elastic · shainaraskas · Aug 8, 2025 · Aug 7, 2025 · Aug 7, 2025 · Aug 7, 2025
@@ -2,13 +2,13 @@ You can add your own {{kib}} settings to the `spec.config` section.
 
 The following example demonstrates how to set the [`elasticsearch.requestHeadersWhitelist`](kibana://reference/configuration-reference/general-settings.md#elasticsearch-requestheaderswhitelist) configuration option.
 
-```yaml
+```yaml subs=true
 apiVersion: kibana.k8s.elastic.co/v1
 kind: Kibana
 metadata:
   name: kibana-sample
 spec:
-  version: 8.16.1
+  version: {{version.stack}}
   count: 1
   elasticsearchRef:
     name: "elasticsearch-sample"

@@ -71,13 +71,13 @@ By default, the {{es}} service created by ECK is configured to route traffic to
 When you change the `clusterIP` setting of the service, ECK will delete and re-create the service as `clusterIP` is an immutable field. Depending on your client implementation, this might result in a short disruption until the service DNS entries refresh to point to the new endpoints.
 ::::
 
-```yaml
+```yaml subs=true
 apiVersion: <kind>.k8s.elastic.co/v1
 kind: <Kind>
 metadata:
   name: hulk
 spec:
-  version: 8.16.1
+  version: {{version.stack}}
   http:
     service:
       spec:

@@ -41,7 +41,7 @@ You can specify sensitive settings with Kubernetes secrets. ECK automatically in
 
 The Logstash Keystore can be password protected by setting an environment variable called `LOGSTASH_KEYSTORE_PASS`. Check out [Logstash Keystore](logstash://reference/keystore.md#keystore-password) documentation for details.
 
-```yaml
+```yaml subs=true
 apiVersion: v1
 kind: Secret
 metadata:
@@ -54,7 +54,7 @@ kind: Logstash
 metadata:
   name: logstash-sample
 spec:
-  version: 8.16.1
+  version: {{version.stack}}
   count: 1
   pipelines:
     - pipeline.id: main

@@ -27,27 +27,27 @@ You can add any valid Elastic Maps Server setting as documented on the [product]
 
 The following example demonstrates how to set the log level to `debug`:
 
-```yaml
+```yaml subs=true
 apiVersion: maps.k8s.elastic.co/v1alpha1
 kind: ElasticMapsServer
 metadata:
   name: quickstart
 spec:
-  version: 8.16.1
+  version: {{version.stack}}
   count: 1
   config:
      logging.level: debug
 ```
 
 Alternatively, settings can be provided through a Secret specified in the `configRef` element:
 
-```yaml
+```yaml subs=true
 apiVersion: maps.k8s.elastic.co/v1alpha1
 kind: ElasticMapsServer
 metadata:
   name: quickstart
 spec:
-  version: 8.16.1
+  version: {{version.stack}}
   configRef:
     secretName: maps-config
 ---

@@ -25,15 +25,15 @@ APM Agent central configuration was added in 7.5.1.
 
 [APM Agent configuration management](/solutions/observability/apm/apm-agent-central-configuration.md) allows you to configure your APM Agents centrally from the {{kib}} APM app. To use this feature, the APM Server needs to be configured with connection details of the {{kib}} instance. If {{kib}} is managed by ECK, you can simply add a `kibanaRef` attribute to the APM Server specification:
 
-```yaml
+```yaml subs=true
 cat <<EOF | kubectl apply -f -
 apiVersion: apm.k8s.elastic.co/v1
 kind: ApmServer
 metadata:
   name: apm-server-quickstart
   namespace: default
 spec:
-  version: 8.16.1
+  version: {{version.stack}}
   count: 1
   elasticsearchRef:
     name: quickstart
@@ -58,14 +58,14 @@ config:
 
 To customize the configuration of the APM Server, use the `config` element in the specification:
 
-```yaml
+```yaml subs=true
 apiVersion: apm.k8s.elastic.co/v1
 kind: ApmServer
 metadata:
   name: apm-server-quickstart
   namespace: default
 spec:
-  version: 8.16.1
+  version: {{version.stack}}
   count: 1
   config:
     output:
@@ -94,14 +94,14 @@ The APM Server keystore can be used to store sensitive settings in the APM Serve
 
 2. In the `spec.secureSettings` section, add a reference to the secret you previously created.
 
