zhoulii opened a new pull request #12899:
URL: https://github.com/apache/flink/pull/12899
## What is the purpose of the change
Kubernetes Secrets can be used to provide credentials for a Flink
application to access secured services. This ticket proposes to
- Support to mount user-specified K8s Secrets into the
JobManager/TaskManager Container
- Support to use a user-specified K8s Secret through an environment variable.
## Brief change log
- Introduce two new KubernetesStepDecorator implementations named
`MountSecretsDecorator`、`EnvSecretsDecorator `.
- Add `MountSecretsDecorator`、`EnvSecretsDecorator` to the decorator chains
in KubernetesJobManagerFactory and KubernetesTaskManagerFactory.
- Introduce two new configs `kubernetes.secrets.` and
`kubernetes.env.secretKeyRef.`.
## Verifying this change
- Covered by unit test.
## Does this pull request potentially affect one of the following parts:
- Dependencies (does it add or upgrade a dependency): (yes / **no**)
- The public API, i.e., is any changed class annotated with
`@Public(Evolving)`: (yes / **no**)
- The serializers: (yes / **no** / don't know)
- The runtime per-record code paths (performance sensitive): (yes / **no**
/ don't know)
- Anything that affects deployment or recovery: JobManager (and its
components), Checkpointing, Kubernetes/Yarn/Mesos, ZooKeeper: (yes / **no** /
don't know)
- The S3 file system connector: (yes / **no** / don't know)
## Documentation
- Does this pull request introduce a new feature? (**yes** / no)
- If yes, how is the feature documented? (not applicable / **docs** /
JavaDocs / not documented)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
