Configure a secure Kudu cluster using flag safety valves
You should set the configuration parameters on all the servers (master and tablet servers) to ensure that a Kudu cluster is secure.
# Connection Security #-------------------- --rpc_authentication=required --rpc_encryption=required --keytab_file=<path-to-kerberos-keytab> # Web UI Security #-------------------- --webserver_certificate_file=<path-to-cert-pem> --webserver_private_key_file=<path-to-key-pem> # optional --webserver_private_key_password_cmd=<password-cmd> # If you prefer to disable the web UI entirely: --webserver_enabled=false # Coarse-grained authorization #-------------------------------- # This example ACL setup allows the 'impala' user as well as the # 'etl_service_account' principal access to all data in the # Kudu cluster. The 'hadoopadmin' user is allowed to use administrative # tooling. Note that by granting access to 'impala', other users # may access data in Kudu via the Impala service subject to its own # authorization rules. --user_acl=impala,etl_service_account --admin_acl=hadoopadmin
More information about these flags can be found in the configuration reference documentation.