2.8.0 release highlights

New and notable changes in version 2.8.0 of Elastic Cloud on Kubernetes. Check Elastic Cloud on Kubernetes version 2.8.0 for the full list of changes.

ECK 2.8.0 includes a technical preview for Logstash support, introducing a new Custom Resource Definition (CRD) and controller to easily deploy and orchestrate Logstash on Kubernetes. The technical preview includes support for defining pipelines (with dynamic individual pipeline reload), integrating with Elasticsearch instances, and stack monitoring configuration from within the CRD.

Refer to the Quickstart for more information.

The default SecurityContext of the Elasticsearch containers has been hardened, it includes the following specification by default:

securityContext:
  allowPrivilegeEscalation: false
  privileged: false
  readOnlyRootFilesystem: true

For Elasticsearch versions above 8.0.0 the container’s SecurityContext also include the following capabilities settings:

securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL
  privileged: false
  readOnlyRootFilesystem: true

Starting with Elasticsearch 8.8.0, runAsNonRoot is also set to true:

securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL
  privileged: false
  readOnlyRootFilesystem: true
  runAsNonRoot: true

It is now possible to fully delegate the generation of the transport certificates used by the Elasticsearch nodes. Refer to Issue node transport certificates with third-party tools for more information about the requirements as well as some examples using the cert-manager csi-driver and trust-manager projects.

Before ECK 2.8.0 the base_path setting was overridden by the operator in order to avoid conflicts. The value provided for this setting is now always used when provided. Refer to Specifics for snapshot repositories for more details.