[jira] [Commented] (FLINK-21108) Flink runtime rest server and history server webmonitor do not require authentication.

Till Rohrmann (Jira) Wed, 27 Jan 2021 09:10:07 -0800


    [ 
https://issues.apache.org/jira/browse/FLINK-21108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17273006#comment-17273006
 ]


Till Rohrmann commented on FLINK-21108:
---------------------------------------

One way to limit the access to real servers is to not expose the Flink services 
to the outside world. E.g. one could use ClusterIP as the service type. 
Alternatively, one can activate the SSL encryption for the REST endpoint and 
only exchange secrets with the proxy.

> Flink runtime rest server and history server webmonitor do not require 
> authentication.
> --------------------------------------------------------------------------------------
>
>                 Key: FLINK-21108
>                 URL: https://issues.apache.org/jira/browse/FLINK-21108
>             Project: Flink
>          Issue Type: New Feature
>          Components: Runtime / REST, Runtime / Web Frontend
>            Reporter: Xiaoguang Sun
>            Priority: Major
>              Labels: pull-request-available
>
> Flink runtime rest server and history server webmonitor do not require 
> authentication. At certain scenarios, prohibiting unauthorized access is 
> desired. Http basic authentication can be used here.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (FLINK-21108) Flink runtime rest server and history server webmonitor do not require authentication.

Reply via email to