The Kudu Spark connector doesn't currently take advantage of the provided keytab and principal, if it's available. This is typical when Spark is in cluster mode with Yarn. As a result, the driver will fail to connect to a secured Kudu cluster with the following error:
17/05/08 16:59:01 ERROR client.TabletClient: [Peer master-kudu-spark-secure-1.gce.cloudera.com:7051] Unexpected exception from downstream on [id: 0x3edb20f5, /172.31.113.23:48366 => kudu-spark-secure-1.gce.cloudera.com/172.31.113.22:7051]
java.lang.RuntimeException: java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
The fix is to explicitly kinit with the principal and keytab passed to the job.