Mika Naylor created FLINK-26468:
-----------------------------------
Summary: Test default binding to localhost
Key: FLINK-26468
URL: https://issues.apache.org/jira/browse/FLINK-26468
Project: Flink
Issue Type: Improvement
Components: Runtime / Configuration
Affects Versions: 1.15.0
Reporter: Mika Naylor
Fix For: 1.15.0
Change introduced in: https://issues.apache.org/jira/browse/FLINK-24474
For security reasons, we have bound the REST and RPC endpoints (for the
JobManagers and TaskManagers) to the loopback address (localhost/127.0.0.1) to
prevent clusters from being accidentally exposed to the outside world.
These were:
* jobmanager.bind-host
* taskmanager.bind-host
* rest.bind-address
Some suggestions to test:
* Test that spinning up a Flink cluster with the default flink-conf.yaml works
correctly locally with different set ups (1 TaskManager, several task managers,
default parallelism, > 1 parallelism). Test that the JobManagers and
TaskManagers can communicate, and that the REST endpoint is accessable locally.
Test that the REST/RPC endpoints are not accessable outside of the local
machine.
* Test that removing the the binding configuration for the above mentioned
settings means that the cluster binds to 0.0.0.0 and is accessable to the
outside world (this may involve also changing rest.address,
jobmanager.rpc.address and taskmanager.rpc.address)
* Test that default Flink setups with docker behave correctly.
* Test that default Flink setups behave correctly with other resource providers
(kubernetes native, etc).
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
