tagarr commented on PR #689: URL: https://github.com/apache/flink-kubernetes-operator/pull/689#issuecomment-1794978019
@gaborgsomogyi Thanks for looking at this. So the problem is that user declared flinkdeployments could specify the cert directory wherever they want to, I didn't want to lock down the directory to a known location. As this location could be anywhere, just using the same location is therefore not possible. Also as our flink operator containers are root read-only mounted I decided to put them in /tmp and provide a naming convention to ensure multiple flinkdeployments would not overwrite the same file. Regarding your other points. - I doubt the operator would be managing 100's of deployments let another orders of magnitude greater than that. I also wasn't sure about permanently persisting them as if the cert is rotated I would need a mechanism to renew the cert, with this method you just need to roll the pod to refresh the certs - I only wanted to change the config if I have correctly found and created the file, hence setting it in the createLocalFile method. This way if users are doing a different way to mount their certs I wouldn't be overriding them - The operator will need to use the restclient for many of its functions i.e. listJobs, cancelJobs, triggerSavepoints e.t.c. without the correct ssl the operator won't be able to do this. I have provided a sample, why don't you try it on the current codebase unless I'm misunderstanding your question - I will tidy up the tests but would like confirmation that the methodology I'm using is acceptable to the community -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
