Advanced Configuration

This section contains advanced configuration information that may be helpful in integrating dA Platform with your environment.

Using a Java TrustStore with Application Manager

Application Manager must be able to access your Flink application JAR artifacts via HTTP or HTTPS. If your artifact storage uses TLS, and serves a certificate signed by a non-public CA, you must create a Java TrustStore, make it accessible to Application Manager, and pass the requisite JVM flags to enable its use.

You can follow these steps mutatis mutandis to use a Java KeyStore with Application Manager.

  1. Create a TrustStore containing your CA certificate as a trusted entity
  2. Create a Kubernetes Secret from this file
  3. Mount the Secret as a Volume in the Application Manager Pod
  4. Configure Application Manager to use the TrustStore via an environment variable

Create a TrustStore

Please reference the official Java documentation for the Java CLI tool keytool for information on creating a TrustStore containing your CA certificate.

Create a Kubernetes Secret

If your TrustStore is named trustStore, use the following command to create a Kubernetes Secret named daplatform-secrets in the namespace my-namespace that contains it:

$ kubectl \
    --namespace=my-namespace \
    create secret generic daplatform-secrets \
    --from-file=trustStore

The Secret should be created in the same namespace that Application Manager is deployed in.

Mount the Secret as a Volume

Note

Kubernetes will restart Application Manager after the Deployment is edited.

Edit the Application Manager Deployment, adding an additional entry to spec.template.spec.volumes:

- name: daplatform-secrets
  secret:
    secretName: daplatform-secrets

And adding an additional entry to spec.template.spec.containers[0].volumeMounts:

- mountPath: /etc/daplatform-secrets
  name: daplatform-secrets

See the Kubernetes documentation for more information about mounting a Secret into a Pod.

Configure Application Manager

Note

Kubernetes will restart Application Manager after the Deployment is edited.

Also in the Application Manager Deployment, add an entry to spec.template.spec.containers[0].env along these lines (you may have to create the env key):

- name: JAVA_OPTS
  value: -Djavax.net.ssl.trustStore=/etc/daplatform-secrets/trustStore