We already have an ES cluster running WITHOUT authentication and TLS. We are trying to enable the security feature.
Is it possible to achieve this with zero down time? Two aspects of the problem:
Cluster internal communication. Once
xpack.security.transport.ssl.enabledon some nodes are enabled.
Is it still possible for nodes(disabled) to communicate with nodes(enabled)?
If it is not possible, will the cluster be in a consistent state after we rolling upgrade all of the nodes?
Is there way for ES to have one port for http and another port for https? So we can rolling upgrade application to switch to https(from http)?
Thanks a lot!