Release highlightsedit

Elasticsearch Service is now available in the GCP region Seoul (asia-northeast3). You can select the new region when you create new deployments. To learn more about what access different regions support, see Elasticsearch Service regions.

The following changes are included in this release.

Featuresedit

Allow APM and fleet server for agent. Agent supports APM to allow upgrades from legacy to managed.

Enhancementsedit

Validate deployment against template min-version. Additional API validation: Ensure that the stack version used in the deployment is at least the minimum version required by the deployment template.

Adjust internal certificate expirations. Changed the default certificate expiration to 10 years for internal services, including client forwarders and ES nodes. Leaves a 398 day expiration for user-facing certificates, including those for the cloud UI and adminconsole stunnels.

Improve output of PreInstanceRemovalSafetyChecks. Improved details on activity page when the step "Making sure it is safe to remove instances from the cluster" fails.

Validate deployment templates: Check referenced observability deployment and snapshot repository. Added validations when creating and updating deployment templates: - Observability settings: Make sure the referenced deployments for logging and metrics exist. - Snapshot repository settings: Make sure the referenced snapshot repository name is configured.

Record boot failures. It is now possible to detect boot failure patterns from the Elasticsearch boot log.

Bug fixesedit

Fix a bug in ApplyMonitoringConfig. Fixes a bug that could cause monitoring configuration to not be applied after a major version upgrade.

Fix plan attempt. Fixes bug in the UI by which new plan attempts would be occasionally incorrectly rendered.

Propagate custom headers to Elastic agent. The fleet-setup configuration is modified so that these headers are propagated to the Elastic agent, similarly to what happens for APM.

Docssedit

Add anonymous user policy info to ESS documentation. We’ve updated the security and upgrade documentation to indicate that anonymous user access is disabled by default in Elasticsearch versions 7.10 and higher. If your use-case involves unauthenticated access, you can enable this user by adding the xpack.security.authc.anonymous setting to the elasticsearch.yml file. For details, refer to enabling anonymous access.

[Alerting] Updating docs and adding task manager monitoring configuration.