[jira] [Commented] (FLINK-26468) Test default binding to localhost

Fri, 04 Mar 2022 01:09:07 -0800 


    [ 
https://issues.apache.org/jira/browse/FLINK-26468?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17501227#comment-17501227
 ] 

Gabor Somogyi commented on FLINK-26468:
---------------------------------------

I've looked at the changes and looks good. Though I've couple of questions just 
for my own understanding.
* Since default and docker behavior differs which one is planned to be tested 
here?
* "Test that removing the binding configuration" What does this mean? As I see 
there is no default value for the mentioned configs.
* Are these tests intended to be automated or manual?


> Test default binding to localhost
> ---------------------------------
>
>                 Key: FLINK-26468
>                 URL: https://issues.apache.org/jira/browse/FLINK-26468
>             Project: Flink
>          Issue Type: Improvement
>          Components: Runtime / Configuration
>    Affects Versions: 1.15.0
>            Reporter: Mika Naylor
>            Priority: Blocker
>              Labels: release-testing
>             Fix For: 1.15.0
>
>
> Change introduced in: https://issues.apache.org/jira/browse/FLINK-24474
> For security reasons, we have bound the REST and RPC endpoints (for the 
> JobManagers and TaskManagers) to the loopback address (localhost/127.0.0.1) 
> to prevent clusters from being accidentally exposed to the outside world.
> These were:
> * jobmanager.bind-host
> * taskmanager.bind-host
> * rest.bind-address
> Some suggestions to test:
> * Test that spinning up a Flink cluster with the default flink-conf.yaml 
> works correctly locally with different set ups (1 TaskManager, several task 
> managers, default parallelism, > 1 parallelism). Test that the JobManagers 
> and TaskManagers can communicate, and that the REST endpoint is accessable 
> locally. Test that the REST/RPC endpoints are not accessable outside of the 
> local machine.
> * Test that removing the the binding configuration for the above mentioned 
> settings means that the cluster binds to 0.0.0.0 and is accessable to the 
> outside world (this may involve also changing rest.address, 
> jobmanager.rpc.address and taskmanager.rpc.address)
> * Test that default Flink setups with docker behave correctly.
> * Test that default Flink setups behave correctly with other resource 
> providers (kubernetes native, etc).



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to