Operator-only functionality

Operator-only functionality

This feature is designed for indirect use by Elasticsearch Service, Elastic Cloud Enterprise, and Elastic Cloud on Kubernetes. Direct use is not supported.

Operator privileges provide protection for APIs and dynamic cluster settings. Any API or cluster setting that is protected by operator privileges is known as operator-only functionality. When the operator privileges feature is enabled, operator-only APIs can be executed only by operator users. Likewise, operator-only settings can be updated only by operator users. The list of operator-only APIs and dynamic cluster settings are pre-determined in the codebase. The list may evolve in future releases but it is otherwise fixed in a given Elasticsearch version.

Operator-only APIs

• Voting configuration exclusions
• Delete license
• Update license
• Create or update autoscaling policy
• Delete autoscaling policy
• Create or update desired nodes
• Get desired nodes
• Delete desired nodes
• Get desired balance
• Reset desired balance

Operator-only dynamic cluster settings

• All IP filtering settings

• The following dynamic machine learning settings:

  • xpack.ml.node_concurrent_job_allocations
  • xpack.ml.max_machine_memory_percent
  • xpack.ml.use_auto_machine_memory_percent
  • xpack.ml.max_lazy_ml_nodes
  • xpack.ml.process_connect_timeout
  • xpack.ml.nightly_maintenance_requests_per_second
  • xpack.ml.max_ml_node_size
  • xpack.ml.enable_config_migration
  • xpack.ml.persist_results_max_retries

• The cluster.routing.allocation.disk.threshold_enabled setting

• The following recovery settings for managed services:

  • node.bandwidth.recovery.operator.factor
  • node.bandwidth.recovery.operator.factor.read
  • node.bandwidth.recovery.operator.factor.write
  • node.bandwidth.recovery.operator.factor.max_overcommit