mikacur/MRS-operation-guide-lts
1
0
Fork 0
forked from docs/mapreduce-service
Code Pull Requests Activity
MRS-operation-guide-lts/doc/component-operation-guide-lts/source/using_flink/security_configuration/security_features.rst
proposalbot d31d5b10fe Changes to mrs_operation-guide-lts from docs/doc-exports#515 (MRS comp-lts 2.0.3 
Reviewed-by: Kacur, Michal <michal.kacur@t-systems.com>
Co-authored-by: proposalbot <proposalbot@otc-service.com>
Co-committed-by: proposalbot <proposalbot@otc-service.com>
2023-01-19 16:53:12 +00:00

1.1 KiB
Raw Permalink Blame History

original_name

mrs_01_1579.html

Security Features

Security Features of Flink

  • All Flink cluster components support authentication.
    • The Kerberos authentication is supported between Flink cluster components and external components, such as Yarn, HDFS, and ZooKeeper.
    • The security cookie authentication between Flink cluster components, for example, Flink client and JobManager, JobManager and TaskManager, and TaskManager and TaskManager, are supported.
  • SSL encrypted transmission is supported by Flink cluster components.
  • SSL encrypted transmission between Flink cluster components, for example, Flink client and JobManager, JobManager and TaskManager, and TaskManager and TaskManager, are supported.
  • Following security hardening approaches for Flink web are supported:
    • Whitelist filtering. Flink web can only be accessed through Yarn proxy.
    • Security header enhancement.
  • In Flink clusters, ranges of listening ports of components can be configured.
  • In HA mode, ACL control is supported.