While researching different security configurations, I saw a comment in the Helm chart that indicated that “TLS is mandatory for the transport layer and can not be disabled”. However, when I disable security (by including “opendistro_security.disabled: true
” in my elasticsearch.yml file, I notice that the Elasticsearch nodes still come up and eventually find each other. In fact, it appears Elasticsearch is fully functional at that point: I was able to use APIs to define pipelines, adjust settings, etc. I’ve exec’ed into the Elasticsearch pods and confirmed there are no SSL certs (.pem files).
So, how is that possible if TLS is really mandatory for the transport layer? Are there hidden certs somewhere? Is there some alternative security mechanism being used? Or, is the comment in the Helm chart incorrect?