Hi
Is there a recommended way (similar to this [1] ) to enable the SSL
REST/Internal connectivity for FlinkDeployment created by the Flink Kubernetes
Operator?
First I added the required SSL config inside the flink-operator-config
configmap.
The required SSL configs look like:
security.ssl.internal.enabled: true
security.ssl.internal.keystore: /certs/keystore.p12
security.ssl.internal.keystore-password: password
security.ssl.internal.key-password: password
security.ssl.internal.truststore: /certs/keystore.p12
security.ssl.internal.truststore-password: password
security.ssl.rest.enabled: true
security.ssl.rest.keystore: /certs/keystore.p12
security.ssl.rest.keystore-password: password
security.ssl.rest.key-password: password1234
security.ssl.rest.truststore: /certs/keystore.p12
security.ssl.rest.truststore-password: password
What’s not clear to me is how to Create and Mount the keystore and truststore
in a FlinkDeployment CRD for the job/taskManagers to consume? Otherwise, the
basic-example FlinkDeployment would fail to start with the following reason:
Shutting KubernetesApplicationClusterEntrypoint down with application status
FAILED. Diagnostics java.io.IOException: Failed to initialize SSL for the blob
server
Caused by: java.nio.file.NoSuchFileException: /certs/keystore.p12
[1]
https://nightlies.apache.org/flink/flink-docs-master/docs/deployment/security/security-ssl/
