forked from docs/doc-exports
Yang, Tong
6182f91ba8
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com> Co-authored-by: Yang, Tong <yangtong2@huawei.com> Co-committed-by: Yang, Tong <yangtong2@huawei.com>
15 lines
2.1 KiB
HTML
15 lines
2.1 KiB
HTML
<a name="mrs_01_1579"></a><a name="mrs_01_1579"></a>
|
|
|
|
<h1 class="topictitle1">Security Features</h1>
|
|
<div id="body1596164390439"><div class="section" id="mrs_01_1579__sb32ae2584cd643958c1dbb893c0e96c1"><h4 class="sectiontitle">Security Features of Flink</h4><ul id="mrs_01_1579__u51931c519146477d98abe1835333d293"><li id="mrs_01_1579__l72356036ccc64fd3a9b62111e9aaefda">All Flink cluster components support authentication.<ul class="subitemlist" id="mrs_01_1579__uc625fa523deb4d578d37fd3188bbf755"><li id="mrs_01_1579__l299ef7e579244e70add368ee1a55eeab">The Kerberos authentication is supported between Flink cluster components and external components, such as Yarn, HDFS, and ZooKeeper.</li><li id="mrs_01_1579__l2d9572f44c4b44a1902124ff17a87e6e">The security cookie authentication between Flink cluster components, for example, Flink client and JobManager, JobManager and TaskManager, and TaskManager and TaskManager, are supported.</li></ul>
|
|
</li><li id="mrs_01_1579__lbb9dd8938493494ca7bf72dd8d63f4f5">SSL encrypted transmission is supported by Flink cluster components.</li><li class="litext" id="mrs_01_1579__l6627b82ceaf243cebf63fd7d99cee546">SSL encrypted transmission between Flink cluster components, for example, Flink client and JobManager, JobManager and TaskManager, and TaskManager and TaskManager, are supported.</li><li id="mrs_01_1579__lc90c0903c5cc4a5d8b0776328f0c01ae">Following security hardening approaches for Flink web are supported:<ul class="subitemlist" id="mrs_01_1579__u6d26c4de949c47a3b86b24332adaf855"><li id="mrs_01_1579__l9ab35b6b279242a4b0ebb5086a2a11ba">Whitelist filtering. Flink web can only be accessed through Yarn proxy.</li><li id="mrs_01_1579__ld7e5f0fdb8f2420281bf5ecd415cf780">Security header enhancement.</li></ul>
|
|
</li><li id="mrs_01_1579__l814ab9f20c7845399e629d0367a8c400">In Flink clusters, ranges of listening ports of components can be configured.</li><li id="mrs_01_1579__l16ab3c89091d479186eded06ad2ca3e6">In HA mode, ACL control is supported.</li></ul>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_0593.html">Security Configuration</a></div>
|
|
</div>
|
|
</div>
|
|
|