-    ```yaml
+    ```yaml subs=true
     apiVersion: apm.k8s.elastic.co/v1
     kind: ApmServer
     metadata:
       name: apm-server-quickstart
       namespace: default
     spec:
-      version: 8.16.1
+      version: {{version.stack}}
       count: 1
       secureSettings:
       - secretName: apm-secret-settings
@@ -134,14 +134,14 @@ Now that you know how to use the APM keystore and customize the server configura
 
     Here is a complete example with a password stored in the Keystore, as described in the previous section:
 
-    ```yaml
+    ```yaml subs=true
     apiVersion: apm.k8s.elastic.co/v1
     kind: ApmServer
     metadata:
       name: apm-server-quickstart
       namespace: default
     spec:
-      version: 8.16.1
+      version: {{version.stack}}
       count: 1
       secureSettings:
       - secretName: apm-secret-settings

@@ -30,13 +30,13 @@ You can use [YAML anchors](https://yaml.org/spec/1.2/spec.html#id2765878) to dec
 
 This allows you to describe an {{es}} cluster with 3 dedicated master nodes, for example:
 
-```yaml
+```yaml subs=true
 apiVersion: elasticsearch.k8s.elastic.co/v1
 kind: Elasticsearch
 metadata:
   name: quickstart
 spec:
-  version: 8.16.1
+  version: {{version.stack}}
   nodeSets:
   # 3 dedicated master nodes
   - name: master
@@ -59,13 +59,13 @@ You can set up various [affinity and anti-affinity options](https://kubernetes.i
 
 To avoid scheduling several {{es}} nodes from the same cluster on the same host, use a `podAntiAffinity` rule based on the hostname and the cluster name label:
 
-```yaml
+```yaml subs=true
 apiVersion: elasticsearch.k8s.elastic.co/v1
 kind: Elasticsearch
 metadata:
   name: quickstart
 spec:
-  version: 8.16.1
+  version: {{version.stack}}
   nodeSets:
   - name: default
     count: 3
@@ -84,13 +84,13 @@ spec:
 
 This is ECK default behavior if you don’t specify any `affinity` option. To explicitly disable the default behavior, set an empty affinity object:
 
-```yaml
+```yaml subs=true
 apiVersion: elasticsearch.k8s.elastic.co/v1
 kind: Elasticsearch
 metadata:
   name: quickstart
 spec:
-  version: 8.16.1
+  version: {{version.stack}}
   nodeSets:
   - name: default
     count: 3
@@ -101,13 +101,13 @@ spec:
 
 The default affinity is using `preferredDuringSchedulingIgnoredDuringExecution`, which acts as best effort and won’t prevent an {{es}} node from being scheduled on a host if there are no other hosts available. Scheduling a 4-nodes {{es}} cluster on a 3-host Kubernetes cluster would then successfully schedule 2 {{es}} nodes on the same host. To enforce a strict single node per host, specify `requiredDuringSchedulingIgnoredDuringExecution` instead:
 
-```yaml
+```yaml subs=true
 apiVersion: elasticsearch.k8s.elastic.co/v1
 kind: Elasticsearch
 metadata:
   name: quickstart
 spec:
-  version: 8.16.1
+  version: {{version.stack}}
   nodeSets:
   - name: default
     count: 3
@@ -143,13 +143,13 @@ volumeBindingMode: WaitForFirstConsumer
 
 To restrict the scheduling to a particular set of Kubernetes nodes based on labels, use a [NodeSelector](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector). The following example schedules {{es}} Pods on Kubernetes nodes tagged with both labels `diskType: ssd` and `environment: production`.
 
-```yaml
+```yaml subs=true
 apiVersion: elasticsearch.k8s.elastic.co/v1
 kind: Elasticsearch
 metadata:
   name: quickstart
 spec:
-  version: 8.16.1
+  version: {{version.stack}}
   nodeSets:
   - name: default
     count: 3
@@ -162,13 +162,13 @@ spec:
 
 You can achieve the same (and more) with [node affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature):
 
-```yaml
+```yaml subs=true
 apiVersion: elasticsearch.k8s.elastic.co/v1
 kind: Elasticsearch
 metadata:
   name: quickstart
 spec:
-  version: 8.16.1
+  version: {{version.stack}}
   nodeSets:
   - name: default
     count: 3
@@ -217,15 +217,15 @@ The following example demonstrates how to use the `topology.kubernetes.io/zone`
 
 Note that by default ECK creates a `k8s_node_name` attribute with the name of the Kubernetes node running the Pod, and configures {{es}} to use this attribute. This ensures that {{es}} allocates primary and replica shards to Pods running on different Kubernetes nodes and never to Pods that are scheduled onto the same Kubernetes node. To preserve this behavior while making {{es}} aware of the availability zone, include the `k8s_node_name` attribute in the comma-separated `cluster.routing.allocation.awareness.attributes` list.
 
-```yaml
+```yaml subs=true
 apiVersion: elasticsearch.k8s.elastic.co/v1
 kind: Elasticsearch
 metadata:
   annotations:
     eck.k8s.elastic.co/downward-node-labels: "topology.kubernetes.io/zone"
   name: quickstart
 spec:
-  version: 8.16.1
+  version: {{version.stack}}
   nodeSets:
   - name: default
     count: 3
@@ -263,13 +263,13 @@ This example relies on:
 
 By combining [{{es}} shard allocation awareness](elasticsearch://reference/elasticsearch/configuration-reference/cluster-level-shard-allocation-routing-settings.md) with [Kubernetes node affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature), you can set up an {{es}} cluster with hot-warm topology:
 
-```yaml
+```yaml subs=true
 apiVersion: elasticsearch.k8s.elastic.co/v1
 kind: Elasticsearch
 metadata:
   name: quickstart
 spec:
-  version: 8.16.1
