Hi Nicolas, This looks like a nice improvement, thanks for the write up. Are you in touch with any committer who's willing to review / merge this?
Some random questions on the FLIP: (1) "Each service that depends on TLS certificates will initialize a FileSytemWatchService" It seems that there are 4 components using SSL, does this mean there will be 4 additional threads running, watching the same set of files? Wouldn't it be better to introduce a central file watching service, and SSL users can subscribe to updates, to reduce the number of threads? If this makes the whole effort 4x more complicated, I wouldn't consider it, but if its roughly the same effort, we should :) (2) "FileSytemWatchService" When I read this name, I was wondering, whether this is somehow related to the Flink "FileSystem" classes. Which I think its' not. Maybe a different name, that makes this separation more explicit, would make sense. Maybe "LocalFSWatchService"? (I'm sorry to bring up naming stuff -- its very subjective, and difficult) (3) For the test plan: There seem to be some SSL related e2e tests: https://github.com/apache/flink/blob/master/flink-end-to-end-tests/test-scripts/common_ssl.sh It would be nice to extend them to cover this feature as well. I would hate for this feature to slowly break by future changes, so good e2e test coverage is key, in particular bc so many components are involved. Best, Robert On Wed, Apr 16, 2025 at 11:55 AM Nicolas Fraison <nicolas.frai...@datadoghq.com.invalid> wrote: > Hi All, > > I'd like to start a discussion to Handle TLS Certificate Renewal > Please provide some feedback on this proposal: > > https://cwiki.apache.org/confluence/display/FLINK/FLIP-523%3A+Handle+TLS+Certificate+Renewal > > Regards, > > Nicolas Fraison >
