search

upmc-enterprises / elasticsearch-operator

manages elasticsearch clusters
Other
655 stars 133 forks source link

Allow non-tls clusters #5

Open stevesloka opened 7 years ago

stevesloka commented 7 years ago

If someone did not want to use tls with the upmc custom image, allow them to use non tls like: https://github.com/pires/kubernetes-elasticsearch-cluster

fabito commented 7 years ago

Hi @stevesloka ,

You mean we should conditionally create the es-certs volumes and the respective volume mounts, correct ? Is it correct to assume that in a non-tls scenario, we do not need the search-guard plugin ? Do you have anything in mind ?

Maybe a new section in the cluster spec ?

"spec": {
//   (...)
    "tls": { //enables search-guard with the given certificates ?
      "secret": "es-certs"
    }
//   (...)
 }
stevesloka commented 7 years ago

The idea is possibly someone may not want to deal with all the certs, and just leave it open as it is by default. So we wouldn't require those volume mounts and the controller would not require them when it creates the cluster.

Yes we also would not need the search-guard plugin, could just use the base image from Paulo Pires.

djschny commented 7 years ago

I feel like there may be various different security related items being intertwined in this discussion. Security is done at three levels in Elasticsearch in general:

Essentially all of these can be turned on and off independently of each other and some of them can be accomplished in various manners.

For example the API with SSL can be accomplished with running HAProxy locally on each node or by terminating SSL at an ELB wrapping the Service in Kubernetes.

IMO the part that is the trickiest due to cert exchanges (node to node communication) should just be disabled by default but could be optionally turned on, but would require a person to provide certs. I say this because the node to node encryption within an already private/restricted network does not add as much values as the other two, especially given its complexity.

Happy to discuss more, but want to make sure we can address each item separately.

stevesloka commented 7 years ago

@djschny, I work in a hipaa environment where we are required to do encyrption at rest and in transit, so in production we have to have that enabled. @gianrubio is working on a setting now to disable if folks do not require or want off for dev purposes.

I'll open a new issue for Authentication/Authorization which the operator currently doesn't have.