Apache Knox

Apache Knox is a gateway designed to provide secure access to REST APIs and web interfaces of Apache Hadoop clusters. It acts as a reverse proxy, offering perimeter security, authentication, and simplified access management for enterprise Hadoop deployments.

Features

• Reverse Proxy Architecture: Centralized access point for REST APIs and UIs across Hadoop clusters.
• Authentication Services: Supports LDAP, Kerberos, SAML, OAuth, Header-based PreAuth, and KnoxSSO.
• Federation and SSO: Integrates with enterprise identity providers using KnoxSSO and Pac4J.
• Authorization: ACL-based access control using user, group, and IP rules.
• Audit Logging: Tracks user actions and access events using Log4j-based auditing.
• Topology-Based Configuration: Cluster definitions and policies managed via topology descriptors.
• Client Services: Includes KnoxShell for scripting and SDK-based development.
• UI Proxying: Supports proxying of Hadoop ecosystem UIs like Ambari, HBase, Spark, and Zeppelin.

Capabilities

• Multi-Cluster Support: Manages access to multiple Hadoop clusters through a unified gateway.
• Policy Enforcement: Modular provider chain for authentication, authorization, audit, and content rewriting.
• Service Discovery: Dynamically routes requests based on cluster topology and service definitions.
• Custom API Integration: Easily extendable to support new or custom REST APIs.
• Secure Token Management: KnoxSSO provides secure, normalized tokens for WebSSO.
• Streaming Architecture: Built on JEE Servlet Filters for efficient request processing.
• Docker Deployment: Ships with Docker images for gateway and LDAP demo environments.

Benefits

• Security: Protects internal cluster details and enforces enterprise-grade authentication and authorization.
• Simplified Access: Reduces complexity by centralizing access to Hadoop services and UIs.
• Extensibility: Easily integrates new services and identity providers through pluggable architecture.
• Scalability: Supports growing Hadoop environments with flexible topology and service definitions.
• Compliance: Enables auditing and policy enforcement for regulatory and operational requirements.
• Developer Productivity: KnoxShell and SDK simplify client-side development and automation.