[
https://issues.apache.org/jira/browse/FLINK-25866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17484555#comment-17484555
]
Fil Karnicki commented on FLINK-25866:
--------------------------------------
Ok that makes sense to me Till.
Here's another proposal - would it make sense to allow the ability to provide
the certificate inline in yaml in addition to being able choose a local path?
Something like:
{code:java}
trust_cacerts:
content: |
-----BEGIN CERTIFICATE-----
ABCD...
EFGH...==
-----END CERTIFICATE-----
OR
location: /path/to/cert {code}
The reason why I'm asking is that I believe that these certs would have to be
accessible from all the task executors. Since we're using a shared cloudera
cluster to run statefun uber jar jobs, I'm having a difficult time finding a
way to make the certs available from all the task executors to our jobs while
keeping then unavailable to others' jobs.
> Support additional TLS configuration.
> -------------------------------------
>
> Key: FLINK-25866
> URL: https://issues.apache.org/jira/browse/FLINK-25866
> Project: Flink
> Issue Type: Improvement
> Components: Stateful Functions
> Reporter: Igal Shilman
> Priority: Major
>
> Currently the default HTTP client used to invoke remote functions does not
> support customising the TLS settings as part of the endpoint spec definition.
> This includes
> using self-signed certificates, and providing client side certificates for
> authentication (which is a slightly different requirement).
> This issue is about including additional TLS settings to the default endpoint
> resource definition, and supporting them in statefun-core.
> User mailing list threads:
> * [client cert auth in remote
> function|https://lists.apache.org/thread/97nw245kxqp32qglwfynhhgyhgp2pxvg]
> * [endpoint self-signed certificate
> problem|https://lists.apache.org/thread/y2m2bpwg4n71rxfont6pgky2t8m19n7w]
>
>
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
