Merge branch 'main' into remove-apm-release-notes

Author: colleenmcginnis

deploy-manage/cloud-organization/billing/cloud-hosted-deployment-billing-dimensions.md

@@ -60,7 +60,7 @@ Data transfer out of deployments and between nodes of the cluster is hard to con
 
 The largest contributor to inter-node data transfer is usually shard movement between nodes in a cluster.  The only way to prevent shard movement is by having a single node in a single availability zone. This solution is only possible for clusters up to 64GB RAM and is not recommended as it creates a risk of data loss. [Oversharding](/deploy-manage/production-guidance/optimize-performance/size-shards.md) can cause excessive shard movement. Avoiding oversharding can also help control costs and improve performance. Note that creating snapshots generates inter-node data transfer. The *storage* cost of snapshots is detailed later in this document.
 
-The exact root cause of unusual data transfer is not always something we can identify as it can have many causes, some of which are out of our control and not associated with Cloud configuration changes.  It may help to [enable monitoring](../../monitor/stack-monitoring/elastic-cloud-stack-monitoring.md) and examine index and shard activity on your cluster.
+The exact root cause of unusual data transfer is not always something we can identify as it can have many causes, some of which are out of our control and not associated with Cloud configuration changes.  It may help to [enable monitoring](../../monitor/stack-monitoring/ece-ech-stack-monitoring.md) and examine index and shard activity on your cluster.
 
 
 ## Storage [storage] 

deploy-manage/deploy/cloud-enterprise/ece-configuring-ece-create-templates.md

@@ -76,7 +76,7 @@ Before you start creating your own deployment templates, you should have: [tagge
 9. On this page you can [configure index management](ece-configure-templates-index-management.md) by assigning attributes to each of the data nodes in the deployment template. In Kibana, you can configure an index lifecycle management (ILM) policy, based on the node attributes, to control how data moves across the nodes in your deployment.
 10. Select **Stack features**.
 11. You can select a [snapshot repository](../../tools/snapshot-and-restore/cloud-enterprise.md) to be used by default for deployment backups.
-12. You can choose to [enable logging and monitoring](../../monitor/stack-monitoring/ece-stack-monitoring.md) by default, so that deployment logs and metrics are send to a dedicated monitoring deployment, and so that additional log types, retention options, and Kibana visualizations are available on all deployments created using this template.
+12. You can choose to [enable logging and monitoring](../../monitor/stack-monitoring/ece-ech-stack-monitoring.md) by default, so that deployment logs and metrics are send to a dedicated monitoring deployment, and so that additional log types, retention options, and Kibana visualizations are available on all deployments created using this template.
 13. Select **Extensions**.
 14. Select any Elasticsearch extensions that you would like to be available automatically to all deployments created using the template.
 15. Select **Save and create template**.

deploy-manage/deploy/cloud-enterprise/system-deployments-configuration.md

@@ -69,7 +69,7 @@ In the case of the `admin-console-elasticsearch` and `security` system deploymen
 The `logging-and-metrics` cluster is different since, as an ECE admin, you likely want to provide users with access to the cluster in order to troubleshoot issues without your assistance, for example. In order to manage access to that cluster, you can configure roles that will provide access to the relevant indices, map those to users, and manage access to Kibana by leveraging the Elastic security integration with your authentication provider, such as LDAP, SAML, or AD. To configure one of those security realms, check [LDAP](../../users-roles/cluster-or-deployment-auth/ldap.md), [Active Directory](../../users-roles/cluster-or-deployment-auth/active-directory.md) or [SAML](../../users-roles/cluster-or-deployment-auth/saml.md).
 
 ::::{note} 
-The `logging-and-metrics` cluster is only intended for troubleshooting ECE deployment issues. If your use case involves modifying or normalizing logs from {{es}} or {{kib}}, use a separate [dedicated monitoring deployment](../../monitor/stack-monitoring/ece-stack-monitoring.md) instead.
+The `logging-and-metrics` cluster is only intended for troubleshooting ECE deployment issues. If your use case involves modifying or normalizing logs from {{es}} or {{kib}}, use a separate [dedicated monitoring deployment](../../monitor/stack-monitoring/ece-ech-stack-monitoring.md) instead.
 ::::
 
 You can’t use ECE’s single sign-on (SSO) to access system deployments.

deploy-manage/deploy/cloud-enterprise/working-with-deployments.md

@@ -44,7 +44,7 @@ From the deployment main page, you can quickly access the following configuratio
 
 * Select **{{es}} > snapshots** to associate a [snapshots repository](../../tools/snapshot-and-restore/cloud-enterprise.md#ece-manage-repositories-clusters) with the deployment.
 
