Re: SSL config on Kubernetes - Dynamic IP

Thank you Edward and Christophe! 2018-03-29 17:55 GMT+02:00 Edward Alexander Rojas Clavijo < edward.roja...@gmail.com>: > Hi all, > > I did some tests based on the PR Christophe mentioned above and by making > a change on the NettyClient to use CanonicalHostName instead of > HostNameAddress to

Re: SSL config on Kubernetes - Dynamic IP

Hi all, I did some tests based on the PR Christophe mentioned above and by making a change on the NettyClient to use CanonicalHostName instead of HostNameAddress to identify the server, the SSL validation works!! I created a PR with this change: https://github.com/apache/flink/pull/5789

Re: SSL config on Kubernetes - Dynamic IP

Hi Till, I just created the JIRA ticket: https://issues.apache.org/jira/browse/FLINK-9103 I added the JobManager and TaskManager logs, Hope this helps to resolve the issue. Regards, Edward 2018-03-27 17:48 GMT+02:00 Till Rohrmann : > Hi Edward, > > could you please file

Re: SSL config on Kubernetes - Dynamic IP

Hi Edward, You can use this parameter in flink-conf.yaml to supress the hostname checking in certificates. If it suits your purpose. security.ssl.verify-hostname: false Secondly even I'm running flink 1.4 on K8s, I used to get the same error stack trace as you mentioned, while the blob client

Re: SSL config on Kubernetes - Dynamic IP

Hi Edward, could you please file a JIRA issue for this problem. It might be as simple as that the TaskManager's network stack uses the IP instead of the hostname as you suggested. But we have to look into this to be sure. Also the logs of the JobManager as well as the TaskManagers could be

SSL config on Kubernetes - Dynamic IP

Hi all, Currently I have a Flink 1.4 cluster running on kubernetes and with SSL configuration based on https://ci.apache.org/projects/flink/flink-docs- master/ops/security-ssl.html. However, as the IP of the nodes are dynamic (from the nature of kubernetes), we are using only the DNS which we