[jira] [Commented] (FLINK-29572) Flink Task Manager skip loopback interface for resource manager registration

Fri, 28 Oct 2022 15:08:08 -0700 


    [ 
https://issues.apache.org/jira/browse/FLINK-29572?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17625932#comment-17625932
 ] 

Kevin Li commented on FLINK-29572:
----------------------------------

Hi, Xintong, thanks for your help first. However, this is not some vague proxy 
software, it is part of Service Mesh implementation and now become very popular 
now, especially in Kubernetes world. 
https://medium.com/microservices-in-practice/service-mesh-for-microservices-2953109a3c9a

Keep in mind that this FLINK-24474 is not available before 1.15. Original 
purpose is to make Flink cluster more secure if both JM/TMs run on the same 
node/computer, which is not really a case for production deployment. Also the 
way it probes the location of Job Manager is wrong if such proxy exists. That's 
why I recommended to add an option to disable/skip the loopback check since we 
know JM is not running on the same node as TM. So in my opinion, it is a bug.

> Flink Task Manager skip loopback interface for resource manager registration
> ----------------------------------------------------------------------------
>
>                 Key: FLINK-29572
>                 URL: https://issues.apache.org/jira/browse/FLINK-29572
>             Project: Flink
>          Issue Type: Bug
>          Components: API / Core
>    Affects Versions: 1.15.2
>         Environment: Flink 1.15.2
> Kubernetes with Istio Proxy
>            Reporter: Kevin Li
>            Priority: Major
>
> Currently Flink Task Manager use different local interface to bind to connect 
> to Resource Manager. First one is Loopback interface. Normally if Job Manager 
> is running on remote host/container, using loopback interface to connect will 
> fail and it will pick up correct IP address.
> However, if Task Manager is running with some proxy, loopback interface can 
> connect to remote host as well. This will result 127.0.0.1 reported to 
> Resource Manager during registration, even Job Manager/Resource Manager runs 
> on remote host, and problem will happen. For us, only one Task Manager can 
> register in this case.
> I suggest adding configuration to skip Loopback interface check if we know 
> Job/Resource Manager is running on remote host/container.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to