-* Select **Monitoring > Logs and metrics** to set up [Stack monitoring](../../monitor/stack-monitoring/ece-stack-monitoring.md) for your deployment, forwarding its logs and metrics to a dedicated monitoring deployment. 
+* Select **Monitoring > Logs and metrics** to set up [Stack monitoring](../../monitor/stack-monitoring/ece-ech-stack-monitoring.md) for your deployment, forwarding its logs and metrics to a dedicated monitoring deployment. 
 
   ::::{note}
   In addition to the monitoring of clusters that is described here, don’t forget that {{ece}} also provides [monitoring information for your entire installation](../../../deploy-manage/monitor/orchestrators/ece-platform-monitoring.md).

deploy-manage/deploy/cloud-on-k8s/configure-deployments.md

@@ -29,6 +29,8 @@ Additionally, the following topics apply to both {{es}} and {{kib}}, and in some
 
 ECK also facilitates configuration and operation activities with advanced features, such as:
 
+* [**Secure settings**](/deploy-manage/security/k8s-secure-settings.md): Configure {{es}} and {{kib}} keystore settings through Kubernetes secrets.
+
 * [**Elastic Stack configuration policies**](elastic-stack-configuration-policies.md): Organize your {{es}} and {{kib}} configuration settings through `StackConfigPolicy` resources that can be referenced within your deployments. This helps to keep your manifests simplified.
 
 ::::{important}

deploy-manage/deploy/cloud-on-k8s/configure.md

@@ -27,7 +27,7 @@ The following guides cover common ECK configuration tasks:
 
 * [Service meshes](./service-meshes.md): Connect ECK and managed Elastic Stack applications to some of the most popular [service mesh](https://www.cncf.io/blog/2017/04/26/service-mesh-critical-component-cloud-native-stack/) implementations in the Kubernetes ecosystem.
 
-* [Network policies](./network-policies.md): Use [Kubernetes network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) to isolate pods by restricting incoming and outgoing network connections to a trusted set of sources and destinations.
+* [Network policies](./../../security/k8s-network-policies.md): Use [Kubernetes network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) to isolate pods by restricting incoming and outgoing network connections to a trusted set of sources and destinations.
 
 * [](./webhook-namespace-selectors.md): Restrict the namespaces that the validation webhook applies to, allowing multiple operators to coexist efficiently in the same cluster.
 

deploy-manage/deploy/cloud-on-k8s/elastic-stack-configuration-policies.md

@@ -35,7 +35,7 @@ Starting from ECK `2.6.1` and Elasticsearch `8.6.1`, Elastic Stack configuration
 Additionally with ECK `2.11.0` it is possible to configure Kibana as well using Elastic Stack configuration policies, the following settings can be configured for Kibana:
 
 * [Kibana Configuration](kibana://reference/configuration-reference/general-settings.md) (configuration settings for Kibana that will go into `kibana.yml`)
-* [Kibana Secure Settings](k8s-kibana-secure-settings.md)
+* [Kibana Secure Settings](../../security/k8s-secure-settings.md)
 
 A policy can be applied to one or more Elasticsearch clusters or Kibana instances in any namespace managed by the ECK operator. Configuration policy settings applied by the ECK operator are immutable through the Elasticsearch REST API. It is currently not allowed to configure an Elasticsearch cluster or Kibana instance with more than one policy.
 
@@ -65,7 +65,7 @@ At least one of `spec.elasticsearch` or `spec.kibana` needs to be defined with a
 * `spec.kibana` describes the settings to configure for Kibana.
 
     * `config` are the settings that go into the `kibana.yml` file.
-    * `secureSettings` is a list of Secrets containing Secure Settings to inject into the keystore(s) of the Kibana instance(s) to which this policy applies, similar to the [Kibana Secure Settings](k8s-kibana-secure-settings.md).
+    * `secureSettings` is a list of Secrets containing Secure Settings to inject into the keystore(s) of the Kibana instance(s) to which this policy applies, similar to the [Kibana Secure Settings](../../security/k8s-secure-settings.md).
 
