(kudu) branch master updated: [docs] mention --rpc_encrypt_loopback_connections flag

[alexey]

This is an automated email from the ASF dual-hosted git repository.

alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git


The following commit(s) were added to refs/heads/master by this push:
     new a97ecd13e [docs] mention --rpc_encrypt_loopback_connections flag
a97ecd13e is described below

commit a97ecd13efefa779fc7f55a7c4eb0ec5ca6ecb10
Author: Alexey Serbin <ale...@apache.org>
AuthorDate: Wed Jun 4 10:59:02 2025 -0700

    [docs] mention --rpc_encrypt_loopback_connections flag
    
    This patch adds a mention of the --rpc_encrypt_loopback_connections
    flag to the 'Data in Transit' section, so readers are now aware that
    turning off the RPC encryption for local loopback connections isn't
    unconditional and can be customized, if necessary.
    
    Change-Id: Icdbaa6f7ec87e309e8506c9a3c216e4bdf4f9d53
    Reviewed-on: http://gerrit.cloudera.org:8080/22979
    Tested-by: Kudu Jenkins
    Reviewed-by: Abhishek Chennaka <achenn...@cloudera.com>
---
 docs/security.adoc | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/docs/security.adoc b/docs/security.adoc
index 6f5b2012c..743bf532d 100644
--- a/docs/security.adoc
+++ b/docs/security.adoc
@@ -498,10 +498,13 @@ encryption. Same as authentication, when `disabled` or 
encryption fails for
 and reject any unencrypted connections from publicly routable IPs. To secure a
 cluster, use `--rpc_encryption=required`.
 
-NOTE: Kudu will automatically turn off encryption on local loopback 
connections,
-since traffic from these connections is never exposed externally. This allows
-locality-aware compute frameworks like Spark and Impala to avoid encryption
-overhead, while still ensuring data confidentiality.
+NOTE: Kudu automatically turns off encryption on local RPC connections that
+are established over a loopback network interface because traffic from such
+connections is never exposed externally. This allows locality-aware compute
+frameworks like Spark and Impala to avoid encryption overhead, while still
+ensuring data confidentiality. If necessary, one can customize the setting of
+the `--rpc_encrypt_loopback_connections` flag for Kudu masters and tablet
+servers to encrypt RPC traffic going through loopback network interfaces.
 
 === Data at Rest
 It's also possible to encrypt data at rest. Kudu supports *AES-128-CTR*,