flink-on-k8s-operator icon indicating copy to clipboard operation
flink-on-k8s-operator copied to clipboard

Published 20 hours ago verified publisher icon GoogleCloudPlatform

Flink Service selector too lenient - selects other pods as well

Open stylius opened this issue 4 years ago • 0 comments

Flink was installed using the provided Helm Chart. The chart installs 2 services with pod selector just one label. Problem is that this label is widely used:

selector:                                                                                                                                                                                              
  control-plane: controller-manager

In our cluster we have OPE Gatekeeper installed, which uses among other labels, uses this one as well.

Using single label widely used label for selector is a problem, the selector for services should be as narrow as possible, e.g. using a combination of multiple labels and only select pods matching ALL labels. With single one it is prone to error.

Solution us to rebuild the helm chart and add additional labels to the deployment and the service selectors. This however will lead to other issues with the chart upgrade, like deleting the certificate in the webhook.

selector:
  app: flink-operator  
  control-plane: controller-manager

stylius avatar Oct 18 '21 13:10 stylius