - [Syntax guide](https://elastic.github.io/docs-builder/syntax/)|
15+
|Main docs|Guides, Troubleshooting, release notes, etc.|[elastic.co/docs](https://www.elastic.co/docs)|Markdown+|- [Contribution guide](https://elastic.github.io/docs-builder/contribute/) <br><br> - [Syntax guide](https://elastic.github.io/docs-builder/syntax/)|
1616
|API references|Elastic REST APIs|[elastic.co/docs/api](https://www.elastic.co/docs/api/)|[OpenAPI](https://swagger.io/specification/)|[Contribute to API docs](./api-docs/index.md)|
1717

1818
## Contribute to legacy docs

deploy-manage/deploy/cloud-enterprise/change-endpoint-urls.md

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ https://<CLUSTER_ID.LOCAL_HOST_IP>.ip.es.io:9243
2020
```
2121

2222
::::{important}
23-
If your application does not support HTTPS, you can connect to the HTTP endpoint on port 9200. However, for security reasons, it is recommended to use **HTTPS (9243)** whenever possible.
23+
For security reasons, it is recommended to use **HTTPS (9243)** whenever possible.
2424
::::
2525

2626
To change endpoints in the Cloud UI:
@@ -43,3 +43,7 @@ If you have an App Search instance, after specifying a new deployment domain nam
4343
::::{note}
4444
The built-in Proxy Certificate only validates against the default endpoint format described on this page. Once you change it, it is necessary to upload a new Proxy Certificate as described in [Manage security certificates](/deploy-manage/security/secure-your-elastic-cloud-enterprise-installation/manage-security-certificates.md). For test only, clients can be configured with hostname verification disabled until the new certificate is uploaded.
4545
::::
46+
47+
::::{note}
48+
If you do not use wildcard certificates, you must configure SAN entries for each component of the deployment (for example, {{es}} or {{kib}}) and repeat this process for every deployment. Review [Wildcard DNS record and certificates](./ece-wildcard-dns.md) for more guidance.
49+
::::

deploy-manage/deploy/cloud-enterprise/ece-install-offline-images.md

Lines changed: 25 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -38,16 +38,16 @@ Enterprise Search is not available in versions 9.0+.
3838

3939
| Required downloads | Minimum required ECE version |
4040
| --- | --- |
41-
| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 9.1.5](https://download.elastic.co/cloud-enterprise/versions/9.1.5.zip) | ECE 4.0.0 |
42-
| docker.elastic.co/cloud-release/elasticsearch-cloud-ess:9.1.5 | ECE 4.0.0 |
43-
| docker.elastic.co/cloud-release/kibana-cloud:9.1.5 | ECE 4.0.0 |
44-
| docker.elastic.co/cloud-release/elastic-agent-cloud:9.1.5 | ECE 4.0.0 |
41+
| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 9.2.0](https://download.elastic.co/cloud-enterprise/versions/9.2.0.zip) | ECE 4.0.0 |
42+
| docker.elastic.co/cloud-release/elasticsearch-cloud-ess:9.2.0 | ECE 4.0.0 |
43+
| docker.elastic.co/cloud-release/kibana-cloud:9.2.0 | ECE 4.0.0 |
44+
| docker.elastic.co/cloud-release/elastic-agent-cloud:9.2.0 | ECE 4.0.0 |
4545
| | |
46-
| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.19.5](https://download.elastic.co/cloud-enterprise/versions/8.19.5.zip) | ECE 3.0.0<br>(+ Docker 20.10.10+ required for 8.16+) |
47-
| docker.elastic.co/cloud-release/elasticsearch-cloud-ess:8.19.5 | ECE 3.0.0<br>(+ Docker 20.10.10+ required for 8.16+) |
48-
| docker.elastic.co/cloud-release/kibana-cloud:8.19.5 | ECE 3.0.0 |
49-
| docker.elastic.co/cloud-release/elastic-agent-cloud:8.19.5 | ECE 3.0.0 |
50-
| docker.elastic.co/cloud-release/enterprise-search-cloud:8.19.5 | ECE 3.0.0 |
46+
| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.19.6](https://download.elastic.co/cloud-enterprise/versions/8.19.6.zip) | ECE 3.0.0<br>(+ Docker 20.10.10+ required for 8.16+) |
47+
| docker.elastic.co/cloud-release/elasticsearch-cloud-ess:8.19.6 | ECE 3.0.0<br>(+ Docker 20.10.10+ required for 8.16+) |
48+
| docker.elastic.co/cloud-release/kibana-cloud:8.19.6 | ECE 3.0.0 |
49+
| docker.elastic.co/cloud-release/elastic-agent-cloud:8.19.6 | ECE 3.0.0 |
50+
| docker.elastic.co/cloud-release/enterprise-search-cloud:8.19.6 | ECE 3.0.0 |
5151
| | |
5252
| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 7.17.29](https://download.elastic.co/cloud-enterprise/versions/7.17.29.zip) | ECE 2.2.2 |
5353
| docker.elastic.co/cloud-assets/elasticsearch:7.17.29-0 | ECE 2.2.2 |
@@ -67,6 +67,16 @@ Enterprise Search is not available in versions 9.0+.
