Kudu security limitations
Here are some limitations related to data encryption and authorization in Kudu.
- Kudu uses an internal PKI system to issue X.509 certificates to servers in the cluster. As a result, you cannot run Kudu with public IPs.
-
Server certificates generated by Kudu IPKI are incompatible with bouncycastle version 1.52 and earlier.
- When you are creating a new Kudu service using the Ranger web UI, the Test Connection button is displayed. However, the TestConnection tab is not implemented in the Kudu Ranger plugin. As a result, if you try to use it with Kudu, it fails. But that does not mean that the service is not working.