elastic
diff --git a/‎config/serverless.oblt.yml‎
Lines changed: 1 addition & 0 deletions b/‎config/serverless.oblt.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/settings/alert-action-settings.asciidoc‎
Lines changed: 17 additions & 18 deletions b/‎docs/settings/alert-action-settings.asciidoc‎
Lines changed: 17 additions & 18 deletions
diff --git a/‎docs/setup/settings.asciidoc‎
Lines changed: 1 addition & 1 deletion b/‎docs/setup/settings.asciidoc‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/core/root/core-root-server-internal/src/bootstrap.test.mocks.ts‎
Lines changed: 25 additions & 0 deletions b/‎packages/core/root/core-root-server-internal/src/bootstrap.test.mocks.ts‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎packages/core/root/core-root-server-internal/src/bootstrap.test.ts‎
Lines changed: 61 additions & 0 deletions b/‎packages/core/root/core-root-server-internal/src/bootstrap.test.ts‎
Lines changed: 61 additions & 0 deletions
diff --git a/‎packages/core/root/core-root-server-internal/src/bootstrap.ts‎
Lines changed: 44 additions & 2 deletions b/‎packages/core/root/core-root-server-internal/src/bootstrap.ts‎
Lines changed: 44 additions & 2 deletions
diff --git a/‎packages/core/root/core-root-server-internal/src/register_service_config.ts‎
Lines changed: 2 additions & 0 deletions b/‎packages/core/root/core-root-server-internal/src/register_service_config.ts‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎packages/core/root/core-root-server-internal/src/root/serverless_config.ts‎
Lines changed: 34 additions & 0 deletions b/‎packages/core/root/core-root-server-internal/src/root/serverless_config.ts‎
Lines changed: 34 additions & 0 deletions
@@ -1 +1,2 @@
+uiSettings.overrides.defaultRoute: /app/observability/overview
 xpack.infra.logs.app_target: discover
@@ -1,10 +1,14 @@
-[role="xpack"]
 [[alert-action-settings-kb]]
-=== Alerting and action settings in {kib}
+== Alerting and action settings in {kib}
 ++++
 <titleabbrev>Alerting and action settings</titleabbrev>
 ++++
 
+:description: Learn about the settings that affect {kib} {alert-features}.
+:tags-products: [kibana, alerting]
+:tags-content-type: [reference]
+:tags-user-goals: [configure]
+
 Alerting and actions are enabled by default in {kib}, but require you to configure the following:
 
 . <<using-kibana-with-security,Set up {kib} to work with {stack} {security-features}>>.
@@ -15,7 +19,7 @@ You can configure the following settings in the `kibana.yml` file.
 
 [float]
 [[general-alert-action-settings]]
-==== General settings
+=== General settings
 
 `xpack.encryptedSavedObjects.encryptionKey`::
 A string of 32 or more characters used to encrypt sensitive properties on alerting rules and actions before they're stored in {es}. Third party credentials &mdash; such as the username and password used to connect to an SMTP service &mdash; are an example of encrypted properties.
@@ -29,7 +33,7 @@ Be sure to back up the encryption key value somewhere safe, as your alerting rul
 
 [float]
 [[action-settings]]
-==== Action settings
+=== Action settings
 
 `xpack.actions.allowedHosts` {ess-icon}::
 A list of hostnames that {kib} is allowed to connect to when built-in actions are triggered. It defaults to `[*]`, allowing any host, but keep in mind the potential for SSRF attacks when hosts are not explicitly added to the allowed hosts. An empty list `[]` can be used to block built-in actions from making any external connections.
@@ -71,7 +75,7 @@ xpack.actions.customHostSettings:
     ssl:
       verificationMode: 'none'
 --
-
++
 The settings in `xpack.actions.customHostSettings` can be used to override the
 global option `xpack.actions.ssl.verificationMode` and provide customized TLS
 settings on a per-server basis. Set `xpack.actions.ssl.verificationMode` to the
@@ -107,7 +111,7 @@ The options `smtp.ignoreTLS` and `smtp.requireTLS` can not both be set to true.
 Default: `false`.
 
 `xpack.actions.customHostSettings[n].ssl.rejectUnauthorized`::
-Deprecated. Use <<action-config-custom-host-verification-mode,`xpack.actions.customHostSettings.ssl.verificationMode`>> instead. A boolean value indicating whether to bypass server certificate validation.
+deprecated:[8.0.0] Use <<action-config-custom-host-verification-mode,`xpack.actions.customHostSettings.ssl.verificationMode`>> instead. A boolean value indicating whether to bypass server certificate validation.
 Overrides the general `xpack.actions.rejectUnauthorized` configuration
 for requests made for this hostname/port.
 
@@ -127,7 +131,7 @@ the files cannot be made available.
 
 [[action-config-email-domain-allowlist]] `xpack.actions.email.domain_allowlist`  {ess-icon}::
 A list of allowed email domains which can be used with the email connector. When this setting is not used, all email domains are allowed. When this setting is used, if any email is attempted to be sent that (a) includes an addressee with an email domain that is not in the allowlist, or (b) includes a from address domain that is not in the allowlist, it will fail with a message indicating the email is not allowed.
-
++
 WARNING: This feature is available in {kib} 7.17.4 and 8.3.0 onwards but is not supported in {kib} 8.0, 8.1 or 8.2. As such, this setting should be removed before upgrading from 7.17 to 8.0, 8.1 or 8.2. It is possible to configure the settings in 7.17.4 and then upgrade to 8.3.0 directly.
 
 `xpack.actions.enableFooterInEmail` {ess-icon}::
@@ -160,8 +164,6 @@ proxy in tunneling mode, and display some of the interaction between the client
 --
 curl --verbose --proxytunnel --proxy http://localhost:8080 http://example.com
 --
-+
-
 
 `xpack.actions.proxyBypassHosts` {ess-icon}::
 Specifies hostnames which should not use the proxy, if using a proxy for actions. The value is an array of hostnames as strings.  By default, all hosts will use the proxy, but if an action's hostname is in this list, the proxy will not be used.  The settings `xpack.actions.proxyBypassHosts` and `xpack.actions.proxyOnlyHosts` cannot be used at the same time.
@@ -173,14 +175,14 @@ Specifies hostnames which should only use the proxy, if using a proxy for action
 Specifies HTTP headers for the proxy, if using a proxy for actions. Default: {}.
 
 `xpack.actions.proxyRejectUnauthorizedCertificates` {ess-icon}::
-Deprecated. Use <<action-config-proxy-verification-mode,`xpack.actions.ssl.proxyVerificationMode`>> instead. Set to `false` to bypass certificate validation for the proxy, if using a proxy for actions. Default: `true`.
+deprecated:[8.0.0] Use <<action-config-proxy-verification-mode,`xpack.actions.ssl.proxyVerificationMode`>> instead. Set to `false` to bypass certificate validation for the proxy, if using a proxy for actions. Default: `true`.
 
 [[action-config-proxy-verification-mode]]`xpack.actions.ssl.proxyVerificationMode` {ess-icon}::
 Controls the verification for the proxy server certificate that Kibana receives when making an outbound SSL/TLS connection to the proxy server. Valid values are `full`, `certificate`, and `none`.
 Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. Default: `full`. <<elasticsearch-ssl-verificationMode,Equivalent {kib} setting>>.
 
 `xpack.actions.rejectUnauthorized` {ess-icon}::
-Deprecated. Use <<action-config-verification-mode,`xpack.actions.ssl.verificationMode`>> instead. Set to `false` to bypass certificate validation for actions. Default: `true`.
+deprecated:[8.0.0] Use <<action-config-verification-mode,`xpack.actions.ssl.verificationMode`>> instead. Set to `false` to bypass certificate validation for actions. Default: `true`.
 +
 As an alternative to setting `xpack.actions.rejectUnauthorized`, you can use the setting
 `xpack.actions.customHostSettings` to set SSL options for specific servers.
@@ -206,9 +208,8 @@ For example, `20m`, `24h`, `7d`, `1w`. Default: `60s`.
 Specifies the maximum number of times an action can be attempted to run. Can be minimum 1 and maximum 10.
 
 `xpack.actions.run.connectorTypeOverrides` {ess-icon}::
-Overrides the configs under `xpack.actions.run` for the connector type with the given ID. List the connector type identifier and its settings in an array of objects.
+Overrides the configs under `xpack.actions.run` for the connector type with the given ID. List the connector type identifier and its settings in an array of objects. For example:
 +
-For example:
 [source,yaml]
 --
 xpack.actions.run:
@@ -220,7 +221,7 @@ xpack.actions.run:
 
 [float]
 [[alert-settings]]
-==== Alerting settings
+=== Alerting settings
 
 `xpack.alerting.maxEphemeralActionsPerAlert` {ess-icon}::
 deprecated:[8.8.0]
@@ -257,9 +258,8 @@ Specifies the default timeout for tasks associated with all types of rules. The
 For example, `20m`, `24h`, `7d`, `1w`. Default: `5m`.
 
