Known Issues in Apache Knox

Learn about the known issues in Knox, the impact or changes to the functionality, and the workaround.

CDPD-3125: Logging out of Atlas does not manage the external authentication

At this time, Atlas does not communicate a log-out event with the external authentication management, Apache Knox. When you log out of Atlas, you can still open the instance of Atlas from the same web browser without re-authentication.

To prevent additional access to Atlas, close all browser windows and exit the browser.

CDPD-60376: Cloud loadbalancer takes 20-30 secs to failover to the next available knox host

If Knox is in HA and one of the Knox server is down, then accessing of service via Control plane endpoint url(i.e. via cloud loadbalancer) will take ~ 30secs to failover the request to available knox instance .

Retry the request after 30 seconds.

CDPD-64652: During CDH + OS rolling upgrade knox admin api access fails with 403 ACL authorization failures

During OS upgrades, attempts to access Knox on the host being upgraded may produce occasional 403 HTTP responses.

Since the cause is the unavailability of underlying OS service(s), wait and retry the failed request(s).

CDPD-60630: Knox redirecting Yarn Node Manager URLs to http instead of https

While viewing the yarn application logs on YARN RM UI via Knox, we can see that Knox is redirecting the NM URL to HTTP instead of HTTPS, as YARN is running on TLS/SSL.

https://<knox-gateway>/gateway/cdp-proxy/yarn/nodemanager/node?scheme=http&host=some.url&port=8044

Change scheme=https in the URL, and the page loads without issues.