Details
-
Improvement
-
Status: Patch Available
-
Major
-
Resolution: Unresolved
-
3.3.0
-
None
Description
- Presently when jobs are run in the Hadoop ecosystem, the implicit assumption is that YARN will be used as a scheduling agent with access to appropriate keytabs for renewal of kerberos tickets and delegation tokens.
- Jobs that interact with kerberized hadoop services such as hbase/hive/hdfs and use an external scheduler such as Kubernetes, typically do not have access to keytabs. In such cases, delegation tokens are a logical choice for interacting with a kerberized cluster. These tokens are issued based on some external auth mechanism (such as Kube LDAP authentication).
Attachments
Attachments
Issue Links
- links to