Surendra Singh Lilhore created YARN-11855:
---------------------------------------------
Summary: Support external truststore for web proxy
Key: YARN-11855
URL: https://issues.apache.org/jira/browse/YARN-11855
Project: Hadoop YARN
Issue Type: Bug
Components: webproxy
Affects Versions: 3.3.4
Reporter: Surendra Singh Lilhore
Assignee: Surendra Singh Lilhore
Currently, YARN supports self-generated truststore and keystore for the
ApplicationMaster when the {{yarn.resourcemanager.application-https.policy}}
property is configured. However, it does not provide a way to configure an
external truststore for the WebProxy component.
This limitation makes it difficult to support Spark drivers using self-signed
certificates, even though Spark allows configuration of keystore properties for
the driver.
Enhancing YARN to support an externally configured truststore for the WebProxy
would enable better integration and security for Spark applications, especially
in environments where self-signed certificates are required.
We can support these properties
<property>
<name>yarn.resourcemanager.application-https.policy</name>
<value>STRICT_EXTERNAL</value>
</property>
<property>
<name>yarn.resourcemanager.webproxy.ssl.truststore</name>
<value>/etc/tls/truststore.jks</value>
</property>
<property>
<name>yarn.resourcemanager.webproxy.ssl.truststore.password</name>
<value>changeit</value>
</property>
<property>
<name>yarn.resourcemanager.webproxy.ssl.hostnameVerification</name>
<value>false</value>
</property>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-dev-h...@hadoop.apache.org
