Hi I am trialing ECE and I have setup secure route to a new cluster and that works fine. I get a access denied when I try and access it from anywhere except the host I allowed.
But I can hit the frc-services-forwarders-services-forwarder (port 9244) on a server that is only a allocator. If I spoof the address for the cluster ie. add the cluster-id.ece-address.local to the allocator ip in the host file I can access the cluster anywhere I do this change.
This raise some security concerns, also that communication looks to be frc-services-forwarders-services-forwarder http only. Does the poxy terminate the tls connection and its http to the elasticsearch cluster or is the something missing.