vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide-lts/mrs_01_1579.html
Yang, Tong 3f5759eed2 MRS comp-lts 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2023-01-19 17:08:45 +00:00

2.5 KiB
Raw Permalink Blame History

Security Features

Security Features of Flink

  • All Flink cluster components support authentication.
    • The Kerberos authentication is supported between Flink cluster components and external components, such as Yarn, HDFS, and ZooKeeper.
    • The security cookie authentication between Flink cluster components, for example, Flink client and JobManager, JobManager and TaskManager, and TaskManager and TaskManager, are supported.
  • SSL encrypted transmission is supported by Flink cluster components.
  • SSL encrypted transmission between Flink cluster components, for example, Flink client and JobManager, JobManager and TaskManager, and TaskManager and TaskManager, are supported.
  • Following security hardening approaches for Flink web are supported:
    • Whitelist filtering. Flink web can only be accessed through Yarn proxy.
    • Security header enhancement.
  • In Flink clusters, ranges of listening ports of components can be configured.
  • In HA mode, ACL control is supported.
Parent topic: Security Configuration