I’m currently looking for a solution to secure my ElasticSearch cluster.
I would like to prevent than anyone in my network can start an ES node and join my cluster by setting the same cluster name.
I was looking to your solution Search Guard and I see in the searchguard_config_template.yml the following properties:
Do other nodes have to authenticate themself to the cluster, default is true
Unfortunately I didn’t find any documentation/example about how to configure the transport layer.
First I would like to know if I can I use Search Guard to prevent anyone to join the cluster or I’m misunderstanding ?
Is it the purpose of the enforce_clientauth ? Or does Search Guard have other mechanisms such as the IP Filtering provide by Shield ?
Thanks a lot,