Configuring TLS/SSL encryption for Kudu

Kudu allows you to use TLS to encrypt all communications among servers, and between clients and servers.

Configure TLS encryption on Kudu servers using the --rpc_encryption flag, which can be set to one of the following options:
  • required - Kudu will reject unencrypted connections.
  • optional - Kudu will attempt to use encryption, but will allow unencrypted connections.
  • disabled - Kudu will not use encryption.
By default, the flag is set to optional. To secure your cluster, set --rpc_encryption to required.

Web UI encryption

The Kudu web UI can be configured to use secure HTTPS encryption by providing each server with TLS certificates. Use the --webserver_certificate_file and --webserver_private_key_file properties to specify the certificate and private key to be used for communication.

Alternatively, you can choose to completely disable the web UI by setting --webserver_enabled flag to false on the Kudu servers.