Ping on this 🙂 It there anyway I can run a script or implement some interface to run before the Dispatcher service starts up to dynamically generate the keystore?
Thank you! ________________________________ From: Jiahui Jiang <[email protected]> Sent: Monday, November 9, 2020 3:19 PM To: [email protected] <[email protected]> Subject: SSL setup for YARN deployment when hostnames are unknown. Hello Flink! We are working on turning on REST SSL for YARN deployments. We built a generic orchestration server that can submit Flink clusters to any YARN clusters given the relevant Hadoop configs. But this means we may not know the hostname the Job Managers can be deployed onto - not even through wild card DNS names<https://ci.apache.org/projects/flink/flink-docs-stable/ops/security-ssl.html#tips-for-yarn--mesos-deployment> as recommended in the documentation. I’m wondering is there any factory class that I can implement that can allow me to generate a private key and import that to JM’s keystore at runtime? Or is there any other recommended way to handle the cases where we don’t know the potential JM hosts at all? Thank you!
