Configuring a secure Kudu cluster using Cloudera Manager
First you need to enable Kerberos authentication and RPC encryption. Next, configure
coarse-grained authorization with ALCs. Lastly, configure HTTPS encryption for both the Kudu
master and tablet server web UIs.
Enabling Kerberos authentication and RPC encryption You must aleady have a secure Cloudera Manager cluster with Kerberos authentication enabled. Configuring coarse-grained authorization with ACLs The coarse-grained authorization can be configured with the following two ACLs: the Superuser Access Control List and the User Access Control List. The Superuser ACL is the list of all the superusers that can access the cluster. User-level access can be controlled by using the User ACL. By default, all the users can access the clusters. But when you enable authentication using Kerberos, only the users who are able to authenticate successfully can access the cluster. Enabling Ranger authorization You can configure fine-grained authorization using Apache Ranger. This topic provides the steps to enable Kudu's integration with Ranger from Cloudera Manager. Configuring HTTPS encryption for the Kudu master and tablet server web UIs Lastly, you enable TLS/SSL encryption (over HTTPS) for browser-based connections to both the Kudu master and tablet server web UIs.