flink-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shuyi Chen <suez1...@gmail.com>
Subject Re: Flink Client job submission through SSL
Date Fri, 06 Apr 2018 18:24:33 GMT
You need to set the following flag in flink-conf.yaml:
security.kerberos.login.keytab and security.kerberos.login.principal.

Please refer to this link
<https://ci.apache.org/projects/flink/flink-docs-release-1.4/ops/config.html#kerberos-based-security>
for more detail.

Thanks
Shuyi

On Fri, Apr 6, 2018 at 4:22 AM, Sampath Bhat <sam414255path@gmail.com>
wrote:

> Hi Chen
>
> The link you shared does not speak about flink job submission and Kerberos
> interaction. It only speaks about kerberos support for HDFS, zookeeper,
> kafka and YARN.
> Even if Flink supports Kerberos authentication for job submission through
> command line client then how should i pass the kerberos credentials (keytab
> and principal) to the flink client?
>
> On Fri, Apr 6, 2018 at 12:56 PM, Shuyi Chen <suez1224@gmail.com> wrote:
>
>> Hi Sampath,
>>
>> Yes, Flink support Kerberos authentication for job submission. You can
>> take a look at the document here for more detail (
>> https://ci.apache.org/projects/flink/flink-docs-release-1.4
>> /ops/security-kerberos.html).
>>
>> Also, please make sure to use Flink release 1.4.1 or above, because there
>> is some regression in previous versions that your job might fail after
>> deploying to secure YARN.
>>
>> Thanks
>> Shuyi
>>
>> On Thu, Apr 5, 2018 at 11:37 PM, Sampath Bhat <sam414255path@gmail.com>
>> wrote:
>>
>>> Hello
>>>
>>> I would like to know if the job submission through flink command line
>>> say
>>> ./bin/flink run <jar/path>
>>> can be authenticated. Like if SSL is enabled then will the job
>>> submission require SSL certificates. But I don't see any behavior as such.
>>> Simple flink run is able to submit the job even if SSL is enabled.
>>>
>>> Can the flink job submission  be guarded by Kerberos, KeyCloak.
>>>
>>> Regards
>>> Sampath
>>>
>>>
>>>
>>
>>
>> --
>> "So you have to trust that the dots will somehow connect in your future."
>>
>
>


-- 
"So you have to trust that the dots will somehow connect in your future."

Mime
View raw message