[jira] [Comment Edited] (FLINK-25866) Support additional TLS configuration.

Fri, 28 Jan 2022 04:17:30 -0800 


    [ 
https://issues.apache.org/jira/browse/FLINK-25866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17483742#comment-17483742
 ] 

Igal Shilman edited comment on FLINK-25866 at 1/28/22, 12:16 PM:
-----------------------------------------------------------------

I was thinking about something like this:
{code:java}
kind: io.statefun.endpoints.v2/http
spec:
  functions: greeter.fns/*
  urlPathTemplate: https://greeter-functions:1108/
  transport:
    type: io.statefun.transports.v1/async 
    trust_cacerts: /path/to/cacerts
    client_certs: /path/to/client_cert.pem
    client_key: /path/to/mounted_secretes/key.pem {code}
where:
 * *trust_cacerts* will be a path to a file containing x509 ca certs that 
StateFun would use to verify the remote certificate
 * *client_certs* is a list of certificates that StateFun will use to identify 
itself as a client when connecting to the remote function (if client side 
authentication is required)
 * *client_key* is a private key that will be used as part of the the client 
side authentication (if this is required)

 


was (Author: igal):
I was thinking about something like this:
{code:java}
kind: io.statefun.endpoints.v2/http
spec:
  functions: greeter.fns/*
  urlPathTemplate: http://greeter-functions:1108/
  transport:
    type: io.statefun.transports.v1/async 
    trust_cacerts: /path/to/cacerts
    auth_key: /path/to/mounted_secretes/key.pem
    auth_certs: /path/to/client_cert.pem
       {code}

> Support additional TLS configuration.
> -------------------------------------
>
>                 Key: FLINK-25866
>                 URL: https://issues.apache.org/jira/browse/FLINK-25866
>             Project: Flink
>          Issue Type: Improvement
>          Components: Stateful Functions
>            Reporter: Igal Shilman
>            Priority: Major
>
> Currently the default HTTP client used to invoke remote functions does not 
> support customising the TLS settings as part of the endpoint spec definition. 
> This includes
> using self-signed certificates, and providing client side certificates for 
> authentication (which is a slightly different requirement).
> This issue is about including additional TLS settings to the default endpoint 
> resource definition, and supporting them in statefun-core.
> User mailing list threads:
>  * [client cert auth in remote 
> function|https://lists.apache.org/thread/97nw245kxqp32qglwfynhhgyhgp2pxvg]
>  * [endpoint self-signed certificate 
> problem|https://lists.apache.org/thread/y2m2bpwg4n71rxfont6pgky2t8m19n7w]
>  
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to