Hi Bryan, We (Cloudera) also planning to start deploying TLS-based clusters to production in early November. We'll do feature validation and perf benchmarks from our private fork in October.
Regards, Andor On Mon, 2022-10-03 at 13:58 -0400, Bryan Beaudreault wrote: > Hi all, > > The core work for TLS in the HBase RPC is mostly complete. With > what's been > committed so far, one can connect end-to-end with TLS between > client/server > and server/server. By default, we also enable mTLS (clients and > servers > validate the certificate and hostname at handshake). > > Here is a list of all TLS related work so far (finished and > remaining): > https://issues.apache.org/jira/browse/HBASE-26666?jql=project%20%3D%20HBASE%20AND%20labels%20%3D%20tls > > As we now have the basic functionality done, I wanted to discuss what > the > release criteria should be. We had originally discussed releasing > this in > 2.6.0, which Andrew proposed tentatively planning for mid-December. > > Beyond the code being well tested with unit tests, I've also deployed > this > end-to-end in a basic test cluster in my company's environment. I > deployed > it to an existing cluster in a rolling fashion based on the steps > described > in Andor's documentation [1]. I will be out most of October, but when > I > return in November I hope to start deploying this on some production > clusters after backporting to our main fork. > > What else would people like to see before including in a release, and > would > anyone be willing to give some testing a try themselves?
