Sure, I can see a feature that maps an incoming request domain to a particular topology. Feel free to file a JIRA for it and even provide a patch.
Make sure to provide enough details of the usecase in the JIRA. On Tue, Sep 5, 2017 at 5:37 AM, Benjamin Tan <[email protected]> wrote: > Hello Larry, > > Thanks very much for your detail guide. > > We already designed a similar deployment, but want give more convenience > for user. > > Now the access path seems: > tenant-doamin.com -> apache virtual host -> proxy to tenant-topology's > port -> tenant-topology > > If Knox support some feature like domain mapping, the access path will be: > tenant-doamin.com -> tenant-topology > > Does let knox support domain mapping make sense? > > On Mon, Sep 4, 2017 at 10:20 AM larry mccay <[email protected]> wrote: > >> There is no need for a separate reverse proxy in front of Knox - other >> than for load balancing if desired. >> >> Basically, the typical approach for multi-tenant deployments is to: >> >> 1. dedicate specific topologies to each tenant >> 2. have each topology authenticate against a specific LDAP server or some >> tenant specific OU within a single LDAP schema >> 3. have OS accounts for each user that is unique per tenant >> 4. use identity assertion providers to disambiguate the tenant by >> appending a tenant id or the like to the user name to match the tenant >> specific username in #3 >> 5. you could use port mapping to remove the extra path >> "gateway/tenant-topology" from the tenant specific URLs >> >> HTH >> >> --larry >> >> On Sun, Sep 3, 2017 at 9:34 PM, Benjamin Tan <[email protected]> wrote: >> >>> Hello Sandeep, >>> >>> Thanks for your information. >>> >>> In our use case, we are designing hadoop security solution for a big >>> telecom company, and it have many corporation customers(tenant), so we try >>> to supply an unique access domain for every tenant, such as >>> cust1.the-hadoop-domain.com, cust2.the-hadoop-domain.com or their's >>> customized domain using CNAME. >>> >>> I have got some information about topology port mapping from 0.13.0, but >>> it seems have to deploy a reverse proxy before knox. >>> >>> In my opinion, many users of knox have the need to support tenant >>> deployment. >>> >>> >>> On Fri, Sep 1, 2017 at 12:23 AM Sandeep More <[email protected]> >>> wrote: >>> >>>> Hello Tan, >>>> >>>> Can you describe your use case in more detail so I could answer it more >>>> accurately. About, virtual hosts we do not have a virtual host concept in >>>> Knox, although we we have Topology Port mapping >>>> <http://knox.apache.org/books/knox-0-13-0/user-guide.html#Topology+Port+Mapping> >>>> feature >>>> (0.13.0) which uses virtual hosts under the hood. Let me know if that >>>> interests you. >>>> >>>> Best, >>>> Sandeep >>>> >>>> On Wed, Aug 30, 2017 at 11:48 PM, Benjamin Tan <[email protected]> >>>> wrote: >>>> >>>>> I have to deploy many topologies, and don't know how to set access >>>>> domain for every topology. >>>>> >>>>> Or knox doesn't support the feature like virtual host in apache >>>>> mod_proxy? >>>>> >>>>> Thanks. >>>>> >>>> >>>> >>
