I am just starting with Elasticsearch 6.5.1 (our current version is 5.6).
Need to use XPack for users, passwords, etc.
Question: Do I necessarily need to setup encryption between nodes? Or I can have authentication for users, encryption for user and Kibana access, but without node-to-node encryption?
I tried to start Elasticsearch without TLS, but then I could not install the XPack license, it gave me an error:
Cannot install a [PLATINUM] license unless TLS is configured or security is disabled
But if i disable security, then I cannot use XPack at all.
Yes, you must setup TLS for the transport layer (node-to-node encryption) in order to enable security. As mentioned in the documentation:
Clusters that do not have encryption enabled send all data in plain text including passwords and will not be able to install a license that enables X-Pack security.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.