Kudu security limitations

Here are some limitations related to data encryption and authorization in Kudu.

  • Kudu uses an internal PKI system to issue X.509 certificates to servers in the cluster. As a result, you cannot run Kudu with public IPs.
  • Server certificates generated by Kudu IPKI are incompatible with bouncycastle version 1.52 and earlier.

  • When you are creating a new Kudu service using the Ranger web UI, the Test Connection button is displayed. However, the TestConnection tab is not implemented in the Kudu Ranger plugin. As a result, if you try to use it with Kudu, it fails. But that does not mean that the service is not working.