Enabling security for Apache Flink

Since Flink is essentially just a YARN application, service level security settings apply mainly for the Flink History Server (HS) only.

Kerberos

Kerberos authentication can be enabled for the Flink HS by simply checking the corresponding checkbox in the service wizard while adding the service or later in the service configuration page in Cloudera Manager. The service wizard in Cloudera Manager enables the Kerberos service, and no further action is required to be able to use the authentication with Flink.

For more information about enabling Kerberos authentication using the service wizard, see the Cloudera Manager documentation.

TLS encryption

If AutoTLS is enabled on the cluster, the TLS-related configuration fields are auto-populated for the Flink HS. If AutoTLS is not used, the settings have to be configured manually. For more information about manual configuration for TLS, see the Cloudera Manager documentation.