Details
-
Improvement
-
Status: Closed
-
Blocker
-
Resolution: Fixed
-
1.15.0
Description
Change introduced in: https://issues.apache.org/jira/browse/FLINK-24474
For security reasons, we have bound the REST and RPC endpoints (for the JobManagers and TaskManagers) to the loopback address (localhost/127.0.0.1) to prevent clusters from being accidentally exposed to the outside world.
These were:
- jobmanager.bind-host
- taskmanager.bind-host
- rest.bind-address
Some suggestions to test:
- Test that spinning up a Flink cluster with the default flink-conf.yaml works correctly locally with different set ups (1 TaskManager, several task managers, default parallelism, > 1 parallelism). Test that the JobManagers and TaskManagers can communicate, and that the REST endpoint is accessable locally. Test that the REST/RPC endpoints are not accessable outside of the local machine.
- Test that removing the binding configuration for the above mentioned settings means that the cluster binds to 0.0.0.0 and is accessable to the outside world (this may involve also changing rest.address, jobmanager.rpc.address and taskmanager.rpc.address)
- Test that default Flink setups with docker behave correctly.
- Test that default Flink setups behave correctly with other resource providers (kubernetes native, etc).
Attachments
Issue Links
- is related to
-
FLINK-24474 Standalone clusters should bind to localhost by default
- Resolved