Cannot disable TLS and security in EKS

Hello,

I Installed ECK open source 1.0.1 in k8s 1.15.5
I tried to disable the security and TLS using:

  apiVersion: elasticsearch.k8s.elastic.co/v1
  kind: Elasticsearch
  metadata:
    name: elasticsearch
  spec:
    version: 7.6.0
    nodeSets:
    - name: default
      count: 1
      config:
        node.master: true
        node.data: true
        node.ingest: true
        node.store.allow_mmap: false

        xpack.security.enabled: false
        xpack.security.http.ssl.enabled: false
        xpack.security.transport.ssl.enabled: false

but it doesn't seem to work:

kubectl port-forward service/elasticsearch-es-http 9200
curl http://localhost:9200
==> not working

and

PASSWORD=$(kubectl get secret elasticsearch-es-elastic-user -o=jsonpath='{.data.elastic}' | base64 --decode)
curl -k -u "elastic:$PASSWORD" https://localhost:9200
==> works

If I check the configuration in the 'elasticsearch-es-default-es-config'
kubectl get secrets elasticsearch-es-default-es-config -o jsonpath="{.data['elasticsearch.yml']}" | base64 -d
I get:

cluster:
  name: elasticsearch
discovery:
  seed_providers: file
network:
  host: 0.0.0.0
  publish_host: ${POD_IP}
node:
  data: true
  ingest: true
  master: true
  name: ${POD_NAME}
  store:
    allow_mmap: false
path:
  data: /usr/share/elasticsearch/data
  logs: /usr/share/elasticsearch/logs
xpack:
  license:
    upload:
      types:
      - trial
      - enterprise
  security:
    authc:
      realms:
        file:
          file1:
            order: -100
        native:
          native1:
            order: -99
      reserved_realm:
        enabled: "false"
    enabled: "true"
    http:
      ssl:
        certificate: /usr/share/elasticsearch/config/http-certs/tls.crt
        certificate_authorities: /usr/share/elasticsearch/config/http-certs/ca.crt
        enabled: true
        key: /usr/share/elasticsearch/config/http-certs/tls.key
    transport:
      ssl:
        certificate: /usr/share/elasticsearch/config/node-transport-cert/transport.tls.crt
        certificate_authorities:
        - /usr/share/elasticsearch/config/transport-certs/ca.crt
        enabled: "true"
        key: /usr/share/elasticsearch/config/node-transport-cert/transport.tls.key
        verification_mode: certificate

which still contains the security and tls config enabled...

Any idea on how to disable security and tls config ?
Thanks
Yann

These settings are managed by ECK and you cannot currently disable security and you cannot disable TLS on the transport layer. Please see https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-reserved-settings.html for a list of settings managed by ECK that we don't support to be set by users.

If you want to disable security in order to allow access without authentication to your clusters, please consider enabling anonymous access instead: https://www.elastic.co/guide/en/elasticsearch/reference/7.6/anonymous-access.html

You can however disable TLS on the HTTP layer if desired. Instructions are here: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-accessing-elastic-services.html#k8s-disable-tls

Thanks Peter, that solved my issue.

for folks here is the complete solution:

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: elasticsearch
spec:
  version: 7.6.0
  nodeSets:
  - name: default
    count: 1
    config:
      node.master: true
      node.data: true
      node.ingest: true
      node.store.allow_mmap: false
      xpack.security.authc:
          anonymous:
            username: anonymous
            roles: superuser
            authz_exception: false
  http:
    tls:
      selfSignedCertificate:
        disabled: true

Yann

Hi, I tried this but it doesn't seems to work for ES.