Hi Hao, You may take a look at codes for webhook in the helm charts of the Flink k8s project as it also utilizes cert-manager to create and mount the keystore for ssl. Best, Biao Geng
获取 Outlook for iOS<https://aka.ms/o0ukef> ________________________________ 发件人: Hao t Chang <htch...@us.ibm.com> 发送时间: Saturday, September 10, 2022 12:24:48 AM 收件人: dev@flink.apache.org <dev@flink.apache.org> 主题: Recommended way to Enable SSL Flink Kubernetes Operator Hi Is there a recommended way (similar to this [1] ) to enable the SSL REST/Internal connectivity for FlinkDeployment created by the Flink Kubernetes Operator? First I added the required SSL config inside the flink-operator-config configmap. The required SSL configs look like: security.ssl.internal.enabled: true security.ssl.internal.keystore: /certs/keystore.p12 security.ssl.internal.keystore-password: password security.ssl.internal.key-password: password security.ssl.internal.truststore: /certs/keystore.p12 security.ssl.internal.truststore-password: password security.ssl.rest.enabled: true security.ssl.rest.keystore: /certs/keystore.p12 security.ssl.rest.keystore-password: password security.ssl.rest.key-password: password1234 security.ssl.rest.truststore: /certs/keystore.p12 security.ssl.rest.truststore-password: password What’s not clear to me is how to Create and Mount the keystore and truststore in a FlinkDeployment CRD for the job/taskManagers to consume? Otherwise, the basic-example FlinkDeployment would fail to start with the following reason: Shutting KubernetesApplicationClusterEntrypoint down with application status FAILED. Diagnostics java.io.IOException: Failed to initialize SSL for the blob server Caused by: java.nio.file.NoSuchFileException: /certs/keystore.p12 [1] https://nightlies.apache.org/flink/flink-docs-master/docs/deployment/security/security-ssl/
