You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@flink.apache.org by Sampath Bhat <sa...@gmail.com> on 2018/04/06 06:37:08 UTC
Flink Client job submission through SSL
Hello
I would like to know if the job submission through flink command line say
./bin/flink run <jar/path>
can be authenticated. Like if SSL is enabled then will the job submission
require SSL certificates. But I don't see any behavior as such. Simple
flink run is able to submit the job even if SSL is enabled.
Can the flink job submission be guarded by Kerberos, KeyCloak.
Regards
Sampath
Re: Flink Client job submission through SSL
Posted by Shuyi Chen <su...@gmail.com>.
You need to set the following flag in flink-conf.yaml:
security.kerberos.login.keytab and security.kerberos.login.principal.
Please refer to this link
<https://ci.apache.org/projects/flink/flink-docs-release-1.4/ops/config.html#kerberos-based-security>
for more detail.
Thanks
Shuyi
On Fri, Apr 6, 2018 at 4:22 AM, Sampath Bhat <sa...@gmail.com>
wrote:
> Hi Chen
>
> The link you shared does not speak about flink job submission and Kerberos
> interaction. It only speaks about kerberos support for HDFS, zookeeper,
> kafka and YARN.
> Even if Flink supports Kerberos authentication for job submission through
> command line client then how should i pass the kerberos credentials (keytab
> and principal) to the flink client?
>
> On Fri, Apr 6, 2018 at 12:56 PM, Shuyi Chen <su...@gmail.com> wrote:
>
>> Hi Sampath,
>>
>> Yes, Flink support Kerberos authentication for job submission. You can
>> take a look at the document here for more detail (
>> https://ci.apache.org/projects/flink/flink-docs-release-1.4
>> /ops/security-kerberos.html).
>>
>> Also, please make sure to use Flink release 1.4.1 or above, because there
>> is some regression in previous versions that your job might fail after
>> deploying to secure YARN.
>>
>> Thanks
>> Shuyi
>>
>> On Thu, Apr 5, 2018 at 11:37 PM, Sampath Bhat <sa...@gmail.com>
>> wrote:
>>
>>> Hello
>>>
>>> I would like to know if the job submission through flink command line
>>> say
>>> ./bin/flink run <jar/path>
>>> can be authenticated. Like if SSL is enabled then will the job
>>> submission require SSL certificates. But I don't see any behavior as such.
>>> Simple flink run is able to submit the job even if SSL is enabled.
>>>
>>> Can the flink job submission be guarded by Kerberos, KeyCloak.
>>>
>>> Regards
>>> Sampath
>>>
>>>
>>>
>>
>>
>> --
>> "So you have to trust that the dots will somehow connect in your future."
>>
>
>
--
"So you have to trust that the dots will somehow connect in your future."
Re: Flink Client job submission through SSL
Posted by Sampath Bhat <sa...@gmail.com>.
Hi Chen
The link you shared does not speak about flink job submission and Kerberos
interaction. It only speaks about kerberos support for HDFS, zookeeper,
kafka and YARN.
Even if Flink supports Kerberos authentication for job submission through
command line client then how should i pass the kerberos credentials (keytab
and principal) to the flink client?
On Fri, Apr 6, 2018 at 12:56 PM, Shuyi Chen <su...@gmail.com> wrote:
> Hi Sampath,
>
> Yes, Flink support Kerberos authentication for job submission. You can
> take a look at the document here for more detail (
> https://ci.apache.org/projects/flink/flink-docs-release-1.
> 4/ops/security-kerberos.html).
>
> Also, please make sure to use Flink release 1.4.1 or above, because there
> is some regression in previous versions that your job might fail after
> deploying to secure YARN.
>
> Thanks
> Shuyi
>
> On Thu, Apr 5, 2018 at 11:37 PM, Sampath Bhat <sa...@gmail.com>
> wrote:
>
>> Hello
>>
>> I would like to know if the job submission through flink command line say
>> ./bin/flink run <jar/path>
>> can be authenticated. Like if SSL is enabled then will the job submission
>> require SSL certificates. But I don't see any behavior as such. Simple
>> flink run is able to submit the job even if SSL is enabled.
>>
>> Can the flink job submission be guarded by Kerberos, KeyCloak.
>>
>> Regards
>> Sampath
>>
>>
>>
>
>
> --
> "So you have to trust that the dots will somehow connect in your future."
>
Re: Flink Client job submission through SSL
Posted by Shuyi Chen <su...@gmail.com>.
Hi Sampath,
Yes, Flink support Kerberos authentication for job submission. You can take
a look at the document here for more detail (https://ci.apache.org/
projects/flink/flink-docs-release-1.4/ops/security-kerberos.html).
Also, please make sure to use Flink release 1.4.1 or above, because there
is some regression in previous versions that your job might fail after
deploying to secure YARN.
Thanks
Shuyi
On Thu, Apr 5, 2018 at 11:37 PM, Sampath Bhat <sa...@gmail.com>
wrote:
> Hello
>
> I would like to know if the job submission through flink command line say
> ./bin/flink run <jar/path>
> can be authenticated. Like if SSL is enabled then will the job submission
> require SSL certificates. But I don't see any behavior as such. Simple
> flink run is able to submit the job even if SSL is enabled.
>
> Can the flink job submission be guarded by Kerberos, KeyCloak.
>
> Regards
> Sampath
>
>
>
--
"So you have to trust that the dots will somehow connect in your future."