gaborgsomogyi commented on PR #689:
URL:
https://github.com/apache/flink-kubernetes-operator/pull/689#issuecomment-1794673038
Then why not simply mounting `/etc/tls/` in the operator and put certs in
the proper dir?
I mean one can add configs like:
```
security.ssl.enabled: 'true'
security.ssl.truststore:
/etc/tls/{namespace}/{instanceName}/truststore.jks
security.ssl.truststore-password: password1234
security.ssl.keystore: /etc/tls/{namespace}/{instanceName}/keystore.jks
security.ssl.keystore-password: password1234
security.ssl.key-password: password1234
```
At the moment I not yet see the 1k line addition🤔
There is some generic comments apart from the use-case (correct me if
anything understood in a bad way):
* If I understand correctly it's always checking the cert existence when a
new REST client is created. Let's assume the operator died, it's resurrecting
so the local disk doesn't have any certs and there are 10k+ Flink jobs. I think
it will be extremely slow to recover.
* Can multiple threads write the same file locally when they run on the same
cluster?
* Several code parts are just not having single responsibility. An example
is that `createLocalFile` is changing the Flink config as a side effect.
* Maybe I've just done a super shallow first round but I don't see a
assertion that the REST client is using SSL.
* There are unnecessary copy-pastes in the tests.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
