You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "LI Zhennan (Jira)" <ji...@apache.org> on 2021/10/11 09:53:00 UTC
[jira] [Updated] (FLINK-24503) Security: native kubernetes exposes
REST service via LoadBalancer in default
[ https://issues.apache.org/jira/browse/FLINK-24503?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
LI Zhennan updated FLINK-24503:
-------------------------------
Description:
Hi,
Flink native k8s deployment exposes REST service via LoadBalancer in default: https://nightlies.apache.org/flink/flink-docs-release-1.14/docs/deployment/config/#kubernetes-rest-service-exposed-type
I propose to consider it a security issue.
It is very likely for users to unconciously expose their Flink REST service to the wild Internet, given they are deploying on a k8s cluster provided by cloud service like AWS or Google Cloud.
Given access, anyone can browse and cancel Flink job on REST service.
Personally I noticed this issue after my staging deployment went online for 2 days.
Here, I propose to alter the default value to `ClusterIP`, so that:
# the REST service is not exposed to Internet accidentally;
# the developer can use `kubectl port-forward` to access the service in default;
# the developer can still expose REST service via LoadBalancer by expressing it explicitly in `flink run-application` params.
If it is okay, I would like to contribute the fix.
Thank you.
was:
Hi,
Flink native k8s deployment exposes REST service via [LoadBalancer in default|[https://nightlies.apache.org/flink/flink-docs-release-1.14/docs/deployment/config/#kubernetes-rest-service-exposed-type].]
I propose to consider it a security issue.
It is very likely for users to unconciously expose their Flink REST service to the wild Internet, given they are deploying on a k8s cluster provided by cloud service like AWS or Google Cloud.
Given access, anyone can browse and cancel Flink job on REST service.
Personally I noticed this issue after my staging deployment went online for 2 days.
Here, I propose to alter the default value to `ClusterIP`, so that:
# the REST service is not exposed to Internet accidentally;
# the developer can use `kubectl port-forward` to access the service in default;
# the developer can still expose REST service via LoadBalancer by expressing it explicitly in `flink run-application` params.
If it is okay, I would like to contribute the fix.
Thank you.
> Security: native kubernetes exposes REST service via LoadBalancer in default
> ----------------------------------------------------------------------------
>
> Key: FLINK-24503
> URL: https://issues.apache.org/jira/browse/FLINK-24503
> Project: Flink
> Issue Type: Improvement
> Components: Deployment / Kubernetes
> Affects Versions: 1.13.0, 1.14.0, 1.13.1, 1.13.2
> Environment: Flink 1.13.2, native kubernetes
> Reporter: LI Zhennan
> Priority: Major
> Labels: security
>
> Hi,
>
> Flink native k8s deployment exposes REST service via LoadBalancer in default: https://nightlies.apache.org/flink/flink-docs-release-1.14/docs/deployment/config/#kubernetes-rest-service-exposed-type
> I propose to consider it a security issue.
> It is very likely for users to unconciously expose their Flink REST service to the wild Internet, given they are deploying on a k8s cluster provided by cloud service like AWS or Google Cloud.
> Given access, anyone can browse and cancel Flink job on REST service.
> Personally I noticed this issue after my staging deployment went online for 2 days.
> Here, I propose to alter the default value to `ClusterIP`, so that:
> # the REST service is not exposed to Internet accidentally;
> # the developer can use `kubectl port-forward` to access the service in default;
> # the developer can still expose REST service via LoadBalancer by expressing it explicitly in `flink run-application` params.
> If it is okay, I would like to contribute the fix.
>
> Thank you.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)