Elasticsearch security with a multiple Helm charts cluster

We are running elasticsearch on kubernetes, via official elastic Helm chart. As per elastic recommandation, we run 3 Helm releases with dedicated role:

  • master
  • data
  • client

Usually, I deploy master release first, then data, end client.

Now we have a gold licence, so to apply it I must setup security: TLS communication and authentication.

TLS seems fine (I use an initContainer to create cert for each container).

Now, I am trying to deploy the master release (only master nodes), but I got this error:

UnavailableShardsException: at least one primary shard for the index [.security-7] is unavailable

I guess ES need data nodes to store this data, so it cannot start master nodes, which is required to start data nodes !

What should be the process here?

The only solution I have found , is to declare an anonymous user:

      xpack.security.authc:
        anonymous:
          username: anonymous 
          roles: superuser
          authz_exception: true 

I will configure user later, once all nodes are up and ready.