I've got a small Elasticsearch cluster (two nodes) running in docker along with Kibana. The only thing that's exposed outside of the docker network is the Kibana service on port 5601 - and that's only exposed to localhost, as I have a reverse proxy in front of it to provide TLS to clients.
Now I want to connect it to our OpenID provider but it seems that for that I need the elastic token service, and for that I have to configure TLS on everything in the stack. Really? What is TLS going to add here? Is there no way to enable the token service without TLS?