I believe that to really protect the cluster from unauthorized use requires
that the cluster endpoints (notably Akka) perform an authorization check. The
'secure flink’ design doc outlines various measures to achieve that.
Stefano I’ll reach out to have a sync-up meeting and to incorporate your
I'm not sure if doing the check in the CliFrontend is really effective. A
"hacker" could just create a custom flink build without that check and
still submit a job to the job manager.
On Thu, May 5, 2016 at 2:51 PM, Stefano Baghino <
stefano.bagh...@radicalbit.io> wrote:
> Apologies for being t
Apologies for being too generic: with "secure" cluster I mean a Flink
cluster that has been launched with Kerberos credentials (both on YARN or
with the standalone scheduler), thus having access to resources on the
cluster that require authentication (like HDFS).
Without having to run jobs on beha
Hi Stefano,
what exactly do you mean by a secure cluster?
A Flink on YARN session in a secured YARN cluster?
A standalone Flink cluster with access to a secured HDFS?
Your observation is right. We are not check if a job submitted by any user
is running in the same security context as the Flink cl
Hello everybody,
last week I've run some tests on a secure cluster and I noticed that an
unauthenticated user can submit a Flink job that will only eventually fail
if the job tries to access secured resources (e.g. HDFS). This doesn't
prevent however the user to consume resources of the secure clu
