Configuring a secure Kudu cluster using
You can configure a secure Kudu cluster using For
that you need enabled Kerberos authentication and RPC encryption, configure coarse-grained
authorization, and configure HTTPS encryption. Optionally you can configure custom Kerberos
principal, TLS/SSL encryption or fine-grained authorization using Ranger.
Enabling Kerberos authentication and RPC encryption You must already have a secure cluster with Kerberos authentication enabled.Configuring custom Kerberos principal for Kudu You can configure a custom Kerberos principal for Kudu using .Configuring coarse-grained authorization with ACLs The coarse-grained authorization can be configured with the following two ACLs: the Superuser Access Control List and the User Access Control List. The Superuser ACL is the list of all the superusers that can access the cluster. User-level access can be controlled by using the User ACL. By default, all the users can access the clusters. But when you enable authentication using Kerberos, only the users who are able to authenticate successfully can access the cluster.Configuring TLS/SSL encryption for Kudu using TLS/SSL encryption is enabled between Kudu servers and clients by default. You can enable TLS/SSL encryption for Kudu web UIs or configure the encryption using .Enabling Ranger authorization You can configure fine-grained authorization using Apache Ranger. This topic provides the steps to enable Kudu's integration with Ranger from .Configuring HTTPS encryption Lastly, you enable TLS/SSL encryption (over HTTPS) for browser-based connections to both the Kudu master and tablet server web UIs.Configuring data at rest encryption You can enable data at rest encryption using However, you can enable it only for a fresh installation and once Kudu directories exist on the cluster you cannot disable the encryption.