I think the short-term approach is to place an nginx proxy in front, in combination with some form of isolation of the underlying endpoint. That addresses the authentication piece but not fine-grained authorization. Be aware that the Flink JM is not multi-user due to lack of isolation among jobs. The trend is towards running each job in a separate Flink cluster, on top of YARN, Kubernetes, or Mesos.
Related to FLIP-6, the WebUI is gradually becoming decoupled from the JM and hopefully will be more multi-user friendly and capable of communicating with numerous JMs. Some of the precursors are being tracked in FLIP-7530 and FLINK-7083.
Please hop over to the dev list if you'd like to discuss the FLIP-6 stuff and how it relates to multi-user scenarios.
Thanks
Eron
Locked
