...
Topology example is included in Appendix (UC1 Topology example)
...
UC2: SSO
For interactive browser access to k8s services KnoxSSO can be used. To enable SSO, ingress needs to check for knox-issued cookie (hadoop-jwt) if the cookie is not present then ingress will redirect the request to Knox SSO topology. This topology asserts the user's identity by issuing a redirect to a configured SAML provider. Upon success, Knox adds a signed JWT token and redirects the browser back to the original requested endpoint.
...
UC3: Websocket Applications
Initial POC testing with Tornado - Demo Websockets App suggests that UIs with websocket work with Knox as an external authorizer. This is needed for applications such as Zeppelin.
...
UC4: gRPC
gRPC protocol is not yet supported.
...
UC5: Intracluster / Intercluster
Apache Knox can also be used for service to service or cluster to communication.
...