I'm running ECK cluster with rancher2. There are 3 nodes: 2 for elasticsearch, 1 for kibana.
I want to change Elastic-server configuration with operator, for example, disable ssl communication.
But what right way to do it? Mount config-file from host? Please give some ideas
Quoting the documentation:
You can explicitly disable TLS for Kibana, APM Server, Enterprise Search and the HTTP layer of Elasticsearch.
spec:
http:
tls:
selfSignedCertificate:
disabled: true
That is generally useful when you want to run ECK with Istio and want to let that manage TLS.
However, you cannot disable TLS for the transport communication (between the Elasticsearch nodes). For security reasons that is always enabled.
PS: For a highly available cluster, you'd want at least 3 Elasticsearch nodes. Having 2 isn't helping you — if one of them is going down, the other one will degrade as well, since Elasticsearch is built around a majority based consensus protocol.