flink-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Metzger <rmetz...@apache.org>
Subject Re: [DISCUSS] Secure Flink clusters
Date Tue, 17 May 2016 15:35:34 GMT
Hi Eron,

thanks a lot for putting so much effort into the design document. You've
probably spend a lot of time to come up with it!
I have to admit that I'm not that familiar with the topic, so I probably
need to re-read it again to digest it completely.

What are your plans for implementing the proposed changes? (time-wise and
people-wise?) I'm asking to get an idea of when we can expect the changes
in the master, in releases, ...

I think Stefano Baghino also had some discussions about improving Flink's
security on the mailing list recently. Maybe you guys can sync your efforts
and collaborate on this.

Regards,
Robert


On Fri, May 13, 2016 at 12:47 PM, Maximilian Michels <mxm@apache.org> wrote:

> Hi Eron,
>
> Thank you for this comprehensive design document. Really great read.
> I've left some minor comments.
>
> +1 for breaking down the tasks into many JIRA issues; we have quite
> some ambitious plans now :) It would be great to get some more people
> from the community involved as well.
>
> Best,
> Max
>
> On Wed, May 11, 2016 at 9:09 AM, Wright, Eron <ewright@live.com> wrote:
> > Hello!
> >
> > There’s been a few discussions lately on how to improve the Kerberos
> support in Flink.  I’ve drafted a design document that lays out a plan to
> support keytab-based authentication for HDFS, Kafka, and ZooKeeper.  In
> addition, the plan contemplates secure, TLS-based communication between
> cluster components.
> >
> > The main goals are secure data access for Kerberized connectors and
> cluster authentication to prevent unauthorized access to cluster secrets.
> >
> > Here is the document:
> >
> https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing
> >
> > I anticipate filing a multitude of JIRAs following a design discussion.
>   It is a big task and there will be opportunities for others in the
> community to help.
> >
> > Thanks,
> > Eron Wright
> > EMC
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message