You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@flink.apache.org by mb...@apache.org on 2022/12/08 16:55:01 UTC

[flink-kubernetes-operator] branch release-1.3 updated: [docs] Update Known issues for v1.3

This is an automated email from the ASF dual-hosted git repository.

mbalassi pushed a commit to branch release-1.3
in repository https://gitbox.apache.org/repos/asf/flink-kubernetes-operator.git


The following commit(s) were added to refs/heads/release-1.3 by this push:
     new a23dbfc6 [docs] Update Known issues for v1.3
a23dbfc6 is described below

commit a23dbfc64461c22c5781eb8ddfaf8037b2d4a523
Author: Marton Balassi <ma...@apple.com>
AuthorDate: Thu Dec 8 11:38:57 2022 +0100

    [docs] Update Known issues for v1.3
---
 docs/content/docs/concepts/overview.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/docs/content/docs/concepts/overview.md b/docs/content/docs/concepts/overview.md
index 2320ec67..1b3111c8 100644
--- a/docs/content/docs/concepts/overview.md
+++ b/docs/content/docs/concepts/overview.md
@@ -90,9 +90,6 @@ The examples are maintained as part of the operator repo and can be found [here]
 ### JobManager High-availability
 The Operator leverages [Kubernetes HA Services](https://nightlies.apache.org/flink/flink-docs-master/docs/deployment/ha/kubernetes_ha/) for providing High-availability for Flink jobs. The HA solution can benefit form using additional [Standby replicas](https://nightlies.apache.org/flink/flink-docs-master/docs/deployment/ha/overview/), it will result in a faster recovery time, but Flink jobs will still restart when the Leader JobManager goes down.
 
-### Standalone Kubernetes Support
-The Operator does not support [Standalone Kubernetes](https://nightlies.apache.org/flink/flink-docs-master/docs/deployment/resource-providers/standalone/kubernetes/) deployments yet. It is expected to be part of the `1.2.0` release.
-
 ### JobResultStore Resource Leak
 To mitigate the impact of [FLINK-27569](https://issues.apache.org/jira/browse/FLINK-27569) the operator introduced a workaround [FLINK-27573](https://issues.apache.org/jira/browse/FLINK-27573) by setting `job-result-store.delete-on-commit=false` and a unique value for `job-result-store.storage-path` for every cluster launch. The storage path for older runs must be cleaned up manually, keeping the latest directory always:
 ```shell
@@ -102,3 +99,7 @@ drwxr-xr-x 2 9999 9999 40 May 12 09:51 119e0203-c3a9-4121-9a60-d58839576f01 <- m
 drwxr-xr-x 2 9999 9999 60 May 12 09:46 a6031ec7-ab3e-4b30-ba77-6498e58e6b7f
 drwxr-xr-x 2 9999 9999 60 May 11 15:11 b6fb2a9c-d1cd-4e65-a9a1-e825c4b47543
 ```
+
+### AuditUtils can log sensitive information present in the custom resources
+As reported in [FLINK-30306](https://issues.apache.org/jira/browse/FLINK-30306) when Flink custom resources change the operator logs the change, which could include sensitive information. We suggest ingesting secrets to Flink containers during runtime to mitigate this. 
+Also note that anyone who has access to the custom resources already had access to the potentially sensitive information in question, but folks who only have access to the logs could also see them now. We are planning to introduce redaction rules to AuditUtils to improve this in a later release.
\ No newline at end of file