Docs Home
Viewing docs for
Self-ManagedNot available for BYOC

Artifact Storage

On this page

Accessing artifact storage via HTTPS with self-signed certificate

When starting a new Apache Flink® cluster, by running a Deployment, your application JAR artifact will be fetched by Flink Jobmanager Pod during initialization.

If you are using HTTPS to fetch an external artifact with a certificate signed by a non-public CA, you have to create a Java TrustStore and configure the artifact fetcher to use it:

  • Create a TrustStore containing your CA certificate as a trusted entity
  • Create a Kubernetes Secret from the file
  • Configure artifact fetcher to use the secret

Create a TrustStore

Please reference the official Java documentation for the Java CLI tool keytool for information on creating a TrustStore containing your CA certificate.

Create a Kubernetes Secret

If your TrustStore is named trustStore, use the following command to create a Kubernetes Secret named artifact-fetcher-truststore in the namespace my-namespace that contains it:

BASH
1kubectl \
2  --namespace=my-namespace \
3  create secret generic artifact-fetcher-truststore \
4  --from-file=trustStore=/path/to/trustStore

Configure Ververica Platform Artifact Fetcher

The artifact fetcher configuration parameters are stored in the platform configuration.

To configure Ververica Platform with a self signed certificate, the following options may be helpful (under vvp.appmanager.cluster):

  • kubernetes.artifact-fetcher.http.trust-store.secret-name - optional string, Kubernetes secret name containing the TrustStore;
  • kubernetes.artifact-fetcher.http.trust-store.filename - optional string, the key name under which the TrustStore is kept in the Kubernetes secret;
  • kubernetes.artifact-fetcher.http.trust-store.type - optional string, the TrustStore format, "JKS" by default;
  • kubernetes.artifact-fetcher.http.trust-store.password - optional string, pass phrase of TrustStore

The above configuration steps, would translate to the following example configuration:

YAML
1cluster:
2  kubernetes.artifact-fetcher.http.trust-store.secret-name: artifact-fetcher-truststore
3  kubernetes.artifact-fetcher.http.trust-store.filename: trustStore
Was this helpful?