[
https://issues.apache.org/jira/browse/FLINK-37504?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17937301#comment-17937301
]
Nicolas Fraison commented on FLINK-37504:
-----------------------------------------
Hi, thanks for the feedback.
I will see to create a FLIP for this.
For the implementation I've seen that the Apache Flink Kubernetes Operator was
already managing certificate reload so I've just based the implementation from
the one from that project:
[https://github.com/apache/flink-kubernetes-operator/blob/main/flink-kubernetes-webhook/src/main/java/org/apache/flink/kubernetes/operator/admission/FlinkOperatorWebhook.java#L154]
The requirement for the certificate reload is not linked to the kubernetes
usage but linked to a zero trust network policy applied in my company.
The created certificate have a one day validity and are renewed every 12 hours
which is why we would need this feature to avoid restarting the job every day.
> Handle TLS Certificate Renewal
> ------------------------------
>
> Key: FLINK-37504
> URL: https://issues.apache.org/jira/browse/FLINK-37504
> Project: Flink
> Issue Type: Improvement
> Reporter: Nicolas Fraison
> Priority: Minor
> Labels: pull-request-available
>
> Flink does not reload certificate if underlying truststore and keytstore are
> updated.
> We aim at using 1 day validity certificate which currently means having to
> restart our jobs every day.
> In order to avoid this we will need to add a feature to be able to reload TLS
> certificate when underlying truststore and keytstore are updated
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