6767
::::{dropdown} Expand to view the full list
6868
| Required downloads | Minimum required ECE version |
6969
| --- | --- |
70+
| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 9.2.0](https://download.elastic.co/cloud-enterprise/versions/9.2.0.zip) | ECE 4.0.0 |
71+
| docker.elastic.co/cloud-release/elasticsearch-cloud-ess:9.2.0 | ECE 4.0.0 |
72+
| docker.elastic.co/cloud-release/kibana-cloud:9.2.0 | ECE 4.0.0 |
73+
| docker.elastic.co/cloud-release/elastic-agent-cloud:9.2.0 | ECE 4.0.0 |
74+
| | |
75+
| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 9.1.6](https://download.elastic.co/cloud-enterprise/versions/9.1.6.zip) | ECE 4.0.0 |
76+
| docker.elastic.co/cloud-release/elasticsearch-cloud-ess:9.1.6 | ECE 4.0.0 |
77+
| docker.elastic.co/cloud-release/kibana-cloud:9.1.6 | ECE 4.0.0 |
78+
| docker.elastic.co/cloud-release/elastic-agent-cloud:9.1.6 | ECE 4.0.0 |
79+
| | |
7080
| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 9.1.5](https://download.elastic.co/cloud-enterprise/versions/9.1.5.zip) | ECE 4.0.0 |
7181
| docker.elastic.co/cloud-release/elasticsearch-cloud-ess:9.1.5 | ECE 4.0.0 |
7282
| docker.elastic.co/cloud-release/kibana-cloud:9.1.5 | ECE 4.0.0 |
@@ -137,6 +147,12 @@ Enterprise Search is not available in versions 9.0+.
137147
| docker.elastic.co/cloud-release/kibana-cloud:9.0.0 | ECE 4.0.0 |
138148
| docker.elastic.co/cloud-release/elastic-agent-cloud:9.0.0 | ECE 4.0.0 |
139149
| | |
150+
| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.19.6](https://download.elastic.co/cloud-enterprise/versions/8.19.6.zip) | ECE 3.0.0<br>(+ Docker 20.10.10+ required for 8.16+) |
151+
| docker.elastic.co/cloud-release/elasticsearch-cloud-ess:8.19.6 | ECE 3.0.0<br>(+ Docker 20.10.10+ required for 8.16+) |
152+
| docker.elastic.co/cloud-release/kibana-cloud:8.19.6 | ECE 3.0.0 |
153+
| docker.elastic.co/cloud-release/elastic-agent-cloud:8.19.6 | ECE 3.0.0 |
154+
| docker.elastic.co/cloud-release/enterprise-search-cloud:8.19.6 | ECE 3.0.0 |
155+
| | |
140156
| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.19.5](https://download.elastic.co/cloud-enterprise/versions/8.19.5.zip) | ECE 3.0.0<br>(+ Docker 20.10.10+ required for 8.16+) |
141157
| docker.elastic.co/cloud-release/elasticsearch-cloud-ess:8.19.5 | ECE 3.0.0<br>(+ Docker 20.10.10+ required for 8.16+) |
142158
| docker.elastic.co/cloud-release/kibana-cloud:8.19.5 | ECE 3.0.0 |

deploy-manage/deploy/cloud-enterprise/ece-wildcard-dns.md

Lines changed: 24 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,19 +8,39 @@ products:
88
- id: cloud-enterprise
99
---
1010

11-
# Wildcard DNS record [ece-wildcard-dns]
11+
# Wildcard DNS record and certificates [ece-wildcard-dns]
1212

1313
::::{warning}
1414
Don't use `ip.es.io` for production systems. Set up your own domain name and DNS resolver for production. We do not guarantee uptime with `ip.es.io`.
