This is an automated email from the ASF dual-hosted git repository.
mbalassi pushed a commit to branch release-1.3
in repository https://gitbox.apache.org/repos/asf/flink-kubernetes-operator.git
The following commit(s) were added to refs/heads/release-1.3 by this push:
new a23dbfc6 [docs] Update Known issues for v1.3
a23dbfc6 is described below
commit a23dbfc64461c22c5781eb8ddfaf8037b2d4a523
Author: Marton Balassi <[email protected]>
AuthorDate: Thu Dec 8 11:38:57 2022 +0100
[docs] Update Known issues for v1.3
---
docs/content/docs/concepts/overview.md | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/docs/content/docs/concepts/overview.md
b/docs/content/docs/concepts/overview.md
index 2320ec67..1b3111c8 100644
--- a/docs/content/docs/concepts/overview.md
+++ b/docs/content/docs/concepts/overview.md
@@ -90,9 +90,6 @@ The examples are maintained as part of the operator repo and
can be found [here]
### JobManager High-availability
The Operator leverages [Kubernetes HA
Services](https://nightlies.apache.org/flink/flink-docs-master/docs/deployment/ha/kubernetes_ha/)
for providing High-availability for Flink jobs. The HA solution can benefit
form using additional [Standby
replicas](https://nightlies.apache.org/flink/flink-docs-master/docs/deployment/ha/overview/),
it will result in a faster recovery time, but Flink jobs will still restart
when the Leader JobManager goes down.
-### Standalone Kubernetes Support
-The Operator does not support [Standalone
Kubernetes](https://nightlies.apache.org/flink/flink-docs-master/docs/deployment/resource-providers/standalone/kubernetes/)
deployments yet. It is expected to be part of the `1.2.0` release.
-
### JobResultStore Resource Leak
To mitigate the impact of
[FLINK-27569](https://issues.apache.org/jira/browse/FLINK-27569) the operator
introduced a workaround
[FLINK-27573](https://issues.apache.org/jira/browse/FLINK-27573) by setting
`job-result-store.delete-on-commit=false` and a unique value for
`job-result-store.storage-path` for every cluster launch. The storage path for
older runs must be cleaned up manually, keeping the latest directory always:
```shell
@@ -102,3 +99,7 @@ drwxr-xr-x 2 9999 9999 40 May 12 09:51
119e0203-c3a9-4121-9a60-d58839576f01 <- m
drwxr-xr-x 2 9999 9999 60 May 12 09:46 a6031ec7-ab3e-4b30-ba77-6498e58e6b7f
drwxr-xr-x 2 9999 9999 60 May 11 15:11 b6fb2a9c-d1cd-4e65-a9a1-e825c4b47543
```
+
+### AuditUtils can log sensitive information present in the custom resources
+As reported in
[FLINK-30306](https://issues.apache.org/jira/browse/FLINK-30306) when Flink
custom resources change the operator logs the change, which could include
sensitive information. We suggest ingesting secrets to Flink containers during
runtime to mitigate this.
+Also note that anyone who has access to the custom resources already had
access to the potentially sensitive information in question, but folks who only
have access to the logs could also see them now. We are planning to introduce
redaction rules to AuditUtils to improve this in a later release.
\ No newline at end of file
