[
https://issues.apache.org/jira/browse/FLINK-24474?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chesnay Schepler updated FLINK-24474:
-------------------------------------
Release Note:
For security purposes standalone clusters now bind the REST API and RPC
endpoints to localhost by default. The goal is to prevent cases where users
unknowingly exposed the cluster to the outside, as they would previously bind
to all interfaces.
This can be reverted by removing the
'rest.bind-address'/'[jobmanager|taskmanager].bind-host' settings from the
flink-conf.yaml .
Note that within docker containers the REST API still binds to 0.0.0.0 .
was:
For security purposes standalone clusters now bind the REST API to localhost by
default. The goal is to prevent cases where users unknowingly exposed the
cluster to the outside, as the REST API would previously bind to all interfaces.
This can be reverted by removing the 'rest.bind-address' setting from the
flink-conf.yaml .
Note that within docker containers the REST API still binds to 0.0.0.0 .
> Standalone clusters should bind to localhost by default
> -------------------------------------------------------
>
> Key: FLINK-24474
> URL: https://issues.apache.org/jira/browse/FLINK-24474
> Project: Flink
> Issue Type: Improvement
> Components: Runtime / Configuration
> Reporter: Chesnay Schepler
> Assignee: Mika Naylor
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.15.0
>
>
> By default the REST endpoints bind to 0.0.0.0.
> This is fine for docker use-cases as it simplifies the setup and the API
> isn't reachable unless the user explicitly enables that via docker.
> However, for standalone clusters this is a different story, and it is
> currently too easy for users to accidentally expose their clusters to the
> outside world.
> We should set the bind address by default to localhost, and change the
> docker-scripts to set this to 0.0.0.0 .
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
