You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some customers struggle to expose plain TCP to the outside of k8s world.
Also Kerberos is pain in the ***, and there is currently no other auth mechanism for HMS.
We should support Thrift over HTTP to solve both problems.
HTTP can easily be exposed (such as all other HTTP services, e.g. via an Ingress)
Users can put a basic auth / oAuth proxy / ... in front of the HTTP service
Value
Users can expose and secure stuff without Kerberos
This gives the option to switch from a (IMHO hard to protect - Kerberos) TCP protocol to the HTTP protocol.
This probably means Kerberos will stop working, but users can put some sort of LoadBalancer/Proxy in front to do the authentication instead of messing with Kerberos.
Accessibility Assessment
None
Quality
Tests with Spark and Trino
Release Notes
Support HTTP thrift transport mode for Hive metastore
The text was updated successfully, but these errors were encountered:
Support Thrift over HTTP
Description
Some customers struggle to expose plain TCP to the outside of k8s world.
Also Kerberos is pain in the ***, and there is currently no other auth mechanism for HMS.
We should support Thrift over HTTP to solve both problems.
Value
Users can expose and secure stuff without Kerberos
Dependencies
None
Tasks
Acceptance Criteria
(Information Security) Risk Assessment
This gives the option to switch from a (IMHO hard to protect - Kerberos) TCP protocol to the HTTP protocol.
This probably means Kerberos will stop working, but users can put some sort of LoadBalancer/Proxy in front to do the authentication instead of messing with Kerberos.
Accessibility Assessment
None
Quality
Tests with Spark and Trino
Release Notes
Support HTTP thrift transport mode for Hive metastore
The text was updated successfully, but these errors were encountered: