Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to connect to Kerberos HDP through kubernetes

Highlighted

How to connect to Kerberos HDP through kubernetes

New Contributor

I am trying to connect to Hive services on HDP-3.1.0 kerberose cluster through Superset Application using Hive Connection String
hive://hive@xx.xx.xx.xx:10000/test?auth=KERBEROS&kerberos_service_name=hive

We have tried by adding conf files and keytab files inside /etc/and /etc/security/keytab in master as well as worker node but issue still persist

We tried adding the same in container but we don't have root access to add those files.

Below is the kubernetes cluster version information for ubuntu

Client Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.2", GitCommit:"cff46ab41ff0bb44d8584413b598ad8360ec1def", GitTreeState:"clean", BuildDate:"2019-01-10T23:35:51Z", GoVersion:"go1.11.4", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.3", GitCommit:"721bfa751924da8d1680787490c54b9179b1fed0", GitTreeState:"clean", BuildDate:"2019-02-01T20:00:57Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"}

We are facing below issue

ERROR: {"error": "Connection failed!\n\nThe error message returned was:\nCould not start SASL: b'Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000))'"}
1 REPLY 1

Re: How to connect to Kerberos HDP through kubernetes

Mentor

@Swapnil Sonawane

Your problem seems to be vast! The /etc/security/keytabs should be mounted as persistent volumes PVC stateful or use secrets to mount the files.

You will need to share your deployment.yaml or whatever config HELM or other you are using,