Elastic Cloud Enterprise 2.11.0edit

Release highlightsedit

Fleet Server is now GA and supported on Elastic Cloud Enterprise. As part of the Elastic Stack 7.14 release, Fleet server is now generally available. Fleet Server lets you centrally manage an entire fleet of Elastic Agents from within Kibana.

You are required to upgrade to this ECE version to use the Fleet GA version that is included in the APM Server component. To learn more, check Manage your APM & Fleet Server.

The following changes are included in this release.


Display storage for all data nodes. The Create a deployment page now displays the amount of storage to be allocated to each data tier.

Make costs APIs available. Exposes the costs analysis API, a set of endpoints to fetch costs by organization.

  • GET /billing/costs/{organization-id}?from=start_date&to=end_date to fetch costs overview for the current organization.
  • GET /billing/costs/{organization-id}/deployments?from=start_date&to=end_date to fetch deployments costs for the current organization.
  • GET /billing/costs/{organization-id}/items?from=start_date&to=end_date to fetch itemized costs for the current organization.
  • GET /billing/costs/{organization-id}/deployments/{deployment-id}/items?from=start_date&to=end_date to fetch itemized costs by deployment.

Depending on the role of the user consuming those APIs, end-user or administrator, the APIs allow them to fetch the costs of their own organization only or any organizations, respectively.

New create deployment experience. Removed the step to select different templates when creating a deployment and enhanced the overall deployment creation user experience.


Rework conditional logic for ValidateEnoughDiskSpace. The step "Validating disk space" will not show up as often in the plan activity log for plans which do not downsize the cluster.

Force new Kibana instance if the deployment alias changes. Restart Kibana when the deployment alias is changed. This is to make sure the server.publicBaseUrl setting in Kibana is picked up on changes to the deployment alias.

Set server.publicBasePath for every Kibana deployment. Every cloud deployment of Kibana will have the setting server.publicBasePath automatically configured to the URL of Kibana.

Rework conditional logic for EnsureCleanAllocationsStep. The step "Ensuring valid shard allocation rules are present" will not run as often during plans when it doesn’t need to.

[ZK History pruning] Stale attempts detection and autocleaning. Adds a mechanism by which plan attempts entries older than 30 days (this age can be changed through the STALE_ATTEMPTS_AGE constructor service environment variable) will be deleted upon plan changes as long as they are not the last train of failed old attempts or the last old successful attempt.

Rework conditional logic for RunIndexCuration. The step "Running index curation" will not run during plans as often when it does not need to.

Enable data pipeline logging on director. Director service logs are now shipped to the logging-and-metrics cluster.

Rework conditional logic for ApplyCurationSettings. The step "Applying index curation settings" will not run as often when it does not need to.

Adding monitoring.cluster_alerts.allowedSpaces to Kibana settings. Allows users to restrict which spaces the auto generated cluster alerts are created in for Elastic Stack monitoring.

Add Kibana ECS audit settings. Adds support for the new Kibana ECS audit logging settings.

Support Enterprise Search with on-demand heap dump capture. Extended on-demand heap dump capture to Enterprise Search instances.

Change the default overcommit to 1.0. ECE no longer overcommits CPU resources to hosted applications, to improve the performance predictability of those applications.

Improvements in vacate performance. Improves the performance of moving instances off an allocator by consolidating resource fetching and parallelizing resources.

Support validate_only in deployment template endpoints. This PR adds a validate_only parameter to the deployment template endpoints, allowing the user to validate a create or update request, without actually making any changes.

Make WaitForIndexCurationLock step optional. The step "Wait for index curation lock" will no longer run during plans where index curation will not be performed.

Extend ConfigSettingsService to configure Enterprise Search setting. A new Enterprise Search setting kibana.external_url is added. This setting is used by Enterprise Search to link to the Kibana instance in the same deployment.

Skip some validation steps if not removing data nodes. Plans for clusters that are unhealthy, with red shards, will no longer fail during validation. This only applies if the plan does not remove any data nodes, unless the cluster has no master. This will make it easier to run rolling or scale-up plans to resolve cluster issues without using the override_failsafe option.

Improved create deployment waiting experience. Simplified the user experience while a new deployment is being created.

Download heap dumps Allocator API. Adds API for downloading heap dumps directly from allocator.

  • GET /api/<clustertype>/<clusterid>/instances/<instanceid>/heap_dump returns details about an existing heap dump on disk
  • GET /api/<clustertype>/<clusterid>/instances/<instanceid>/heap_dump/_download returns the binary heap dump file

Adjust internal cert expirations. Changes the default certificate expiration to 10 years for internal services, including client forwarders and Elasticsearch nodes. Leaves a 398 day expiration for user-facing certificates, including those for the cloud UI and the adminconsole stunnels.

Bug fixesedit

Use validated deployment alias for ConfigSettingsService. Updates server.publicBaseUrl when removing the alias from a deployment.

Tolerate absent awareness.attributes. Fixed a bug that would cause plans to fail if an Elasticsearch cluster had transient awareness settings without specific attributes set.

Show "Delete APM" only once during a plan change. After removing Enterprise Search or APM from a deployment, they would continue to appear in the UI plan summary in subsequent plan changes, making it unclear if they had been removed from the deployment.

Limit master instances to 1 node per zone. Fixed a bug that allowed more than one dedicated master node in a zone.

Fix move instance validation performance issue. Fixed a performance issue that occurred when moving instances are validated.

Frozen autoscaling size display. Fixed the display of searchable storage sizing for frozen tiers, when autoscaling is turned on.

Display frozen tier usage as MB. Fixed a unit conversion bug where the number of bytes was shown as the number of megabytes for frozen tier usage.

Remove StatelessIPTablesPublisher. Removed the IP Tables Publisher. The publisher can result in resource leaks in the allocator which could cause instability in the allocator.


Deprecating the CPU factor deployment setting. The CPU factor setting was used to provide a deployment with more CPU resources than it was entitled to, based on its relative size. This could lead to inconsistent and unpredictable behavior since it depends on how many other instances are running on the same host. We are deprecating support for the CPU factor setting and we will completely remove support for this setting in the future and will instead use a factor of 1.0 in all deployments. You can set the hard_limit to false if you would like the operating system to allocate more CPU resources when possible.

Deprecating CORS handling by the proxy. We will deprecate handling of Cross-Origin Resource Sharing (CORS) headers by the proxy in ECE 3.0. These will be handled by the deployment components such as Elasticsearch, Kibana, and others. in ECE 2.12, we will provide a migration script with instructions to migrate the CORS handling to the deployment components.


Clarify anonymous user policy information. We’ve updated the upgrade documentation to indicate that anonymous user access is disabled by default in Elasticsearch versions 7.10 and higher. If your use-case involves unauthenticated access, you can enable this user by adding the xpack.security.authc.anonymous setting to the elasticsearch.yml file. For details, check enabling anonymous access.