1515

1616
`ip.es.io` is intended for use only by {{ece}} customers. We may, acting in our sole discretion, immediately terminate, suspend, or block any unauthorized users or uses without notice.
1717
::::
1818

19-
By default, {{ece}} uses the external `ip.es.io` service provided by Elastic to resolve virtual {{es}} cluster host names in compliance with RFC1918. The service works by resolving host names of the form `<ip>.ip.es.io` to `<ip>`. In the case of {{ece}}, each cluster is assigned a virtual host name of the form `<cluster id>.<proxy ip address>.ip.es.io:<port>`, such as `6dfc65aae62341e18a8b7692dcc97186.10.8.156.132.ip.es.io:9243`. The `ip.es.io` service simply resolves the virtual host name of the cluster to the proxy address which is specified during installation, `10.8.156.132` in our example, so that client requests are sent to the proxy. The proxy then extracts the cluster ID from the virtual host name of the cluster and uses its internal routing table to route the request to the right allocator.
19+
By default, {{ece}} uses the external `ip.es.io` service provided by Elastic to resolve virtual {{es}} cluster host names in compliance with RFC1918. The service works by resolving host names of the form `<ip>.ip.es.io` to `<ip>`. In the case of {{ece}}, each cluster is assigned a virtual host name of the form `<cluster id>.<proxy ip address>.ip.es.io:<port>`, such as `6dfc65aae62341e18a8b7692dcc97186.10.8.156.132.ip.es.io:9243`.
20+
21+
The `ip.es.io` service simply resolves the virtual host name of the cluster to the proxy address which is specified during installation, `10.8.156.132` in our example, so that client requests are sent to the proxy. The proxy then extracts the cluster ID from the virtual host name of the cluster and uses its internal routing table to route the request to the right allocator.
22+
23+
## Considerations for production
2024

2125
The `ip.es.io` service is provided to help you evaluate {{ece}} without having to set up DNS records for your environment. You must set up a wildcard DNS record for your production system. You typically set up a wildcard DNS record that resolves to the proxy host or to a load balancer if you set up multiple proxies fronted by a load balancer. You can create both a wildcard DNS entry for your endpoints and a wildcard TLS/SSL certificate, so that you can create multiple clusters without the need for further DNS or TSL/SSL modifications. Simply configure your DNS to point to your load balancers and install your certificates on them, so that communication with the cluster is secure.
2226

23-
A wildcard certificate is enabled based on the deployment domain name. For more information on modifying the deployment domain name, check [Configure endpoints](change-endpoint-urls.md). The deployment domain name also determines the endpoint URLs that are displayed in the Cloud UI.
27+
## Configuring wildcard DNS certificates
28+
29+
{{ece}} highly recommends using a wildcard DNS certificate, typically configured as a subdomain (for example, `*.ece.mycompany.com`), to automatically secure the unique endpoints generated for each deployment (for example, `[cluster-id].ece.mycompany.com`). For details on modifying the deployment domain name, see [Change endpoint URLs](change-endpoint-urls.md). The deployment domain name also determines the endpoint URLs displayed in the Cloud UI.
30+
31+
Additionally, if you use custom endpoint aliases, you must configure a wildcard DNS certificate for each application-specific subdomain, such as `*.es.mycompany.com` for {{es}} or `*.kb.mycompany.com` for {{kib}}. Refer to [Enable custom endpoint aliases](./enable-custom-endpoint-aliases.md) for more information. Platform administrators must enable this feature to allow deployment managers to create and modify aliases for their deployments.
32+
33+
34+
### Wildcard DNS certificate vs static SAN certificates
35+
36+
In {{ece}}, each deployment generates multiple DNS entries, as every component within a deployment has its own cluster ID and fully qualified domain name (FQDN), and may also have an [alias](./enable-custom-endpoint-aliases.md). In environments with many deployments, especially when aliases are used, this can result in hundreds of unique FQDNs that must be covered by the certificate.
37+
38+
For this reason, using a wildcard DNS certificate for a subdomain, such as `*.ece.mycompany.com`, is recommended over a certificate with static SAN entries, as it offers a more scalable, efficient, and operationally safe solution:
39+
40+
* **Operational cost:** Because deployment FQDNs cannot be predicted in advance, a wildcard certificate provides optimal flexibility, allowing the proxy to present a valid certificate for any deployment URL. In contrast, a certificate with static SAN entries must be reissued whenever a new deployment is created, which increases the operational overhead.