+  version: {{version.stack}}
   nodeSets:
   # hot nodes, with high CPU and fast IO
   - name: hot

@@ -16,14 +16,14 @@ The ECK operator can be run in an air-gapped environment without access to the o
 
 By default ECK does not require you to specify the container image for each {{stack}} application you deploy.
 
-```yaml
+```yaml subs=true
 apiVersion: elasticsearch.k8s.elastic.co/v1
 kind: Elasticsearch
 metadata:
   name: quickstart
 spec:
-  version: 8.16.1
-  # image: docker.elastic.co/elasticsearch/elasticsearch:8.16.1 // <1>
+  version: {{version.stack}}
+  # image: docker.elastic.co/elasticsearch/elasticsearch:{{version.stack}} // <1>
   nodeSets:
   - name: default
     count: 1
@@ -44,18 +44,30 @@ ECK will automatically set the correct container image for each application. Whe
 
 To deploy the ECK operator in an air-gapped environment, you first have to mirror the operator image itself from `docker.elastic.co` to a private container registry, for example `my.registry`.
 
-Once the ECK operator image is copied internally, replace the original image name `docker.elastic.co/eck/eck-operator:{{version.eck}}` with the private name of the image, for example `my.registry/eck/eck-operator:{{version.eck}}`, in the [operator manifests](../../../deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md). When using [Helm charts](../../../deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md), replace the `image.repository` Helm value with, for example, `my.registry/eck/eck-operator`.
+Once the ECK operator image is copied internally, replace the original image name with the private name of the image in the [operator manifests](../../../deploy-manage/deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md). For example:
+
+Before:
+```text subs=true
+docker.elastic.co/eck/eck-operator:{{version.eck}}
+```
+
+After:
+```text subs=true
+my.registry/eck/eck-operator:{{version.eck}}
+```
+
+When using [Helm charts](../../../deploy-manage/deploy/cloud-on-k8s/install-using-helm-chart.md), replace the `image.repository` Helm value with, for example, `my.registry/eck/eck-operator`.
 
 
 ## Override the default container registry [k8s-container-registry-override]
 
 When creating custom resources ({{eck_resources_list}}), the operator defaults to using container images pulled from the `docker.elastic.co` registry. If you are in an environment where external network access is restricted, you can configure the operator to use a different default container registry by starting the operator with the `--container-registry` command-line flag. Check [*Configure ECK*](../../../deploy-manage/deploy/cloud-on-k8s/configure-eck.md) for more information on how to configure the operator using command-line flags and environment variables.
 
-The operator expects container images to be located at specific repositories in the default container registry. Make sure that your container images are stored in the right repositories and are tagged correctly with the Stack version number. For example, if your private registry is `my.registry` and you wish to deploy components from Stack version 8.16.1, the following image names should exist:
+The operator expects container images to be located at specific repositories in the default container registry. Make sure that your container images are stored in the right repositories and are tagged correctly with the Stack version number. For example, if your private registry is `my.registry` and you wish to deploy components from Stack version {{version.stack}}, the following image names should exist:
 
-* `my.registry/elasticsearch/elasticsearch:8.16.1`
-* `my.registry/kibana/kibana:8.16.1`
-* `my.registry/apm/apm-server:8.16.1`
+* my.registry/elasticsearch/elasticsearch:{{version.stack}}
+* my.registry/kibana/kibana:{{version.stack}}
+* my.registry/apm/apm-server:{{version.stack}}
 
 
 ## Use a global container repository [k8s-container-repository-override]
@@ -64,9 +76,9 @@ If you cannot follow the default Elastic image repositories naming scheme, you c
 
 For example, if your private registry is `my.registry` and all Elastic images are located under the `elastic` repository, the following image names should exist:
 
-* `my.registry/elastic/elasticsearch:8.16.1`
-* `my.registry/elastic/kibana:8.16.1`
-* `my.registry/elastic/apm-server:8.16.1`
+* my.registry/elastic/elasticsearch:{{version.stack}}
+* my.registry/elastic/kibana:{{version.stack}}
+* my.registry/elastic/apm-server:{{version.stack}}
 
 
 ## ECK Diagnostics in air-gapped environments [k8s-eck-diag-air-gapped]

@@ -19,14 +19,14 @@ You can upgrade the Beat version or change settings by editing the YAML specific
 
 The Beat configuration is defined in the `config` element:
 
-```yaml
+```yaml subs=true
 apiVersion: beat.k8s.elastic.co/v1beta1
 kind: Beat
 metadata:
   name: quickstart
 spec:
   type: heartbeat
-  version: 8.16.1
+  version: {{version.stack}}
   elasticsearchRef:
     name: quickstart
   config:
@@ -44,14 +44,14 @@ spec:
 
 Alternatively, it can be provided through a Secret specified in the `configRef` element:
 
-```yaml
+```yaml subs=true
 apiVersion: beat.k8s.elastic.co/v1beta1
 kind: Beat
 metadata:
   name: heartbeat-quickstart
 spec:
   type: heartbeat
-  version: 8.16.1
+  version: {{version.stack}}
   elasticsearchRef:
     name: quickstart
   configRef: