Cant turn off TLS in opensearch.yml section values file

I am terminating cert-manager certificates in my traefik ingressroutes, for the ingressroutes be able to work without issues I need to turn off HTTPS for the opensearch database pods or else there will be HTTPS conflicts.

There is an easy option in the helm values file, mine looks like this in the config section:

config:
  # Values must be YAML literal style scalar / YAML multiline string.
  # <filename>: |
  #   <formatted-value(s)>
  # log4j2.properties: |
  #   status = error
  #
  #   appender.console.type = Console
  #   appender.console.name = console
  #   appender.console.layout.type = PatternLayout
  #   appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
  #
  #   rootLogger.level = info
  #   rootLogger.appenderRef.console.ref = console
  opensearch.yml: |
    cluster.name: opensearch-cluster

    # Bind to all interfaces because we don't know what IP address Docker will assign to us.
    network.host: 0.0.0.0

    # Setting network.host to a non-loopback address enables the annoying bootstrap checks. "Single-node" mode disables them again.
    # Implicitly done if ".singleNode" is set to "true".
    # discovery.type: single-node

    # Start OpenSearch Security Demo Configuration
    # WARNING: revise all the lines below before you go into production
    plugins:
      security:
        ssl:
          transport:
            pemcert_filepath: esnode.pem
            pemkey_filepath: esnode-key.pem
            pemtrustedcas_filepath: root-ca.pem
            enforce_hostname_verification: false
          http:
            enabled: false
            pemcert_filepath: esnode.pem
            pemkey_filepath: esnode-key.pem
            pemtrustedcas_filepath: root-ca.pem
        allow_unsafe_democertificates: true
        allow_default_init_securityindex: true
        authcz:
          admin_dn:
            - CN=kirk,OU=client,O=client,L=test,C=de
        audit.type: internal_opensearch
        enable_snapshot_restore_privilege: true
        check_snapshot_restore_write_privileges: true
        restapi:
          roles_enabled: ["all_access", "security_rest_api_access"]
        system_indices:
          enabled: true
          indices:
            [
              ".opendistro-alerting-config",
              ".opendistro-alerting-alert*",
              ".opendistro-anomaly-results*",
              ".opendistro-anomaly-detector*",
              ".opendistro-anomaly-checkpoints",
              ".opendistro-anomaly-detection-state",
              ".opendistro-reports-*",
              ".opendistro-notifications-*",
              ".opendistro-notebooks",
              ".opendistro-asynchronous-search-response*",
            ]
    ######## End OpenSearch Security Demo Configuration ########

my configmap looks correct:

apiVersion: v1
data:
  opensearch.yml: >
    cluster.name: opensearch-cluster


    # Bind to all interfaces because we don't know what IP address Docker will
    assign to us.

    network.host: 0.0.0.0


    # Setting network.host to a non-loopback address enables the annoying
    bootstrap checks. "Single-node" mode disables them again.

    # Implicitly done if ".singleNode" is set to "true".

    # discovery.type: single-node


    # Start OpenSearch Security Demo Configuration

    # WARNING: revise all the lines below before you go into production

    plugins:
      security:
        ssl:
          transport:
            pemcert_filepath: esnode.pem
            pemkey_filepath: esnode-key.pem
            pemtrustedcas_filepath: root-ca.pem
            enforce_hostname_verification: false
          http:
            enabled: false
            pemcert_filepath: esnode.pem
            pemkey_filepath: esnode-key.pem
            pemtrustedcas_filepath: root-ca.pem
        allow_unsafe_democertificates: true
        allow_default_init_securityindex: true
        authcz:
          admin_dn:
            - CN=kirk,OU=client,O=client,L=test,C=de
        audit.type: internal_opensearch
        enable_snapshot_restore_privilege: true
        check_snapshot_restore_write_privileges: true
        restapi:
          roles_enabled: ["all_access", "security_rest_api_access"]
        system_indices:
          enabled: true
          indices:
            [
              ".opendistro-alerting-config",
              ".opendistro-alerting-alert*",
              ".opendistro-anomaly-results*",
              ".opendistro-anomaly-detector*",
              ".opendistro-anomaly-checkpoints",
              ".opendistro-anomaly-detection-state",
              ".opendistro-reports-*",
              ".opendistro-notifications-*",
              ".opendistro-notebooks",
              ".opendistro-asynchronous-search-response*",
            ]
    ######## End OpenSearch Security Demo Configuration ########
kind: ConfigMap

but im still getting status code 502 when trying to access the database url

When I enter the pod, my opensearch.yml looks like this:

[opensearch@opensearch-cluster-master-0 ~]$ cat /usr/share/opensearch/config/opensearch.yml                                                                                                
cluster.name: opensearch-cluster                                                                                                                                                           
                                                                                                                                                                                           
# Bind to all interfaces because we don't know what IP address Docker will assign to us.                                                                                                   
network.host: 0.0.0.0                                                                                                                                                                      
                                                                                                                                                                                           
# Setting network.host to a non-loopback address enables the annoying bootstrap checks. "Single-node" mode disables them again.                                                            
# Implicitly done if ".singleNode" is set to "true".                                                                                                                                       
# discovery.type: single-node                                                                                                                                                              
                                                                                                                                                                                           
# Start OpenSearch Security Demo Configuration                                                                                                                                             
# WARNING: revise all the lines below before you go into production                                                                                                                        
plugins:                                                                                                                                                                                   
  security:                                                                                                                                                                                
    ssl:                                                                                                                                                                                   
      transport:                                                                                                                                                                           
        pemcert_filepath: esnode.pem                                                                                                                                                       
        pemkey_filepath: esnode-key.pem                                                                                                                                                    
        pemtrustedcas_filepath: root-ca.pem                                                                                                                                                
        enforce_hostname_verification: false                                                                                                                                               
      http:                                                                                                                                                                                
        enabled: false                                                                                                                                                                     
        pemcert_filepath: esnode.pem                                                                                                                                                       
        pemkey_filepath: esnode-key.pem                                                                                                                                                    
        pemtrustedcas_filepath: root-ca.pem                                                                                                                                                
    allow_unsafe_democertificates: true                                                                                                                                                    
    allow_default_init_securityindex: true                                                                                                                                                 
    authcz:                                                                                                                                                                                
      admin_dn:                                                                                                                                                                            
        - CN=kirk,OU=client,O=client,L=test,C=de                                                                                                                                           
    audit.type: internal_opensearch                                                                                                                                                        
    enable_snapshot_restore_privilege: true                                                                                                                                                
    check_snapshot_restore_write_privileges: true                                                                                                                                          
    restapi:                                                                                                                                                                               
      roles_enabled: ["all_access", "security_rest_api_access"]                                                                                                                            
    system_indices:                                                                                                                                                                        
      enabled: true                                                                                                                                                                        
      indices:
        [
          ".opendistro-alerting-config",
          ".opendistro-alerting-alert*",
          ".opendistro-anomaly-results*",
          ".opendistro-anomaly-detector*",
          ".opendistro-anomaly-checkpoints",
          ".opendistro-anomaly-detection-state",
          ".opendistro-reports-*",
          ".opendistro-notifications-*",
          ".opendistro-notebooks",
          ".opendistro-asynchronous-search-response*",
        ]
######## End OpenSearch Security Demo Configuration ########


######## Start OpenSearch Security Demo Configuration ########
# WARNING: revise all the lines below before you go into production
plugins.security.ssl.transport.pemcert_filepath: esnode.pem
plugins.security.ssl.transport.pemkey_filepath: esnode-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.http.enabled: true
plugins.security.ssl.http.pemcert_filepath: esnode.pem
plugins.security.ssl.http.pemkey_filepath: esnode-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: root-ca.pem
plugins.security.allow_unsafe_democertificates: true
plugins.security.allow_default_init_securityindex: true
plugins.security.authcz.admin_dn: ['CN=kirk,OU=client,O=client,L=test,C=de']
plugins.security.audit.type: internal_opensearch
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.restapi.roles_enabled: [all_access, security_rest_api_access]
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [.plugins-ml-agent, .plugins-ml-config, .plugins-ml-connector,                                                                                   
  .plugins-ml-controller, .plugins-ml-model-group, .plugins-ml-model, .plugins-ml-task,
  .plugins-ml-conversation-meta, .plugins-ml-conversation-interactions, .plugins-ml-memory-meta,                                                                                          
  .plugins-ml-memory-message, .plugins-ml-stop-words, .opendistro-alerting-config,
  .opendistro-alerting-alert*, .opendistro-anomaly-results*, .opendistro-anomaly-detector*,
  .opendistro-anomaly-checkpoints, .opendistro-anomaly-detection-state, .opendistro-reports-*,                                                                                            
  .opensearch-notifications-*, .opensearch-notebooks, .opensearch-observability, .ql-datasources,                                                                                         
  .opendistro-asynchronous-search-response*, .replication-metadata-store, .opensearch-knn-models,                                                                                         
  .geospatial-ip2geo-data*, .plugins-flow-framework-config, .plugins-flow-framework-templates,                                                                                            
  .plugins-flow-framework-state]
node.max_local_storage_nodes: 3
######## End OpenSearch Security Demo Configuration ########

should it really look like this? something seems wrong.