mridulm commented on code in PR #43240:
URL: https://github.com/apache/spark/pull/43240#discussion_r1375828446
##########
docs/security.md:
##########
@@ -563,7 +604,52 @@ replaced with one of the above namespaces.
<tr>
<td><code>${ns}.trustStoreType</code></td>
<td>JKS</td>
- <td>The type of the trust store.</td>
+ <td>The type of the trust store. This setting is not applicable to the
`rpc` namespace.</td>
+ </tr>
+ <tr>
+ <td><code>${ns}.openSSLEnabled</code></td>
+ <td>false</td>
+ <td>
+ Whether to use OpenSSL for cryptographic operations instead of the JDK
SSL provider.
+ This setting is only applicable to the `rpc` namespace, and also
requires the `certChain`
+ and `privateKey` settings to be set.
+ </td>
+ </tr>
+ <tr>
+ <td><code>${ns}.privateKey</code></td>
+ <td>None</td>
+ <td>
+ Path to the private key file in PEM format. The path can be absolute or
relative to the
+ directory in which the process is started.
+ This setting is only applicable to the `rpc` namespace, and is required
when using the
+ OpenSSL implementation.
+ </td>
+ </tr>
+ <tr>
+ <td><code>${ns}.certChain</code></td>
+ <td>None</td>
+ <td>
+ Path to the certificate chain file in PEM format. The path can be
absolute or relative to the
+ directory in which the process is started.
+ This setting is only applicable to the `rpc` namespace, and is required
when using the
+ OpenSSL implementation.
+ </td>
+ </tr>
+ <tr>
+ <td><code>${ns}.trustStoreReloadingEnabled</code></td>
+ <td>false</td>
+ <td>
+ Whether the trust store should be reloaded periodically.
+ This setting is only applicable to the `rpc` namespace.
+ </td>
+ </tr>
+ <tr>
+ <td><code>${ns}.trustStoreReloadIntervalMs</code></td>
+ <td>10000</td>
+ <td>
+ The interval at which the trust store should be reloaded (in
milliseconds).
+ This setting is only applicable to the `rpc` namespace.
Review Comment:
This would be useful only in standalone, right ? Call that out ?
It is not useful for k8s or yarn iirc.
##########
docs/security.md:
##########
@@ -563,7 +604,52 @@ replaced with one of the above namespaces.
<tr>
<td><code>${ns}.trustStoreType</code></td>
<td>JKS</td>
- <td>The type of the trust store.</td>
+ <td>The type of the trust store. This setting is not applicable to the
`rpc` namespace.</td>
+ </tr>
+ <tr>
+ <td><code>${ns}.openSSLEnabled</code></td>
+ <td>false</td>
+ <td>
+ Whether to use OpenSSL for cryptographic operations instead of the JDK
SSL provider.
+ This setting is only applicable to the `rpc` namespace, and also
requires the `certChain`
+ and `privateKey` settings to be set.
+ </td>
+ </tr>
+ <tr>
+ <td><code>${ns}.privateKey</code></td>
+ <td>None</td>
+ <td>
+ Path to the private key file in PEM format. The path can be absolute or
relative to the
+ directory in which the process is started.
+ This setting is only applicable to the `rpc` namespace, and is required
when using the
+ OpenSSL implementation.
+ </td>
+ </tr>
+ <tr>
+ <td><code>${ns}.certChain</code></td>
+ <td>None</td>
+ <td>
+ Path to the certificate chain file in PEM format. The path can be
absolute or relative to the
+ directory in which the process is started.
+ This setting is only applicable to the `rpc` namespace, and is required
when using the
+ OpenSSL implementation.
+ </td>
+ </tr>
+ <tr>
+ <td><code>${ns}.trustStoreReloadingEnabled</code></td>
+ <td>false</td>
+ <td>
+ Whether the trust store should be reloaded periodically.
+ This setting is only applicable to the `rpc` namespace.
+ </td>
+ </tr>
+ <tr>
+ <td><code>${ns}.trustStoreReloadIntervalMs</code></td>
+ <td>10000</td>
+ <td>
+ The interval at which the trust store should be reloaded (in
milliseconds).
+ This setting is only applicable to the `rpc` namespace.
Review Comment:
This would be useful only in standalone, right ? Call that out ?
It is not useful for k8s or yarn imo.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
