Support Questions
Find answers, ask questions, and share your expertise

How to connect to Kerberos HDP through kubernetes

Explorer

I am trying to connect to Hive services on HDP-3.1.0 kerberose cluster through Superset Application using Hive Connection String
hive://hive@xx.xx.xx.xx:10000/test?auth=KERBEROS&kerberos_service_name=hive

We have tried by adding conf files and keytab files inside /etc/and /etc/security/keytab in master as well as worker node but issue still persist

We tried adding the same in container but we don't have root access to add those files.

Below is the kubernetes cluster version information for ubuntu

Client Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.2", GitCommit:"cff46ab41ff0bb44d8584413b598ad8360ec1def", GitTreeState:"clean", BuildDate:"2019-01-10T23:35:51Z", GoVersion:"go1.11.4", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.3", GitCommit:"721bfa751924da8d1680787490c54b9179b1fed0", GitTreeState:"clean", BuildDate:"2019-02-01T20:00:57Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"}

We are facing below issue

ERROR: {"error": "Connection failed!\n\nThe error message returned was:\nCould not start SASL: b'Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000))'"}
1 REPLY 1

Re: How to connect to Kerberos HDP through kubernetes

Mentor

@Swapnil Sonawane

Your problem seems to be vast! The /etc/security/keytabs should be mounted as persistent volumes PVC stateful or use secrets to mount the files.

You will need to share your deployment.yaml or whatever config HELM or other you are using,