Thanks for creating this FLIP. This sounds like a useful feature to make the Flink applications running on YARN cluster more securely.
However, I think we still miss some important parts in the FLIP. 1. Which hadoop versions this FLIP relies on? 2. We need to describe a bit more about how the YARN ACLs works. 3. Does the ACLs only apply to the logs? How about the Flink JobManager UI? Best, Yang Venkatakrishnan Sowrirajan <vsowr...@asu.edu> 于2023年5月13日周六 08:12写道: > Thanks for the FLIP, Archit. > > +1 from me as well. This would be very useful for us and others in the > community given the same issue was raised earlier as well. > > Regards > Venkata krishnan > > > On Fri, May 12, 2023 at 4:03 PM Becket Qin <becket....@gmail.com> wrote: > > > Thanks for the FLIP, Archit. > > > > The motivation sounds reasonable and it looks like a straightforward > > proposal. +1 from me. > > > > Thanks, > > > > Jiangjie (Becket) Qin > > > > On Fri, May 12, 2023 at 1:30 AM Archit Goyal > <argo...@linkedin.com.invalid > > > > > wrote: > > > > > Hi all, > > > > > > I am opening this thread to discuss the proposal to support Yarn ACLs > to > > > Flink containers which has been documented in FLIP-312 < > > > > > > https://urldefense.com/v3/__https://cwiki.apache.org/confluence/display/FLINK/FLIP*312*3A*Add*Yarn*ACLs*to*Flink*Containers__;KyUrKysrKys!!IKRxdwAv5BmarQ!bQiA3GX9bFf-w6A9M4Aez7RSMYLdvFtjZnlrOSf6N2nQUFuDdnoJ20uujW8RPY1VbLS9P4AfpnqPmkZZOuQ$ > > > >. > > > > > > This FLIP mentions about providing Yarn application ACL mechanism on > > Flink > > > containers to be able to provide specific rights to users other than > the > > > one running the Flink application job. This will restrict other users > in > > > two ways: > > > > > > * view logs through the Resource Manager job history > > > * kill the application > > > > > > Please feel free to reply to this email thread and share your opinions. > > > > > > Thanks, > > > Archit Goyal > > > > > > > > >
