Configuring TLS/SSL encryption for Kudu
Kudu allows you to use TLS to encrypt all communications among servers, and between clients and servers.
Configure
TLS encryption on Kudu servers using the
--rpc_encryption
flag, which can be set to one of the following options:-
required
- Kudu will reject unencrypted connections. -
optional
- Kudu will attempt to use encryption, but will allow unencrypted connections. -
disabled
- Kudu will not use encryption.
optional
. To secure your cluster, set --rpc_encryption
to required
. Web UI encryption
The Kudu web UI can be configured to use secure HTTPS encryption by providing each server
with TLS certificates. Use the --webserver_certificate_file
and --webserver_private_key_file
properties to specify the certificate and private
key to be used for communication.
Alternatively, you can choose to completely disable the web UI by
setting --webserver_enabled
flag to false
on the Kudu servers.