Securing Alluxio

This section provides comprehensive guidance on securing your Alluxio cluster. It covers encryption, authentication, authorization, and auditing to ensure your data is protected at every level.

Securing Alluxio with TLS

Learn how to encrypt data in transit using Transport Layer Security (TLS). This guide covers generating certificates, configuring TLS for internal cluster communication (Coordinators and Workers), securing the S3 API and Gateway endpoints, and deploying a TLS-enabled cluster in a Kubernetes environment.

Learn more about Securing Alluxio with TLS ...

Enabling Authentication

This guide explains how to verify the identity of users and services accessing Alluxio. It focuses on the recommended token-based authentication method using OpenID Connect (OIDC), detailing how to integrate with an external Identity Provider (IdP) to secure the Gateway, S3 API, and Hadoop FileSystem interfaces.

Learn more about Enabling Authentication ...

Enabling Authorization

Discover how to enforce access control policies for both data and management operations. This document outlines a powerful dual-integration strategy:

Apache Ranger: For fine-grained, centralized control over data access via the S3 and Hadoop FS APIs.
Open Policy Agent (OPA): For sophisticated, policy-based authorization of administrative actions through the Gateway API.

Learn more about Enabling Authorization ...

Enabling Audit Log

Understand how to track and record activities within your cluster for security and compliance. This guide details how to enable and configure audit logging to capture structured, JSON-formatted logs for management operations and data access events across S3, HDFS, and FUSE interfaces.

Learn more about Enabling Audit Log ...

Last updated 21 hours ago