[FLINK-26468] Test default binding to localhost - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 1.15.0
Fix Version/s: 1.15.0
Component/s: Runtime / Configuration
Labels:
- release-testing

Description

Change introduced in: https://issues.apache.org/jira/browse/FLINK-24474

For security reasons, we have bound the REST and RPC endpoints (for the JobManagers and TaskManagers) to the loopback address (localhost/127.0.0.1) to prevent clusters from being accidentally exposed to the outside world.

These were:

jobmanager.bind-host
taskmanager.bind-host
rest.bind-address

Some suggestions to test:

Test that spinning up a Flink cluster with the default flink-conf.yaml works correctly locally with different set ups (1 TaskManager, several task managers, default parallelism, > 1 parallelism). Test that the JobManagers and TaskManagers can communicate, and that the REST endpoint is accessable locally. Test that the REST/RPC endpoints are not accessable outside of the local machine.
Test that removing the binding configuration for the above mentioned settings means that the cluster binds to 0.0.0.0 and is accessable to the outside world (this may involve also changing rest.address, jobmanager.rpc.address and taskmanager.rpc.address)
Test that default Flink setups with docker behave correctly.
Test that default Flink setups behave correctly with other resource providers (kubernetes native, etc).

Attachments

Issue Links

is related to

FLINK-24474 Standalone clusters should bind to localhost by default

Resolved

Activity

People

Assignee:: Gabor Somogyi

Reporter:: Mika Naylor

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 03/Mar/22 15:04

Updated:: 09/Mar/22 08:09

Resolved:: 09/Mar/22 08:09