elastic · eedugon · Mar 18, 2025 · Mar 18, 2025 · Mar 18, 2025 · Mar 18, 2025
@@ -29,6 +29,8 @@ Additionally, the following topics apply to both {{es}} and {{kib}}, and in some
 
 ECK also facilitates configuration and operation activities with advanced features, such as:
 
+* [**Secure settings**](/deploy-manage/security/k8s-secure-settings.md): Configure {{es}} and {{kib}} keystore settings through Kubernetes secrets.
+
 * [**Elastic Stack configuration policies**](elastic-stack-configuration-policies.md): Organize your {{es}} and {{kib}} configuration settings through `StackConfigPolicy` resources that can be referenced within your deployments. This helps to keep your manifests simplified.
 
 ::::{important}

@@ -27,7 +27,7 @@ The following guides cover common ECK configuration tasks:
 
 * [Service meshes](./service-meshes.md): Connect ECK and managed Elastic Stack applications to some of the most popular [service mesh](https://www.cncf.io/blog/2017/04/26/service-mesh-critical-component-cloud-native-stack/) implementations in the Kubernetes ecosystem.
 
-* [Network policies](./network-policies.md): Use [Kubernetes network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) to isolate pods by restricting incoming and outgoing network connections to a trusted set of sources and destinations.
+* [Network policies](./../../security/k8s-network-policies.md): Use [Kubernetes network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) to isolate pods by restricting incoming and outgoing network connections to a trusted set of sources and destinations.
 
 * [](./webhook-namespace-selectors.md): Restrict the namespaces that the validation webhook applies to, allowing multiple operators to coexist efficiently in the same cluster.
 

@@ -35,7 +35,7 @@ Starting from ECK `2.6.1` and Elasticsearch `8.6.1`, Elastic Stack configuration
 Additionally with ECK `2.11.0` it is possible to configure Kibana as well using Elastic Stack configuration policies, the following settings can be configured for Kibana:
 
 * [Kibana Configuration](kibana://reference/configuration-reference/general-settings.md) (configuration settings for Kibana that will go into `kibana.yml`)
-* [Kibana Secure Settings](k8s-kibana-secure-settings.md)
+* [Kibana Secure Settings](../../security/k8s-secure-settings.md)
 
 A policy can be applied to one or more Elasticsearch clusters or Kibana instances in any namespace managed by the ECK operator. Configuration policy settings applied by the ECK operator are immutable through the Elasticsearch REST API. It is currently not allowed to configure an Elasticsearch cluster or Kibana instance with more than one policy.
 
@@ -65,7 +65,7 @@ At least one of `spec.elasticsearch` or `spec.kibana` needs to be defined with a
 * `spec.kibana` describes the settings to configure for Kibana.
 
     * `config` are the settings that go into the `kibana.yml` file.
-    * `secureSettings` is a list of Secrets containing Secure Settings to inject into the keystore(s) of the Kibana instance(s) to which this policy applies, similar to the [Kibana Secure Settings](k8s-kibana-secure-settings.md).
+    * `secureSettings` is a list of Secrets containing Secure Settings to inject into the keystore(s) of the Kibana instance(s) to which this policy applies, similar to the [Kibana Secure Settings](../../security/k8s-secure-settings.md).
 
 
 The following fields are optional:

@@ -22,6 +22,7 @@ Before deploying and running ECK in production, review the basic and advanced se
 * [Node configuration](node-configuration.md): Configure the `elasticsearch.yml` of your {{es}} nodes.
 * [Volume claim templates](volume-claim-templates.md): Configure storage in your {{es}} nodes.
 * [Virtual memory](virtual-memory.md): Methods to accomplish {{es}} virtual memory system configuration requirement.
+* [Secure settings](/deploy-manage/security/k8s-secure-settings.md): Configure the {{es}} keystore through Kubernetes secrets.
 * [Settings managed by ECK](settings-managed-by-eck.md): List of {{es}} settings that you shouldn't update.
 * [Custom configuration files and plugins](custom-configuration-files-plugins.md): Add extra configuration files or install plugins to your {{es}} nodes.
 * [Init containers for plugin downloads](init-containers-for-plugin-downloads.md): Use Kubernetes init containers to install plugins before starting {{es}}.
@@ -38,7 +39,7 @@ Before deploying and running ECK in production, review the basic and advanced se
 ## TLS/SSL Certificates
 
