Updated on 2022-11-18 GMT+08:00

Security Features

Security Features of Flink

  • All Flink cluster components support authentication.
    • The Kerberos authentication is supported between Flink cluster components and external components, such as Yarn, HDFS, and ZooKeeper.
    • The security cookie authentication between Flink cluster components, for example, Flink client and JobManager, JobManager and TaskManager, and TaskManager and TaskManager, are supported.
  • SSL encrypted transmission is supported by Flink cluster components.
  • SSL encrypted transmission between Flink cluster components, for example, Flink client and JobManager, JobManager and TaskManager, and TaskManager and TaskManager, are supported.
  • Following security hardening approaches for Flink web are supported:
    • Whitelist filtering. Flink web can only be accessed through Yarn proxy.
    • Security header enhancement.
  • In Flink clusters, ranges of listening ports of components can be configured.
  • In HA mode, ACL control is supported.