Hello,
TLS can be disabled as explained here: https://www.elastic.co/guide/en/cloud-on-k8s/0.9/k8s-accessing-elastic-services.html#k8s-disable-tls.
spec:
http:
tls:
selfSignedCertificate:
disabled: true
Basic authentication can be bypassed by enabling anonymous access: https://www.elastic.co/guide/en/elastic-stack-overview/7.4/anonymous-access.html.
spec:
nodes:
- nodeCount: 1
config:
xpack.security.authc:
anonymous:
username: anonymous
roles: superuser
authz_exception: false
Even in a private cluster, we don't recommend to turn off these security layers.
Obviously, it is up to you to make the decision