tagarr opened a new pull request, #712:
URL: https://github.com/apache/flink-kubernetes-operator/pull/712
## What is the purpose of the change
If the FlinkDeployment CR is configured to use ssl, the operator is unable
to properly reconcile the deployment as the underlying RestClient the operator
uses tries to load the certificates defined in the config.
## Brief change log
- Change helm chart to provide values for a cert-manager created jks secret
and its password
- Create env vars that define the location of the truststore (optionally
keystore) on disk
- If the deployments config isRestSSLEnabled, modify the config to point to
the operators certs on creation of rest clients
- Catch runtime exceptions on submitting flink applications or flink
sessions if they are due to invalid ssl config
## Verifying this change
This change added tests and can be verified as follows:
- Added a SecureFlinkServiceTest to check that restclients are created when
certs are defined and fail otherwise
- Added flink tls examples and updated the README
## Does this pull request potentially affect one of the following parts:
- Dependencies (does it add or upgrade a dependency): (no)
- The public API, i.e., is any changes to the `CustomResourceDescriptors`:
(no)
- Core observer or reconciler logic that is regularly executed: (no)
## Documentation
- Does this pull request introduce a new feature? (yes)
- If yes, how is the feature documented? (docs)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@flink.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