 `xpack.alerting.rules.run.ruleTypeOverrides` {ess-icon}::
-Overrides the configs under `xpack.alerting.rules.run` for the rule type with the given ID. List the rule identifier and its settings in an array of objects.
+Overrides the configs under `xpack.alerting.rules.run` for the rule type with the given ID. List the rule identifier and its settings in an array of objects. For example:
 +
-For example:
 [source,yaml]
 --
 xpack.alerting.rules.run:
@@ -270,9 +270,8 @@ xpack.alerting.rules.run:
 --
 
 `xpack.alerting.rules.run.actions.connectorTypeOverrides` {ess-icon}::
-Overrides the configs under `xpack.alerting.rules.run.actions` for the connector type with the given ID. List the connector type identifier and its settings in an array of objects.
+Overrides the configs under `xpack.alerting.rules.run.actions` for the connector type with the given ID. List the connector type identifier and its settings in an array of objects. For example:
 +
-For example:
 [source,yaml]
 --
 xpack.alerting.rules.run:
 
@@ -619,7 +619,7 @@ Set this value to false to disable the Upgrade Assistant UI. *Default: true*
 Set this value to change the {kib} interface language.
 Valid locales are: `en`, `zh-CN`, `ja-JP`. *Default: `en`*
 
-include::{kib-repo-dir}/settings/alert-action-settings.asciidoc[]
+include::{kib-repo-dir}/settings/alert-action-settings.asciidoc[leveloffset=+1]
 include::{kib-repo-dir}/settings/apm-settings.asciidoc[]
 include::{kib-repo-dir}/settings/banners-settings.asciidoc[]
 include::{kib-repo-dir}/settings/cases-settings.asciidoc[leveloffset=+1]
 
@@ -0,0 +1,25 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { Env } from '@kbn/config';
+import { rawConfigServiceMock, configServiceMock } from '@kbn/config-mocks';
+
+export const mockConfigService = configServiceMock.create();
+export const mockRawConfigService = rawConfigServiceMock.create();
+export const mockRawConfigServiceConstructor = jest.fn(() => mockRawConfigService);
+jest.doMock('@kbn/config', () => ({
+  ConfigService: jest.fn(() => mockConfigService),
+  Env,
+  RawConfigService: jest.fn(mockRawConfigServiceConstructor),
+}));
+
+jest.doMock('./root', () => ({
+  Root: jest.fn(() => ({
+    shutdown: jest.fn(),
+  })),
+}));
@@ -0,0 +1,61 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { of } from 'rxjs';
+import type { CliArgs } from '@kbn/config';
+
+import { mockRawConfigService, mockRawConfigServiceConstructor } from './bootstrap.test.mocks';
+
+jest.mock('@kbn/core-logging-server-internal');
+
+import { bootstrap } from './bootstrap';
+
+const bootstrapCfg = {
+  configs: ['config/kibana.yml'],
+  cliArgs: {} as unknown as CliArgs,
+  applyConfigOverrides: () => ({}),
+};
+
+describe('bootstrap', () => {
+  describe('serverless', () => {
+    beforeEach(() => {
+      jest.clearAllMocks();
+    });
+
+    test('should load additional serverless files for a valid project', async () => {
+      mockRawConfigService.getConfig$.mockReturnValue(of({ serverless: 'es' }));
+      await bootstrap(bootstrapCfg);
+      expect(mockRawConfigServiceConstructor).toHaveBeenCalledTimes(2);
+      expect(mockRawConfigServiceConstructor).toHaveBeenNthCalledWith(
+        1,
+        bootstrapCfg.configs,
+        bootstrapCfg.applyConfigOverrides
+      );
+      expect(mockRawConfigServiceConstructor).toHaveBeenNthCalledWith(
+        2,
+        [
+          expect.stringContaining('config/serverless.yml'),
+          expect.stringContaining('config/serverless.es.yml'),
+          ...bootstrapCfg.configs,
+        ],
+        bootstrapCfg.applyConfigOverrides
+      );
+    });
+
+    test('should skip loading the serverless files for an invalid project', async () => {
+      mockRawConfigService.getConfig$.mockReturnValue(of({ serverless: 'not-valid' }));
+      await bootstrap(bootstrapCfg);
+      expect(mockRawConfigServiceConstructor).toHaveBeenCalledTimes(1);
+      expect(mockRawConfigServiceConstructor).toHaveBeenNthCalledWith(
+        1,
+        bootstrapCfg.configs,
+        bootstrapCfg.applyConfigOverrides
+      );
+    });
+  });
+});
@@ -7,9 +7,14 @@
  */
 
 import chalk from 'chalk';
+import { firstValueFrom } from 'rxjs';
 import { getPackages } from '@kbn/repo-packages';
 import { CliArgs, Env, RawConfigService } from '@kbn/config';
 import { CriticalError } from '@kbn/core-base-server-internal';
+import { resolve } from 'path';
+import { getConfigDirectory } from '@kbn/utils';
+import { statSync } from 'fs';
+import { VALID_SERVERLESS_PROJECT_TYPES } from './root/serverless_config';
 import { Root } from './root';
 import { MIGRATION_EXCEPTION_CODE } from './constants';
 
