[
https://issues.apache.org/jira/browse/FLINK-24474?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17493087#comment-17493087
]
Robert Metzger commented on FLINK-24474:
----------------------------------------
Thanks a lot for the fix, this is very valuable!
> Standalone clusters should bind to localhost by default
> -------------------------------------------------------
>
> Key: FLINK-24474
> URL: https://issues.apache.org/jira/browse/FLINK-24474
> Project: Flink
> Issue Type: Improvement
> Components: Runtime / Configuration
> Reporter: Chesnay Schepler
> Assignee: Mika Naylor
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.15.0
>
>
> By default the REST endpoints bind to 0.0.0.0.
> This is fine for docker use-cases as it simplifies the setup and the API
> isn't reachable unless the user explicitly enables that via docker.
> However, for standalone clusters this is a different story, and it is
> currently too easy for users to accidentally expose their clusters to the
> outside world.
> We should set the bind address by default to localhost, and change the
> docker-scripts to set this to 0.0.0.0 .
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
