Configuring gRPC With TLS

Ozone traffic may be transferred via gRPC (e.g., Ratis write pipeline or client reading blocks from Datanode). To enable TLS for gRPC traffic, set hdds.grpc.tls.enabled to true. This encrypts communication between Ozone services that use gRPC.

Configuration

Add the following property to your ozone-site.xml configuration file:

<property>
  <name>hdds.grpc.tls.enabled</name>
  <value>true</value>
  <description>Enable TLS for gRPC traffic</description>
</property>

For information on protecting other types of in-transit traffic in Ozone, see:

Hadoop RPC Encryption - For client-to-Ozone Manager communication
Default Ports - For details on network ports and transport types

Configuration​

Related Configuration​

Configuration

Related Configuration