41+
42+
* **Security:** We suggest configuring your wildcard DNS certificate for a subdomain, such as `*.ece.mycompany.com`. Doing so significantly reduces security risks associated with certificate misconfigurations. In contrast, if a certificate with static SAN entries does not include the new deployment’s cluster IDs, clients will encounter certificate name mismatch warnings, indicating a security misconfiguration.
43+
44+
* **Performance:** Wildcard certificates are generally more performant than certificates with a large number of SAN entries. They are smaller, which reduces TLS handshake time, and scale automatically with new deployments. In contrast, certificates with a large number of SAN entries can increase handshake latency and may affect client compatibility.
2445

25-
Report security issues to [email protected].
2646

deploy-manage/deploy/cloud-enterprise/enable-custom-endpoint-aliases.md

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -23,21 +23,18 @@ After installing or upgrading to version 2.10 or later:
2323
2. [Update your proxy certificate(s)](../../security/secure-your-elastic-cloud-enterprise-installation/manage-security-certificates.md). In addition to currently configured domains, additional SAN entries must be configured for each application-specific subdomain:
2424

2525
::::{note}
26-
If you are not using wildcard certificates, you need to repeat this process for each deployment to account for specific aliases.
26+
If you are not using wildcard certificates, you need to repeat this process for each deployment to account for specific aliases. Review [Wildcard DNS record and certificates](./ece-wildcard-dns.md) for more guidance.
2727
::::
28-
28+
2929

3030
* For {{es}}, the certificate needs to allow for **\*.es.<your-domain>**
3131
* For {{kib}}, the certificate needs to allow for **\*.kb.<your-domain>**
3232
* For APM, the certificate needs to allow for **\*.apm.<your-domain>**
3333
* For Fleet, the certificate needs to allow for **\*.fleet.<your-domain>**
3434
* For Universal Profiling, the certificate needs to allow for **\*.profiling.<your-domain>** and **\*.symbols.<your-domain>**
3535

36+
3637
3. In the **Platform** menu, select **Settings**.
3738
4. Under the **Enable custom endpoint alias naming**, toggle the setting to allow platform administrators and deployment managers to choose a simplified, unique URL for the endpoint.
3839

39-
If you do not perform these steps, application endpoints will behave as they did in versions before 2.10.
40-
41-
To learn about setting up custom endpoint aliases for your deployments, check [Custom endpoint aliases](ece-regional-deployment-aliases.md).
42-
4340

deploy-manage/deploy/cloud-enterprise/manage-elastic-stack-versions.md

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,8 @@ $$$ece-elastic-stack-stackpacks-recent$$$
3636

3737
| Stack pack download link | Minimum required ECE version |
3838
| --- | --- |
39-
| [{{es}}, {{kib}}, and APM stack pack: 9.1.5](https://download.elastic.co/cloud-enterprise/versions/9.1.5.zip) | ECE 4.0.0 |
40-
| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.19.5](https://download.elastic.co/cloud-enterprise/versions/8.19.5.zip) | ECE 3.0.0<br>(+ Docker 20.10.10+ required for 8.16+) |
39+
| [{{es}}, {{kib}}, and APM stack pack: 9.2.0](https://download.elastic.co/cloud-enterprise/versions/9.2.0.zip) | ECE 4.0.0 |
40+
| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.19.6](https://download.elastic.co/cloud-enterprise/versions/8.19.6.zip) | ECE 3.0.0<br>(+ Docker 20.10.10+ required for 8.16+) |
4141
| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 7.17.29](https://download.elastic.co/cloud-enterprise/versions/7.17.29.zip) | ECE 2.2.2 |
4242

4343

@@ -48,6 +48,8 @@ Following is the full list of available packs containing {{stack}} versions. Not
4848
::::{dropdown} Expand to view the full list
4949
| Stack pack download link | Minimum required ECE version |
5050
| --- | --- |
51+
| [{{es}}, {{kib}}, and APM stack pack: 9.2.0](https://download.elastic.co/cloud-enterprise/versions/9.2.0.zip) | ECE 4.0.0 |
52+
| [{{es}}, {{kib}}, and APM stack pack: 9.1.6](https://download.elastic.co/cloud-enterprise/versions/9.1.6.zip) | ECE 4.0.0 |
5153
| [{{es}}, {{kib}}, and APM stack pack: 9.1.5](https://download.elastic.co/cloud-enterprise/versions/9.1.5.zip) | ECE 4.0.0 |
5254
| [{{es}}, {{kib}}, and APM stack pack: 9.1.4](https://download.elastic.co/cloud-enterprise/versions/9.1.4.zip) | ECE 4.0.0 |
