Can we update to 8.0 without enabling securitys

We have our filebeat-logstash-Elasticsearch-kibana ecosystem on a private subnet within our organization network. Due to the placement of all components on a fenced subnet, we don't need any security features such as role based access control, encryption during transit or when feeding data into Elasticsearch from logstash. Kibana too is behind an Nginx reverse proxy and basic authentication control at Nginx provides us good enough security for our use case.

So all our Elasticsearch nodes have the following setting false

Reading the 8.0 release notes, first thing that jumps up is Security is now on by default

My shallow understanding is that to use security, we would need to:

  • Setup TLS keys on Elasticsearch nodes
  • Edit elasticsearch plugin in Logstash to add the new certificate information
  • Edit kibana config to tell it to use TLS to talk to Elasticsearch
  • Maybe ad authentication to Kibana

Given this is a production cluster, we cannot afford to have a failed 8.0 upgrade. So I would like to know if we can upgrade the current "no-security" ElasticStack-7.17 to a "no-security" ElasticStack-8.0 and then think about enabling security/TLS? I couldn't find relevant information in the release documentation of Elasticsearch, logstash and Kibana.

it just means that in previous versions Basic security wasn't enabled by default and you have to enable it using true config, now its enabled by default, so if you don't want to use it, please change it in elasticsearch.yml to false and you are good to go.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.