Update breaking changes in 1.1.0 (#3061) (#3071)

* Update breaking changes in 1.1.0

* Update docs/release-notes/highlights-1.1.0.asciidoc

Co-authored-by: Anya Sabo <[email protected]>

Co-authored-by: Anya Sabo <[email protected]>

Co-authored-by: Anya Sabo <[email protected]>

Author: charith-elastic

docs/release-notes/1.1.0.asciidoc

@@ -9,6 +9,7 @@
 === Breaking changes
 
 * Remove operator roles {pull}2530[#2530]
+* Make readiness probes independent of the host/container network {pull}2528[#2528]
 * Name container ports according to protocol {pull}2498[#2498] (issue: {issue}2483[#2483])
 
 
@@ -40,7 +41,6 @@
 * ECK dump: export controller revisions {pull}2538[#2538]
 * Add operator flag to define default container registry {pull}2537[#2537]
 * Rename log.logger to event.dataset as recommended in ECS {pull}2534[#2534]
-* Make readiness probes independent of the host/container network {pull}2528[#2528]
 * Bump controller-tools {pull}2497[#2497] (issue: {issue}2490[#2490])
 * Extend cluster-wide rbac roles for elastic crds {pull}2495[#2495]
 * Control associations across namespaces with ServiceAccount and RBAC {pull}2482[#2482]

docs/release-notes/highlights-1.1.0.asciidoc

@@ -65,6 +65,58 @@ The concept of `global` and `namespace` operator roles no longer exists, and as
 
 Container ports of managed resources are now named according to the protocol (`https` for TLS enabled ports and `http` for TLS disabled ports). Previously they were named `http` regardless of the protocol being used. If you have any configurations that refer to the container ports by name (Ingress configurations, for example), review those to ensure that they use the correct name. One option may be to temporarily change to targeting the port number (e.g. `9200` for Elasticsearch), rather than the name, before updating ECK. Once the container port is updated to the new name, you can change to targeting the port name again.
 
+[float]
+[id="{p}-110-breaking-readiness-probe"]
+==== Readiness probe change for Kibana and APM Server
+
+Default readiness probes generated by the operator for Kibana and APM Server resources have changed from HTTP GET actions to exec actions. This is to accommodate environments where host-to-pod communication is restricted for security reasons. This change will affect ingress resources that are used to expose Kibana or APM Server, as some ingress controllers re-purpose the pod readiness probe as a health check. If you are unable to access Kibana or APM Server through the ingress after upgrading to ECK 1.1.0, override the readiness probe definitions as follows:
+
+.Kibana
+[source,yaml,subs="attributes"]
+----
+apiVersion: kibana.k8s.elastic.co/{eck_crd_version}
+kind: Kibana
+metadata:
+  name: quickstart
+spec:
+  version: {version}
+  count: 1
+  elasticsearchRef:
+    name: quickstart
+  podTemplate:
+    spec:
+      containers:
+        - name: kibana
+          readinessProbe:
+            httpGet:
+              scheme: HTTPS
+              path: "/login"
+              port: 5601
+----
+
+.APM Server
+[source,yaml,subs="attributes"]
+----
+apiVersion: apm.k8s.elastic.co/{eck_crd_version}
+kind: ApmServer
+metadata:
+  name: quickstart
+spec:
+  version: {version}
+  count: 1
+  elasticsearchRef:
+    name: quickstart
+  podTemplate:
+    spec:
+      containers:
+        - name: apm-server
+          readinessProbe:
+            httpGet:
+              scheme: HTTPS
+              path: "/"
+              port: 8200
+----
+
 [float]
 [id="{p}-110-security"]
 === Security Advisory