Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Now Live: Explore expert insights and technical deep dives on the new Cloudera Community BlogsRead the Announcement

Can Apache Hadoop run reliably inside Istio service mesh with mTLS enabled?

Labels:
avatar
author-rank KPG1
Contributor

Created on ‎12-29-2025 01:22 AM - edited ‎12-29-2025 01:37 AM

Hi Everyone,

We are evaluating whether Apache Hadoop can run inside an Istio service mesh and would like to understand if this is a supported or practical setup.

Our environment:

Hadoop cluster running on physical machines (bare metal)

No Kerberos

Istio is mandatory

Istio mTLS must be enabled

Hadoop services (NameNode, DataNode, YARN, etc.) would need to communicate through Istio

Our concerns:

Hadoop uses long-lived TCP connections and custom RPC protocols

Istio mTLS intercepts and terminates connections

Unsure if Hadoop components work reliably behind Envoy proxies

Uncertain about the performance and stability impact

Questions:

Has anyone successfully run Hadoop inside Istio with mTLS enabled?

Is this officially supported or just theoretically possible?

Are there known limitations or failure cases (HDFS, YARN, shuffle, etc.)?

Any real-world experience or guidance would be greatly appreciated.

Thanks!

18 Views
0 Kudos
0 REPLIES 0
Announcements
Community Announcements
Announcing the Launch of Cloudera Community Blogs
Community Announcements
October / November 2025 Community Highlights
What's New @ Cloudera
Announcing Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
Announcing Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
Welcome to the Cloudera Community!
View More Announcements