Github user EronWright commented on the issue:
https://github.com/apache/flink/pull/2425
@StephanEwen keep in mind that Flink's current SSL support in Flink doesn't
achieve _mutual authentication_ - there's no client certificate there. With
SSL enabled, an untrusted client can launch jobs in your Flink cluster and thus
gain access to the Kerberos credential associated with the cluster.
SSL mutual authentication is a good alternative to a shared secret, but at
the time we were limited to built-in Akka functionality (which doesn't include
mutual auth). Given the "flakka" fork that's now in place, a pure SSL
solution might now be possible (I haven't thought it through completely).
The fact remains that, today, _all the secrets known to a Flink job are
exposed to everyone who can connect to the cluster's endpoint_.
It would be nice to construct a holistic plan that worked out how the Web
UI would support authentication and also incorporated FLIP-6. Both YARN
and Mesos interpose a web proxy for the UI with its own limitations, notably no
support for SSL mutual auth.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