@@ -38,15 +43,40 @@ export async function bootstrap({ configs, cliArgs, applyConfigOverrides }: Boot
   // eslint-disable-next-line @typescript-eslint/no-var-requires
   const { REPO_ROOT } = require('@kbn/repo-info');
 
-  const env = Env.createDefault(REPO_ROOT, {
+  let env = Env.createDefault(REPO_ROOT, {
     configs,
     cliArgs,
     repoPackages: getPackages(REPO_ROOT),
   });
 
-  const rawConfigService = new RawConfigService(env.configs, applyConfigOverrides);
+  let rawConfigService = new RawConfigService(env.configs, applyConfigOverrides);
   rawConfigService.loadConfig();
 
+  // Hack to load the extra serverless config files if `serverless: {projectType}` is found in it.
+  const rawConfig = await firstValueFrom(rawConfigService.getConfig$());
+  const serverlessProjectType = rawConfig?.serverless;
+  if (
+    typeof serverlessProjectType === 'string' &&
+    VALID_SERVERLESS_PROJECT_TYPES.includes(serverlessProjectType)
+  ) {
+    const extendedConfigs = [
+      ...['serverless.yml', `serverless.${serverlessProjectType}.yml`]
+        .map((name) => resolve(getConfigDirectory(), name))
+        .filter(configFileExists),
+      ...configs,
+    ];
+
+    env = Env.createDefault(REPO_ROOT, {
+      configs: extendedConfigs,
+      cliArgs: { ...cliArgs, serverless: true },
+      repoPackages: getPackages(REPO_ROOT),
+    });
+
+    rawConfigService.stop();
+    rawConfigService = new RawConfigService(env.configs, applyConfigOverrides);
+    rawConfigService.loadConfig();
+  }
+
   const root = new Root(rawConfigService, env, onRootShutdown);
 
   process.on('SIGHUP', () => reloadConfiguration());
@@ -128,3 +158,15 @@ function onRootShutdown(reason?: any) {
 
   process.exit(0);
 }
+
+function configFileExists(path: string) {
+  try {
+    return statSync(path).isFile();
+  } catch (err) {
+    if (err.code === 'ENOENT') {
+      return false;
+    }
+
+    throw err;
+  }
+}
@@ -28,6 +28,7 @@ import { uiSettingsConfig } from '@kbn/core-ui-settings-server-internal';
 
 import { config as pluginsConfig } from '@kbn/core-plugins-server-internal';
 import { elasticApmConfig } from './root/elastic_config';
+import { serverlessConfig } from './root/serverless_config';
 
 const rootConfigPath = '';
 
@@ -49,6 +50,7 @@ export function registerServiceConfig(configService: ConfigService) {
     pluginsConfig,
     savedObjectsConfig,
     savedObjectsMigrationConfig,
+    serverlessConfig,
     statusConfig,
     uiSettingsConfig,
   ];
 
@@ -0,0 +1,34 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { schema, TypeOf, Type } from '@kbn/config-schema';
+import { ServiceConfigDescriptor } from '@kbn/core-base-server-internal';
+
+// Config validation for how to run Kibana in Serverless mode.
+// Clients need to specify the project type to run in.
+// Going for a simple `serverless` string because it serves as
+// a direct replacement to the legacy --serverless CLI flag.
+// If we even decide to extend this further, and converting it into an object,
+// BWC can be ensured by adding the object definition as another alternative to `schema.oneOf`.
+
+export const VALID_SERVERLESS_PROJECT_TYPES = ['es', 'oblt', 'security'];
+
+const serverlessConfigSchema = schema.maybe(
+  schema.oneOf(
+    VALID_SERVERLESS_PROJECT_TYPES.map((projectName) => schema.literal(projectName)) as [
+      Type<typeof VALID_SERVERLESS_PROJECT_TYPES[number]> // This cast is needed because it's different to Type<T>[] :sight:
+    ]
+  )
+);
+
+export type ServerlessConfigType = TypeOf<typeof serverlessConfigSchema>;
+
+export const serverlessConfig: ServiceConfigDescriptor<ServerlessConfigType> = {
+  path: 'serverless',
+  schema: serverlessConfigSchema,
+};
Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
	`1`	`+uiSettings.overrides.defaultRoute: /app/observability/overview`
`1`	`2`	`xpack.infra.logs.app_target: discover`