[
https://issues.apache.org/jira/browse/FLINK-24503?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xintong Song updated FLINK-24503:
---------------------------------
Release Note:
For native Kubernetes deployments, REST & Web UI are now exposed as ClusterIP
(previously was LoadBalancer) by default, which means they cannot be accessed
directly from outside of the cluster.
This is to prevent accidentally leaking the access to the wild Internet.
See Accessing Flink's Web UI for more details.
https://nightlies.apache.org/flink/flink-docs-master/docs/deployment/resource-providers/native_kubernetes/#accessing-flinks-web-ui
was:
For native Kubernetes deployments, REST & Web UI are now exposed as ClusterIP
(previously was LoadBalancer) by default, which means they cannot be accessed
directly from outside of the cluster.
This is to prevent accidentally leaking the access to the wild Internet.
See [Accessing Flink's Web
UI|https://nightlies.apache.org/flink/flink-docs-master/docs/deployment/resource-providers/native_kubernetes/#accessing-flinks-web-ui]
for more details.
> Security: native kubernetes exposes REST service via LoadBalancer in default
> ----------------------------------------------------------------------------
>
> Key: FLINK-24503
> URL: https://issues.apache.org/jira/browse/FLINK-24503
> Project: Flink
> Issue Type: Improvement
> Components: Deployment / Kubernetes
> Affects Versions: 1.13.0, 1.14.0, 1.13.1, 1.13.2
> Environment: Flink 1.13.2, native kubernetes
> Reporter: LI Zhennan
> Assignee: LI Zhennan
> Priority: Major
> Labels: pull-request-available, security
> Fix For: 1.15.0
>
>
> Hi,
>
> Flink native k8s deployment exposes REST service via LoadBalancer in default:
> https://nightlies.apache.org/flink/flink-docs-release-1.14/docs/deployment/config/#kubernetes-rest-service-exposed-type
> I propose to consider it a security issue.
> It is very likely for users to unconciously expose their Flink REST service
> to the wild Internet, given they are deploying on a k8s cluster provided by
> cloud service like AWS or Google Cloud.
> Given access, anyone can browse and cancel Flink job on REST service.
> Personally I noticed this issue after my staging deployment went online for 2
> days.
> Here, I propose to alter the default value to `ClusterIP`, so that:
> # the REST service is not exposed to Internet accidentally;
> # the developer can use `kubectl port-forward` to access the service in
> default;
> # the developer can still expose REST service via LoadBalancer by expressing
> it explicitly in `flink run-application` params.
> If it is okay, I would like to contribute the fix.
>
> Thank you.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
