Spark for SSL - stanislawbartkowski/hdpwiredencryption GitHub Wiki

The procedure is simple and straightforward.

https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.5/configuring-spark/content/configuring_spark_for_wire_encryption.html

Keystores and trustores

Create a new keystore and truststore, self-signed or CA-signed, or reuse existing assuming that HDFS/Yarn/Tez/MapReduce wired encryption is enabled. Together with Spark wired encryption enabled, Spark History UI is also listening on secure HTTP.

Configuration

Ambari->Spark2->Configs->Advanced

All properties related to SSL should be added as new.

Custom spark2-defaults

Property Sample value
spark.ssl.enabled true
spark.ssl.keyPassword secret
spark.ssl.keyStore /etc/security/serverKeys/keystore.jks
spark.ssl.keyStorePassword secret
spark.ssl.protocol TLS
spark.ssl.trustStore /etc/security/clientKeys/allkeys.jks
spark.ssl.trustStorePassword secret
spark.ui.https.enabled true

Restart Spark2

Verify

Spark History UI is launched on secure HTTP. Make sure that in the URL the secure port is included, a default value is 18481