flink-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wright, Eron" <ewri...@live.com>
Subject Re: [DISCUSS] Secure Flink clusters
Date Tue, 17 May 2016 18:10:52 GMT
Thanks to all who reviewed the document.    It appears we have a good plan and I'm filing JIRA
issues accordingly.

Robert, I'm in touch with Max, Stephan, and Stefano.    I’ll update the thread when we have
a better sense of the timing.   The work will clearly span a couple of releases.

Eron


> On May 17, 2016, at 8:35 AM, Robert Metzger <rmetzger@apache.org> wrote:
> 
> Hi Eron,
> 
> thanks a lot for putting so much effort into the design document. You've
> probably spend a lot of time to come up with it!
> I have to admit that I'm not that familiar with the topic, so I probably
> need to re-read it again to digest it completely.
> 
> What are your plans for implementing the proposed changes? (time-wise and
> people-wise?) I'm asking to get an idea of when we can expect the changes
> in the master, in releases, ...
> 
> I think Stefano Baghino also had some discussions about improving Flink's
> security on the mailing list recently. Maybe you guys can sync your efforts
> and collaborate on this.
> 
> Regards,
> Robert
> 
> 
> On Fri, May 13, 2016 at 12:47 PM, Maximilian Michels <mxm@apache.org> wrote:
> 
>> Hi Eron,
>> 
>> Thank you for this comprehensive design document. Really great read.
>> I've left some minor comments.
>> 
>> +1 for breaking down the tasks into many JIRA issues; we have quite
>> some ambitious plans now :) It would be great to get some more people
>> from the community involved as well.
>> 
>> Best,
>> Max
>> 
>> On Wed, May 11, 2016 at 9:09 AM, Wright, Eron <ewright@live.com> wrote:
>>> Hello!
>>> 
>>> There’s been a few discussions lately on how to improve the Kerberos
>> support in Flink.  I’ve drafted a design document that lays out a plan to
>> support keytab-based authentication for HDFS, Kafka, and ZooKeeper.  In
>> addition, the plan contemplates secure, TLS-based communication between
>> cluster components.
>>> 
>>> The main goals are secure data access for Kerberized connectors and
>> cluster authentication to prevent unauthorized access to cluster secrets.
>>> 
>>> Here is the document:
>>> 
>> https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing
>>> 
>>> I anticipate filing a multitude of JIRAs following a design discussion.
>>  It is a big task and there will be opportunities for others in the
>> community to help.
>>> 
>>> Thanks,
>>> Eron Wright
>>> EMC
>> 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message