 * [Secure HTTP communications](/deploy-manage/security/secure-http-communications.md): Customize the service and TLS certificates used for transport traffic.
-* [Transport settings](transport-settings.md): Customize the service and TLS certificates used for transport traffic.
+* [Transport settings](../../security/k8s-transport-settings.md): Customize the service and TLS certificates used for transport traffic.
 
 ## Traffic handling
 
@@ -48,8 +49,6 @@ Before deploying and running ECK in production, review the basic and advanced se
 
 Other sections of the documentation also include relevant configuration options for your {{es}} cluster:
 
-* [Secure settings](/deploy-manage/security/secure-settings.md)
-
 * [Users and roles](/deploy-manage/users-roles.md)
 
 * [Snapshots](../../tools/snapshot-and-restore/cloud-on-k8s.md)

@@ -13,7 +13,7 @@ If you already looked at the [Elasticsearch on ECK](elasticsearch-configuration.
 * [Customize the Pod configuration](#k8s-kibana-pod-configuration)
 * [Customize the product configuration](#k8s-kibana-configuration)
 * [Manage HTTP settings](/deploy-manage/security/secure-http-communications.md#k8s-kibana-http-configuration)
-* [Use secure settings](k8s-kibana-secure-settings.md)
+* [Use secure settings](../../security/k8s-secure-settings.md)
 * [Install {{kib}} plugins](k8s-kibana-plugins.md)
 
 ## Pod configuration [k8s-kibana-pod-configuration]
@@ -97,7 +97,7 @@ kubectl get secret my-kibana-kb-config -o jsonpath='{ .data.kibana\.yml }' | bas
 ::::
 
 
-You can provide your own encryption keys using a secure setting, as described in [Secure settings](k8s-kibana-secure-settings.md).
+You can provide your own encryption keys using a secure setting, as described in [Secure settings](../../security/k8s-secure-settings.md).
 
 ::::{note}
 While most reconfigurations of your {{kib}} instances are carried out in rolling upgrade fashion, all version upgrades will cause {{kib}} downtime. This happens because you can only run a single version of {{kib}} at any given time. For more information, check [Upgrade {{kib}}](/deploy-manage/upgrade/deployment-or-cluster.md).

@@ -47,7 +47,7 @@ Refer to [*Connect to external Elastic resources*](connect-to-external-elastic-r
 
 ## Using secure settings [k8s_using_secure_settings]
 
-For example, use the [secure settings](k8s-kibana-secure-settings.md) mechanism to securely store the default `elastic` user’s `$PASSWORD` credential of the external {{es}} cluster as set under [Deploy an {{es}} cluster](elasticsearch-deployment-quickstart.md):
+For example, use the [secure settings](../../security/k8s-secure-settings.md) mechanism to securely store the default `elastic` user’s `$PASSWORD` credential of the external {{es}} cluster as set under [Deploy an {{es}} cluster](elasticsearch-deployment-quickstart.md):
 
 ```shell
 kubectl create secret generic kibana-elasticsearch-credentials --from-literal=elasticsearch.password=$PASSWORD

@@ -21,7 +21,7 @@ The following sections describe how to customize a {{kib}} deployment to suit yo
     * [{{kib}} Configuration](k8s-kibana-advanced-configuration.md#k8s-kibana-configuration)
     * [Scaling out a {{kib}} deployment](k8s-kibana-advanced-configuration.md#k8s-kibana-scaling)
 
-* [Secure settings](k8s-kibana-secure-settings.md)
+* [Secure settings](../../security/k8s-secure-settings.md#k8s-kibana-secure-settings)
 * [HTTP Configuration](/deploy-manage/security/secure-http-communications.md#k8s-kibana-http-configuration)
 
     * [Load balancer settings and TLS SANs](/deploy-manage/security/secure-http-communications.md#k8s-kibana-http-publish)