Github user StephanEwen commented on a diff in the pull request:
https://github.com/apache/flink/pull/2425#discussion_r86548851
--- Diff: docs/setup/yarn_setup.md ---
@@ -134,6 +140,14 @@ Flink on YARN will only start all requested containers
if enough resources are a
some account also for the number of vcores. By default, the number of
vcores is equal to the processing slots (`-s`) argument. The
`yarn.containers.vcores` allows overwriting the
number of vcores with a custom value.
+### Service Authorization using Secure Cookie
+
+If service authorization for the cluster components (Akka, Blob Service,
Web UI) is enabled, you could pass the secure cookie value as command line
argument (-k or --cookie) instead of hardcoding the value in Flink
configuration file.
--- End diff --
I would link to the main security docs from here.
A crucial thing to point out here is that when users use this with YARN
sessions, all jobs running in that session will use the same cookie. The cookie
is a "per-cluster" or "per-processes" parameter.
Please add that for proper security between jobs, jobs should be submitted
individually, not via a Flink Yarn Session.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
