Advanced Configuration¶
This section contains advanced configuration information that may be helpful in integrating dA Platform with your environment.
Using a Java TrustStore with Application Manager¶
Application Manager must be able to access your Flink application JAR artifacts via HTTP or HTTPS. If your artifact storage uses TLS, and serves a certificate signed by a non-public CA, you must create a Java TrustStore, make it accessible to Application Manager, and pass the requisite JVM flags to enable its use.
You can follow these steps mutatis mutandis to use a Java KeyStore with Application Manager.
- Create a TrustStore containing your CA certificate as a trusted entity
- Create a Kubernetes Secret from this file
- Mount the Secret as a Volume in the Application Manager Pod
- Configure Application Manager to use the TrustStore via an environment variable
Create a TrustStore¶
Please reference the official Java documentation for the Java CLI tool keytool
for information on creating a
TrustStore containing your CA certificate.
Create a Kubernetes Secret¶
If your TrustStore is named trustStore
, use the following command to create a Kubernetes Secret
named daplatform-secrets
in the namespace my-namespace
that contains it:
$ kubectl \
--namespace=my-namespace \
create secret generic daplatform-secrets \
--from-file=trustStore
The Secret should be created in the same namespace that Application Manager is deployed in.
Mount the Secret as a Volume¶
Note
Kubernetes will restart Application Manager after the Deployment is edited.
Edit the Application Manager Deployment, adding an additional entry to
spec.template.spec.volumes
:
- name: daplatform-secrets
secret:
secretName: daplatform-secrets
And adding an additional entry to spec.template.spec.containers[0].volumeMounts
:
- mountPath: /etc/daplatform-secrets
name: daplatform-secrets
See the Kubernetes documentation for more information about mounting a Secret into a Pod.
Configure Application Manager¶
Note
Kubernetes will restart Application Manager after the Deployment is edited.
Also in the Application Manager Deployment, add an entry to spec.template.spec.containers[0].env
along these lines (you may have to create the env
key):
- name: JAVA_OPTS
value: -Djavax.net.ssl.trustStore=/etc/daplatform-secrets/trustStore