Elastic Cloud Enterprise 3.3.0edit

The following changes are included in this release.


Add support for Podman. ECE now supports using Podman as a container runtime on your hosts using RHEL 8.5 and higher. To learn how to migrate an existing platform to a Podman-based environment, check Migrate ECE to Podman hosts.

Add type parameter and more validation to DirectTrustRelationship. DirectTrustRelationships now take an optional type parameter which enables use case specific validation and supports a more guided experience in the user interface.

Allow xpack.security.authc.realms.jwt settings. Adds support for the beta JWT realm for Elasticsearch authentication.


Add uid to direct trusts. Direct trusts now have a uid field. This field is generated automatically upon creation and allows unique resource addressing without relying on index as well as distinguishing between updates and inserts.

Reset the stack version of stateless resources when they are being re-enabled. Explicitly reset the version of a stateless resource (APM, Kibana, Enterprise Search) when re-enabling the resource on the Deployment edit page. Previously, these resources would be re-enabled using the version they were last running on. This blocked further changes when the Elasticsearch resource had been upgraded to different major version (for example 7.x to 8.x).

Replace watcheralert.found.io references with alerts.elastic.co. Changes the email address references for watcher alert emails from watcheralert.found.io to alerts.elastic.co.

Allow monitoring to be shipped to a deployment running the next major version. Allow logs and metrics to be shipped to deployments running the next major version via the UI. For example, a 7.x deployment can now be configured to ship monitoring data to an 8.x deployment.

In runner’s reference.conf, set notification-email-from to Watcher Alert <noreply@alerts.elastic.co>` by default. Changes the email address that’s used as sender for the Watcher alert emails from noreply@watcher.elastic-cloud.co to noreply@alerts.elastic.co. The change will apply to newly created deployments and when applying a plan to existing deployments.

Change sender address for Kibana alerts. Changes the email address that’s used as sender for Kibana alert emails from alerts-noreply@elastic.co to noreply@alerts.elastic.co. The change will apply to newly created deployments and when applying a plan to existing deployments.

Don’t show the APM secret token when APM is in managed mode. Stop showing the APM secret token when APM is managed by the Elastic Agent. Instead link through to the Fleet UI containing the secret token.

Don’t check the upgrade rules when re-enabling a terminated stateless resource. Stop enforcing upgrade rules when re-enabling stateless resources. For example, allow APM to be re-enabled on 8.2 if it was disabled on 7.14.

Remove CSV maxSizeBytes allowlist cap for 7.15+. Allow xpack.reporting.csv.maxSizeBytes allowlisting to exceed 50MB for cluster versions 7.15+, since it is chunked now.

Switch ECE scala-services to log as JSON. ECE services now log as JSON format.

Allow configuring Crawler content extraction settings. In version 8.3, the crawler in Enterprise Search adds new settings related to content extraction.

Warning when keystore entry is suspected to be invalid. In order to prevent invalid entries to the keystore that might cause all future plan changes to fail, we’ve added a list of well known keys that are expected to work, and validates the user-entered keystore entries against this list.

In case a key is not on the list of well known keys, the UI now issues a warning, provides some extra details on how secure settings work, and also asks the user to confirm that the setting might prevent future plan changes and may put the availability of their clusters at risk.

Reject requests to restart stopped deployment resources not running the same major stack version. Block requests to restart stopped stateless resources when they are not configured with the same major stack version as the Elasticsearch resource.

Beats upgrade to 7.17.1. Filebeat and Metricbeat shipping logs and metrics to the logging-and-metrics cluster in Elastic Cloud Enterprise are upgraded from 7.12 to 7.17.

Fix structured logging exceptions to comply with ECS. Changes the structured logging format to be Elastic Common Schema (ECS) compliant. Changes exception to error and class_name to type.

Disable and enable applications from the deployment Edit page only. You can no longer terminate and then restart a terminated non-Elasticsearch application (Enterprise Search, Integrations Server, Kibana, APM & Fleet) from the application page when administering a deployment. Instead, you can go to the Edit page of the deployment to disable or re-enable these same applications.

Update Kibana reporting settings. Some reporting settings have been renamed in Kibana. You may refer to these settings by their new name. The change is backwards compatible so that either path may be used.

Allow Kibana elasticsearch.compression setting. For version 8.3 and higher of the stack, it is now possible to enable compression for communications between Kibana and Elasticsearch by using the elasticsearch.compression setting of the Kibana configuration.

Update deployment hardware profile from the UI. You can now migrate a deployment to a different hardware profile from the Edit page of a deployment.


Deprecate Deployment Notes API. The ECE Deployments Notes API has been deprecated and will be removed in a future version of ECE. Use the Comments API instead.

Bug fixesedit

Summary sidebar gets squashed when scrolling. When editing a deployment the summary sidebar gets squashed when scrolling down the page.

In beats-runner’s filebeat config, set ece.component of Kibana audit logs to kibana. Fixes the ece.component in documents representing Kibana audit logs ingested in the logging-and-metrics cluster.

Handle lack of Kibana in template loading. Templates without Kibana should no longer cause certain pages to hang in ECE.

Fetch frozen tier node stats by instance name instead of service ID. Display the searchable object storage on frozen tier nodes more reliably in the deployment overview.

Don’t show active deployments as deleted in trust management settings. Fixes an issue where trusting more than one specific deployment would show those deployments as (deleted) in the deployment trust UI.

Add trafficFilter bypass token to all proxied requests. Fixes an issue where deployments with traffic filters configured were unable to label their master node on the UI.