You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "Xintong Song (Jira)" <ji...@apache.org> on 2021/10/14 02:42:00 UTC

[jira] [Closed] (FLINK-24503) Security: native kubernetes exposes REST service via LoadBalancer in default

     [ https://issues.apache.org/jira/browse/FLINK-24503?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Xintong Song closed FLINK-24503.
--------------------------------
    Release Note: 
For native Kubernetes deployments, REST & Web UI are now exposed as ClusterIP (previously was LoadBalancer) by default, which means they cannot be accessed directly from outside of the cluster.

This is to prevent accidentally leaking the access to the wild Internet.

See [Accessing Flink's Web UI](https://nightlies.apache.org/flink/flink-docs-master/docs/deployment/resource-providers/native_kubernetes/#accessing-flinks-web-ui) for more details.

  was:kubernetes.rest-service.exposed.type is now ClusterIP in default, instead of previous LoadBalancer

      Resolution: Done

Merged via:
- master (1.15): 90f0a7d812548874adef0a0e59092b78d1859227

> Security: native kubernetes exposes REST service via LoadBalancer in default
> ----------------------------------------------------------------------------
>
>                 Key: FLINK-24503
>                 URL: https://issues.apache.org/jira/browse/FLINK-24503
>             Project: Flink
>          Issue Type: Improvement
>          Components: Deployment / Kubernetes
>    Affects Versions: 1.13.0, 1.14.0, 1.13.1, 1.13.2
>         Environment: Flink 1.13.2, native kubernetes
>            Reporter: LI Zhennan
>            Assignee: LI Zhennan
>            Priority: Major
>              Labels: pull-request-available, security
>             Fix For: 1.15.0
>
>
> Hi,
>  
> Flink native k8s deployment exposes REST service via LoadBalancer in default: https://nightlies.apache.org/flink/flink-docs-release-1.14/docs/deployment/config/#kubernetes-rest-service-exposed-type
> I propose to consider it a security issue.
> It is very likely for users to unconciously expose their Flink REST service to the wild Internet, given they are deploying on a k8s cluster provided by cloud service like AWS or Google Cloud.
> Given access, anyone can browse and cancel Flink job on REST service.
> Personally I noticed this issue after my staging deployment went online for 2 days.
> Here, I propose to alter the default value to `ClusterIP`, so that:
>  # the REST service is not exposed to Internet accidentally;
>  # the developer can use `kubectl port-forward` to access the service in default;
>  # the developer can still expose REST service via LoadBalancer by expressing it explicitly in `flink run-application` params.
> If it is okay, I would like to contribute the fix.
>  
> Thank you.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)