Is my conclusion correct? We cannot tell zookeeper to only accept connections from a given IP range. Rather, we must restrict access to znodes within zookeeper. Each znode has its own ACL.
There is no inheriting from parent, no way to globally restrict access. It must be done on a znode by znode basis. There's no configuration file where we can tell zookeeper to only accept connections from 10.0.0.0/16, for example. If we want to do that on a global basis, a firewall rule is a better solution than setting it on every node. -- Dan Langille - BSDCan / PGCon [email protected]
