heron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sanjeev Kulkarni <sanjee...@gmail.com>
Subject Inter-Container Encryption in Heron
Date Thu, 14 Sep 2017 22:11:21 GMT
Hi all,
I believe at-least one current user of Heron is interested in encrypting
their inter-container data flow within a Heron topology.  Since
inter-container traffic is between stmgrs, and because stmgrs use libevent
bufferevents for their transport, adding ssl in transport layer between
stmgrs is fairly straightforward.
The bigger question is how credentials are managed/transferred/stored. One
approach would to pass the public/private key as an argument to the heron
cli while submitting the job. These will be stored in the uploader
alongside topology jars and downloaded by the containers upon start. The
one issue with this approach is that the keys need to be secured by the
uploader.
I believe Kubernetes has provision for keeping secrets for jobs, but it
might not be portable to other scheduler environments. A way around this
would be to create an spi for keeping secrets in heron/spi, but not sure
what others feel about this.
Any other ideas?

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message