flink-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wright, Eron" <ewri...@live.com>
Subject Re: [DISCUSS] Secure Flink clusters
Date Wed, 18 May 2016 21:33:18 GMT
Update, the following issues were filed:

- [FLINK-3929] Support for Kerberos Authentication with Keytab Credential
- [FLINK-3930] Implement Service-Level Authorization
- [FLINK-3931] Implement Transport Encryption (SSL/TLS)
- [FLINK-3932] Implement State Backend Security

> On May 17, 2016, at 11:10 AM, Wright, Eron <ewright@live.com> wrote:
> Thanks to all who reviewed the document.    It appears we have a good plan and I'm filing
JIRA issues accordingly.
> Robert, I'm in touch with Max, Stephan, and Stefano.    I’ll update the thread when
we have a better sense of the timing.   The work will clearly span a couple of releases.
> Eron
>> On May 17, 2016, at 8:35 AM, Robert Metzger <rmetzger@apache.org> wrote:
>> Hi Eron,
>> thanks a lot for putting so much effort into the design document. You've
>> probably spend a lot of time to come up with it!
>> I have to admit that I'm not that familiar with the topic, so I probably
>> need to re-read it again to digest it completely.
>> What are your plans for implementing the proposed changes? (time-wise and
>> people-wise?) I'm asking to get an idea of when we can expect the changes
>> in the master, in releases, ...
>> I think Stefano Baghino also had some discussions about improving Flink's
>> security on the mailing list recently. Maybe you guys can sync your efforts
>> and collaborate on this.
>> Regards,
>> Robert
>> On Fri, May 13, 2016 at 12:47 PM, Maximilian Michels <mxm@apache.org> wrote:
>>> Hi Eron,
>>> Thank you for this comprehensive design document. Really great read.
>>> I've left some minor comments.
>>> +1 for breaking down the tasks into many JIRA issues; we have quite
>>> some ambitious plans now :) It would be great to get some more people
>>> from the community involved as well.
>>> Best,
>>> Max
>>> On Wed, May 11, 2016 at 9:09 AM, Wright, Eron <ewright@live.com> wrote:
>>>> Hello!
>>>> There’s been a few discussions lately on how to improve the Kerberos
>>> support in Flink.  I’ve drafted a design document that lays out a plan to
>>> support keytab-based authentication for HDFS, Kafka, and ZooKeeper.  In
>>> addition, the plan contemplates secure, TLS-based communication between
>>> cluster components.
>>>> The main goals are secure data access for Kerberized connectors and
>>> cluster authentication to prevent unauthorized access to cluster secrets.
>>>> Here is the document:
>>> https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing
>>>> I anticipate filing a multitude of JIRAs following a design discussion.
>>> It is a big task and there will be opportunities for others in the
>>> community to help.
>>>> Thanks,
>>>> Eron Wright
>>>> EMC

View raw message