[DOCS] Add stronger and clearer language about single-node security (#71857)

* [DOCS] Add stronger and clearer language about single-node security

* Clarifying admonition about minimal security being insufficient for production.

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

x-pack/docs/en/security/configuring-stack-security.asciidoc

@@ -26,7 +26,14 @@ is for you. This configuration prevents unauthorized access to your local
 cluster by setting up passwords for the built-in users. You also configure
 password authentication for {kib}.
 
-IMPORTANT: Only use this security configuration for local development.
+// tag::minimal-security-note[]
+IMPORTANT: The minimal security scenario is not sufficient for
+<<dev-vs-prod-mode,production mode>> clusters. If your cluster has multiple
+nodes, you must enable minimal security and then
+<<security-basic-setup,configure Transport Layer Security (TLS)>> between
+nodes.
+
+// end::minimal-security-note[]
 
 <<security-minimal-setup,Set up minimal security>>
 

x-pack/docs/en/security/securing-communications/security-basic-setup.asciidoc

@@ -8,6 +8,10 @@ After adding password protection in the <<security-minimal-setup,minimal securit
 (TLS). The transport layer handles all internal communication between nodes in
 your cluster.
 
+IMPORTANT: If your cluster has multiple nodes, then you must configure
+TLS between nodes. <<dev-vs-prod-mode,Production mode>> clusters will not start
+if you do not enable TLS.
+
 The transport layer relies on mutual TLS for both encryption and
 authentication of nodes. Correctly applying TLS ensures that a malicious node
 cannot join the cluster and exchange data with other nodes. While implementing

x-pack/docs/en/security/securing-communications/security-minimal-setup.asciidoc

@@ -9,6 +9,8 @@ passwords for built-in users. You can add more users later, but using the
 built-in users simplifies the process of enabling security for your
 cluster.
 
+include::../configuring-stack-security.asciidoc[tag=minimal-security-note]
+
 ==== Prerequisites
 
 . Install and configure {es} and {kib}. See https://www.elastic.co/guide/en/elastic-stack-get-started/current/get-started-elastic-stack.html[Getting started with the Elastic Stack].
@@ -40,6 +42,16 @@ configuration files. If you installed {es} using archive distributions
 (`zip` or `tar.gz`), the variable defaults to `ES_HOME/config`. If you used
 package distributions (Debian or RPM), the variable defaults to `/etc/elasticsearch`.
 
+. If your cluster has a single node, add the `discovery.type` setting in the
+`ES_PATH_CONF/elasticsearch.yml` file and set the value to `single-node`. This
+setting ensures that your node does not inadvertently connect to other clusters
+that might be running on your network.
++
+[source,yaml]
+----
+discovery.type: single-node
+----
+
 [[security-create-builtin-users]]
 ==== Create passwords for built-in users
 
@@ -143,7 +155,12 @@ When prompted, enter the password for the `elastic` user.
 
 Congratulations! You enabled password protection for your local cluster to
 prevent unauthorized access. You can log in to {kib} securely as the `elastic`
-user.
+user. If you're running a <<single-node-discovery,single-node cluster>>, then
+you can stop here.
+
+If your cluster has multiple nodes, then you must configure Transport Layer
+Security (TLS) between nodes. <<dev-vs-prod-mode,Production mode>> clusters
+will not start if you do not enable TLS.
 
-To add another layer of security, <<security-basic-setup,Set up basic security for the Elastic Stack>>. You'll configure Transport Layer Security (TLS) to
+<<security-basic-setup,Set up basic security for the Elastic Stack>> to
 secure all internal communication between nodes in your cluster.