Cloud-on-k8s: Is there a way to disable default enable TLS and authentication?

Created on 11 Aug 2019  路  6Comments  路  Source: elastic/cloud-on-k8s

I am using the elastic cloud operator 0.9 and deploying a 3 node elasticsearch cluster in k8s. For my usecase, I want to be able to disable TLS and authentication and allow for API access via http and port 9200. Is this possible?

apiVersion: elasticsearch.k8s.elastic.co/v1alpha1
kind: Elasticsearch
metadata:
  name: test
spec:
  version: 7.2.0
  nodes:
  - nodeCount: 3
    config:
      node.master: true
      node.data: true
      node.ingest: true
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 50Gi
        storageClassName: rook-ceph-block
picture eroji
🚀1

Most helpful comment

Disabling TLS will be possible in the next release (post 0.9): https://github.com/elastic/cloud-on-k8s/pulls?utf8=%E2%9C%93&q=is%3Apr+is%3Aclosed+tls
You can then authorize anonymous access through the configuration: https://www.elastic.co/guide/en/elastic-stack-overview/current/anonymous-access.html

picture sebgl on 12 Sep 2019
🚀1 🎉1 👍1

All 6 comments

You can for Kibana and APM but not Elasticsearch unfortunately.

dcopestake picture dcopestake on 11 Aug 2019

Hi @eroji could you give a bit more details about your use case and setup, and why you would like to disable TLS and authentication?

sebgl picture sebgl on 12 Aug 2019

I'm trying to deploy Jaeger into a namespace in my k8s cluster. They also have an operator that automates this process. However there does not seem to be any documented way for it to be configured to interact with a secured ES cluster (which I understand is definitely best practice). I did post the question on their GitHub but I figured I'd ask here as well.

eroji picture eroji on 12 Aug 2019

@eroji see also https://github.com/elastic/cloud-on-k8s/issues/1191#issuecomment-509250403

sebgl picture sebgl on 12 Aug 2019

Disabling TLS will be possible in the next release (post 0.9): https://github.com/elastic/cloud-on-k8s/pulls?utf8=%E2%9C%93&q=is%3Apr+is%3Aclosed+tls
You can then authorize anonymous access through the configuration: https://www.elastic.co/guide/en/elastic-stack-overview/current/anonymous-access.html

sebgl picture sebgl on 12 Sep 2019
🚀1 🎉1 👍1

Where can I grab output of CI? I want to get all in one yaml of master.

dzmitry-lahoda picture dzmitry-lahoda on 19 Sep 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sebgl picture sebgl  路  5Comments
SebastianCaceresUltra picture SebastianCaceresUltra  路  3Comments
barkbay picture barkbay  路  4Comments
anyasabo picture anyasabo  路  3Comments
djschny picture djschny  路  4Comments