LI Zhennan created FLINK-24503: ---------------------------------- Summary: Security: native kubernetes exposes REST service via LoadBalancer in default Key: FLINK-24503 URL: https://issues.apache.org/jira/browse/FLINK-24503 Project: Flink Issue Type: Improvement Components: Deployment / Kubernetes Affects Versions: 1.13.2, 1.13.1, 1.14.0, 1.13.0 Environment: Flink 1.13.2, native kubernetes Reporter: LI Zhennan
Hi, Flink native k8s deployment exposes REST service via [LoadBalancer in default|[https://nightlies.apache.org/flink/flink-docs-release-1.14/docs/deployment/config/#kubernetes-rest-service-exposed-type].] I propose to consider it a security issue. It is very likely for users to unconciously expose their Flink REST service to the wild Internet, given they are deploying on a k8s cluster provided by cloud service like AWS or Google Cloud. Given access, anyone can browse and cancel Flink job on REST service. Personally I noticed this issue after my staging deployment went online for 2 days. Here, I propose to alter the default value to `ClusterIP`, so that: # the REST service is not exposed to Internet accidentally; # the developer can use `kubectl port-forward` to access the service in default; # the developer can still expose REST service via LoadBalancer by expressing it explicitly in `flink run-application` params. If it is okay, I would like to contribute the fix. Thank you. -- This message was sent by Atlassian Jira (v8.3.4#803005)