Don't want to use https and user:password

Hello,

TLS can be disabled as explained here: https://www.elastic.co/guide/en/cloud-on-k8s/0.9/k8s-accessing-elastic-services.html#k8s-disable-tls.

spec:
  http:
    tls:
      selfSignedCertificate:
        disabled: true

Basic authentication can be bypassed by enabling anonymous access: https://www.elastic.co/guide/en/elastic-stack-overview/7.4/anonymous-access.html.

spec:
  nodes:
  - nodeCount: 1
    config:
      xpack.security.authc:
          anonymous:
            username: anonymous
            roles: superuser
            authz_exception: false

Even in a private cluster, we don't recommend to turn off these security layers.
Obviously, it is up to you to make the decision :slight_smile:

3 Likes