You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Xintong Song (Jira)" <ji...@apache.org> on 2021/10/11 11:57:00 UTC

[jira] [Commented] (FLINK-24503) Security: native kubernetes exposes REST service via LoadBalancer in default

    [ https://issues.apache.org/jira/browse/FLINK-24503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17427086#comment-17427086 ] 

Xintong Song commented on FLINK-24503:
--------------------------------------

[~nanmu42],
Thanks for reporting this.

I think it is a valid concern that REST service is exposed without users' awareness, given that many cloud vendors provides load balance services that are by default exposed to Internet.

However, I'm not sure about changing the default configurations. My concerns are:
- It introduce compatibility issues, that users may run into unexpected problems when upgrading to a new version of Flink.
- Default values of configuration options are chosen in order to provide a better out-of-box experience. We'd like to lower the barrier as much as possible for users to trying out Flink, while providing knobs that allow them to further customize Flink behaviors. From that perspective, it might be better the REST and Web UI do not require a `kubectl port-forward` to be accessed.

Alternatively, we may consider showing a explicit warning message on starting a session or submitting an application. WDYT?

> Security: native kubernetes exposes REST service via LoadBalancer in default
> ----------------------------------------------------------------------------
>
>                 Key: FLINK-24503
>                 URL: https://issues.apache.org/jira/browse/FLINK-24503
>             Project: Flink
>          Issue Type: Improvement
>          Components: Deployment / Kubernetes
>    Affects Versions: 1.13.0, 1.14.0, 1.13.1, 1.13.2
>         Environment: Flink 1.13.2, native kubernetes
>            Reporter: LI Zhennan
>            Priority: Major
>              Labels: security
>
> Hi,
>  
> Flink native k8s deployment exposes REST service via LoadBalancer in default: https://nightlies.apache.org/flink/flink-docs-release-1.14/docs/deployment/config/#kubernetes-rest-service-exposed-type
> I propose to consider it a security issue.
> It is very likely for users to unconciously expose their Flink REST service to the wild Internet, given they are deploying on a k8s cluster provided by cloud service like AWS or Google Cloud.
> Given access, anyone can browse and cancel Flink job on REST service.
> Personally I noticed this issue after my staging deployment went online for 2 days.
> Here, I propose to alter the default value to `ClusterIP`, so that:
>  # the REST service is not exposed to Internet accidentally;
>  # the developer can use `kubectl port-forward` to access the service in default;
>  # the developer can still expose REST service via LoadBalancer by expressing it explicitly in `flink run-application` params.
> If it is okay, I would like to contribute the fix.
>  
> Thank you.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)