How to work with kerberos with ververica hosted flink image ?

ververica / ververica-platform-playground

Instructions for getting started with Ververica Platform on minikube.

https://docs.ververica.com/getting_started/index.html

Apache License 2.0

89 stars 39 forks source link

How to work with kerberos with ververica hosted flink image ? #33

Closed anshulbansal2 closed 4 years ago

anshulbansal2 commented 4 years ago

How can we do something like this : security.kerberos.login.keytab: 's3://vvp/artifacts/namespaces/default/coremojo.keytab'

knaufk commented 4 years ago

Support for HDFS 2/3 (including Kerberos) will be added in our upcoming release in the coming weeks. We expect the keytab to be stored in a Kubernetes Secret. Would this work for you?

anshulbansal2 commented 4 years ago

Could you please give an example, where to add it?

knaufk commented 4 years ago

There will be an example in the documentation that come with the next release. The configuration via a Kubernetes Secret will work along the lines of

kubectl create secret generic my-blob-storage-credentials \
  --from-file hdfs.core-site.xml=core-site.xml \
  --from-file hdfs.hdfs-site.xml=hdfs-site.xml \
  --from-file hdfs.krb5.conf=krb5.conf \
  --from-file hdfs.keytab=keytab \
  --from-file hdfs.keytab-principal=keytab-principal

This secret is then referenced in the Ververica Platform values.yaml.

anshulbansal2 commented 4 years ago

Thanks @knaufk , Is there any suggested work around for now ?

knaufk commented 4 years ago

This has been released in the latest release of Ververica Platform. Please see [1] for the corresponding documentation.

[1] https://docs.ververica.com/administration/blob_storage.html#example-apache-hadoop-hdfs