5355
| [{{es}}, {{kib}}, and APM stack pack: 9.1.3](https://download.elastic.co/cloud-enterprise/versions/9.1.3.zip) | ECE 4.0.0 |
@@ -62,6 +64,7 @@ Following is the full list of available packs containing {{stack}} versions. Not
6264
| [{{es}}, {{kib}}, and APM stack pack: 9.0.2](https://download.elastic.co/cloud-enterprise/versions/9.0.2.zip) | ECE 4.0.0 |
6365
| [{{es}}, {{kib}}, and APM stack pack: 9.0.1](https://download.elastic.co/cloud-enterprise/versions/9.0.1.zip) | ECE 4.0.0 |
6466
| [{{es}}, {{kib}}, and APM stack pack: 9.0.0](https://download.elastic.co/cloud-enterprise/versions/9.0.0.zip) | ECE 4.0.0 |
67+
| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.19.6](https://download.elastic.co/cloud-enterprise/versions/8.19.6.zip) | ECE 3.0.0<br>(+ docker 20.10.10+ required for 8.16+) |
6568
| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.19.5](https://download.elastic.co/cloud-enterprise/versions/8.19.5.zip) | ECE 3.0.0<br>(+ docker 20.10.10+ required for 8.16+) |
6669
| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.19.4](https://download.elastic.co/cloud-enterprise/versions/8.19.4.zip) | ECE 3.0.0<br>(+ docker 20.10.10+ required for 8.16+) |
6770
| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.19.3](https://download.elastic.co/cloud-enterprise/versions/8.19.3.zip) | ECE 3.0.0<br>(+ docker 20.10.10+ required for 8.16+) |

deploy-manage/deploy/elastic-cloud/google-cloud-platform-marketplace.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ Subscribe to {{ecloud}} directly from the Google Cloud Platform (GCP). You then
1616

1717
Some differences exist when you subscribe to {{ecloud}} through the GCP Marketplace:
1818

19-
* New customers {{ecloud}} obtain a 7-day trial period. During this period, you can use a single deployment and three projects of {{ecloud}}. After this period, usage-based billing starts, unless you delete your cloud resources. Note that once customers unsubscribe from the GCP offer, their trial will end immediately. Even if they resubscribe, they will not be able to resume the trial.
19+
* New {{ecloud}} customers obtain a 7-day trial period. During this period, you can use a single deployment and three projects of {{ecloud}}. After this period, usage-based billing starts, unless you delete your cloud resources. Note that once customers unsubscribe from the GCP offer, their trial will end immediately. Even if they resubscribe, they will not be able to resume the trial.
2020
* Pricing for an {{ecloud}} subscription through the GCP Marketplace follows the pricing outlined on the [{{ecloud}}](https://console.cloud.google.com/marketplace/product/endpoints/elasticsearch-service.gcpmarketplace.elastic.co) page in the GCP Marketplace. Pricing is based the {{ecloud}} [billing dimensions](../../cloud-organization/billing.md#pricing-model).
2121
* To access your billing information at any time go to **Account & Billing**. You can also go to **Account & Billing** and then **Usage** to view your usage hours and units per hour.
2222

deploy-manage/kibana-reporting-configuration.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,11 @@ Before upgrading {{kib}} in a production environment, we encourage you to test y
3636

3737
To secure {{report-features}}, you must grant users access to reporting functionality and protect the reporting endpoints with TLS/SSL encryption. Additionally, you can install graphical packages on the operating system to enable screenshot capabilities in the {{kib}} server.
3838

39+
:::{note}
40+
:applies_to: {stack: ga, serverless: unavailable}
41+
API keys are used to authenticate requests to generate reports. If you have a cross-cluster search environment and want to generate reports from remote clusters, you must have the appropriate cluster and index privileges on the remote cluster and local cluster. For example, if requests are authenticated with an API key, the API key requires certain privileges on the local cluster that contains the leader index, instead of the remote. For more information and examples, refer to [Configure roles and users for remote clusters](../deploy-manage/remote-clusters/remote-clusters-cert.md#remote-clusters-privileges-cert).
42+
:::
43+
3944
Configuring reporting in your environment involves two main areas:
4045

4146
### Granting users access to {{report-features}}

0 commit comments

Comments
 (0)