 
 The following fields are optional:

deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md

@@ -22,6 +22,7 @@ Before deploying and running ECK in production, review the basic and advanced se
 * [Node configuration](node-configuration.md): Configure the `elasticsearch.yml` of your {{es}} nodes.
 * [Volume claim templates](volume-claim-templates.md): Configure storage in your {{es}} nodes.
 * [Virtual memory](virtual-memory.md): Methods to accomplish {{es}} virtual memory system configuration requirement.
+* [Secure settings](/deploy-manage/security/k8s-secure-settings.md): Configure the {{es}} keystore through Kubernetes secrets.
 * [Settings managed by ECK](settings-managed-by-eck.md): List of {{es}} settings that you shouldn't update.
 * [Custom configuration files and plugins](custom-configuration-files-plugins.md): Add extra configuration files or install plugins to your {{es}} nodes.
 * [Init containers for plugin downloads](init-containers-for-plugin-downloads.md): Use Kubernetes init containers to install plugins before starting {{es}}.
@@ -38,7 +39,7 @@ Before deploying and running ECK in production, review the basic and advanced se
 ## TLS/SSL Certificates
 
 * [Secure HTTP communications](/deploy-manage/security/secure-http-communications.md): Customize the service and TLS certificates used for transport traffic.
-* [Transport settings](transport-settings.md): Customize the service and TLS certificates used for transport traffic.
+* [Transport settings](../../security/k8s-transport-settings.md): Customize the service and TLS certificates used for transport traffic.
 
 ## Traffic handling
 
@@ -48,8 +49,6 @@ Before deploying and running ECK in production, review the basic and advanced se
 
 Other sections of the documentation also include relevant configuration options for your {{es}} cluster:
 
-* [Secure settings](/deploy-manage/security/secure-settings.md)
-
 * [Users and roles](/deploy-manage/users-roles.md)
 
 * [Snapshots](../../tools/snapshot-and-restore/cloud-on-k8s.md)

deploy-manage/deploy/cloud-on-k8s/k8s-kibana-advanced-configuration.md

@@ -13,7 +13,7 @@ If you already looked at the [Elasticsearch on ECK](elasticsearch-configuration.
 * [Customize the Pod configuration](#k8s-kibana-pod-configuration)
 * [Customize the product configuration](#k8s-kibana-configuration)
 * [Manage HTTP settings](/deploy-manage/security/secure-http-communications.md#k8s-kibana-http-configuration)
-* [Use secure settings](k8s-kibana-secure-settings.md)
+* [Use secure settings](../../security/k8s-secure-settings.md)
 * [Install {{kib}} plugins](k8s-kibana-plugins.md)
 
 ## Pod configuration [k8s-kibana-pod-configuration]
@@ -97,7 +97,7 @@ kubectl get secret my-kibana-kb-config -o jsonpath='{ .data.kibana\.yml }' | bas
 ::::
 
 
-You can provide your own encryption keys using a secure setting, as described in [Secure settings](k8s-kibana-secure-settings.md).
+You can provide your own encryption keys using a secure setting, as described in [Secure settings](../../security/k8s-secure-settings.md).
 
 ::::{note}
 While most reconfigurations of your {{kib}} instances are carried out in rolling upgrade fashion, all version upgrades will cause {{kib}} downtime. This happens because you can only run a single version of {{kib}} at any given time. For more information, check [Upgrade {{kib}}](/deploy-manage/upgrade/deployment-or-cluster.md).

deploy-manage/deploy/cloud-on-k8s/k8s-kibana-es.md

@@ -47,7 +47,7 @@ Refer to [*Connect to external Elastic resources*](connect-to-external-elastic-r
 
 ## Using secure settings [k8s_using_secure_settings]
 
-For example, use the [secure settings](k8s-kibana-secure-settings.md) mechanism to securely store the default `elastic` user’s `$PASSWORD` credential of the external {{es}} cluster as set under [Deploy an {{es}} cluster](elasticsearch-deployment-quickstart.md):
+For example, use the [secure settings](../../security/k8s-secure-settings.md) mechanism to securely store the default `elastic` user’s `$PASSWORD` credential of the external {{es}} cluster as set under [Deploy an {{es}} cluster](elasticsearch-deployment-quickstart.md):
 
 ```shell
 kubectl create secret generic kibana-elasticsearch-credentials --from-literal=elasticsearch.password=$PASSWORD