12-04-2018 07:03 AM - edited 12-04-2018 07:04 AM
Unfortunately the answer to your question is, no. It will not be easier or better to rely soley on TLS termination on a reverse proxy. For most balancing/proxying algorithims, hardware, and software we recommend TCP Passthrough which means that all Hadoop services must still have TLS properly deployed as well as enabled.
If you cluster is accessible by any external network we would advise that you properly deploy both Kerberos and TLS on your cluster.