[ https://issues.apache.org/jira/browse/IMPALA-10010?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thomas Tauber-Marshall resolved IMPALA-10010. --------------------------------------------- Fix Version/s: Impala 4.0 Resolution: Fixed > Allow unathenticated access to some webui endpoints > --------------------------------------------------- > > Key: IMPALA-10010 > URL: https://issues.apache.org/jira/browse/IMPALA-10010 > Project: IMPALA > Issue Type: Task > Components: Clients > Reporter: Thomas Tauber-Marshall > Assignee: Thomas Tauber-Marshall > Priority: Major > Fix For: Impala 4.0 > > > Currently, when security is turned on for the webui, eg. with > --webserver_require_ldap or --webserver_require_spnego, authentication is > applied to all webui endpoints. > However, there are some endpoints that expose low-sensitivity info, eg. > /healthz, and which are scraped by other systems that it may be difficult to > get credentials to in order to be able to authenticate, eg. a Kubernetes > health check or prometheus monitoring. It would be useful to provide a way to > allow unauthenticated access to those endpoints. > One option would be to run another instance of the webserver on another port. > This instance could be unsecured and only expose a few low-sensitivity > endpoints. This would allow for a configuration where Impala is run in a > private network and the main webserver port could be exposed externally, eg. > through an nginx gateway, while keeping the port for the second webserver > only available to internal systems. -- This message was sent by Atlassian Jira (v8.3.4#803005)