By the way Fabian, any chance this issue is looked into / the PR considered
for 1.5?
--
Christophe
On Wed, Apr 4, 2018 at 2:41 PM, Fabian Hueske wrote:
> Thank you Edward and Christophe!
>
> 2018-03-29 17:55 GMT+02:00 Edward Alexander Rojas Clavijo <
> edward.roja...@gmail.com>:
>
>> Hi all,
>>
Thank you Edward and Christophe!
2018-03-29 17:55 GMT+02:00 Edward Alexander Rojas Clavijo <
edward.roja...@gmail.com>:
> Hi all,
>
> I did some tests based on the PR Christophe mentioned above and by making
> a change on the NettyClient to use CanonicalHostName instead of
> HostNameAddress to id
Hi all,
I did some tests based on the PR Christophe mentioned above and by making a
change on the NettyClient to use CanonicalHostName instead of
HostNameAddress to identify the server, the SSL validation works!!
I created a PR with this change: https://github.com/apache/flink/pull/5789
Regards,
Hi Till,
I just created the JIRA ticket:
https://issues.apache.org/jira/browse/FLINK-9103
I added the JobManager and TaskManager logs, Hope this helps to resolve the
issue.
Regards,
Edward
2018-03-27 17:48 GMT+02:00 Till Rohrmann :
> Hi Edward,
>
> could you please file a JIRA issue for this p
Hi Edward,
You can use this parameter in flink-conf.yaml to supress the hostname
checking in certificates. If it suits your purpose.
security.ssl.verify-hostname: false
Secondly even I'm running flink 1.4 on K8s, I used to get the same error
stack trace as you mentioned, while the blob client was
Hi Edward,
could you please file a JIRA issue for this problem. It might be as simple
as that the TaskManager's network stack uses the IP instead of the hostname
as you suggested. But we have to look into this to be sure. Also the logs
of the JobManager as well as the TaskManagers could be helpful
I suspect this relates to: https://issues.apache.org/jira/browse/FLINK-5030
For which there was a PR at some point but nothing has been done so far. It
seems the current code explicitly uses the IP vs Hostname for Netty SSL
configuration.
Without that I'm really wondering how people are reasonabl
Hi all,
Currently I have a Flink 1.4 cluster running on kubernetes and with SSL
configuration based on https://ci.apache.org/projects/flink/flink-docs-
master/ops/security-ssl.html.
However, as the IP of the nodes are dynamic (from the nature of
kubernetes), we are using only the DNS which we can
