Github user skrishnappa commented on a diff in the pull request:
https://github.com/apache/flink/pull/2518#discussion_r82412401
--- Diff: docs/setup/config.md ---
@@ -140,6 +140,8 @@ will be used under the directory specified by
jobmanager.web.tmpdir.
- `blob.server.port`: Port definition for the blob server (serving user
jar's) on the Taskmanagers. By default the port is set to 0, which means that
the operating system is picking an ephemeral port. Flink also accepts a list of
ports ("50100,50101"), ranges ("50100-50200") or a combination of both. It is
recommended to set a range of ports to avoid collisions when multiple
JobManagers are running on the same machine.
+- `blob.service.ssl.enabled`: Flag to enable ssl for the blob
client/server communication. This is applicable only when the global ssl flag
security.ssl.enabled is set to true (DEFAULT: true).
--- End diff --
Setting security.ssl.enabled to true will enable ssl for all communication.
The other flags are required only for selectively disabling ssl (they are set
to true by default). The reasons I chose to provide the extra flags are the
following
* web frontend - this is useful if the admin chooses to encrypt only
external traffic
* taskmanager data trasnfer - enabling ssl here might have significant
performance impact and the admin might choose to encrypt only management and
control traffic
I am slightly biased towards keeping these extra config (based on past
experiences) and wasn't sure what the community would prefer. I am fine
removing these and doing SSL - all or nothing, please let me know.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
