Since the fabric8 Kubernetes client does not build "org.bouncycastle" dependencies in the main jar, maybe we need to have the them in the classpath. Could you also put the bcpkix-jdk15on-1.67.jar in the client image, not only container(aka application) image?
I think you need to build you own Flink image, not directly using the flink:1.11-scala_2.12-java8. Best, Yang Kevin Kwon <fsw0...@gmail.com> 于2020年11月14日周六 上午5:26写道: > Hi guys, I'm trying out the native K8s cluster and having trouble with SSL > I think. > > I use *k3d* as my local cluster for experiment > > here's how I launch my cluster > > k3d cluster create > > docker run \ > -u flink:flink \ > -v /Users/user/.kube:/opt/flink/.kube \ > --network host \ > --entry-point /bin/bash \ > flink:1.11-scala_2.12-java8 \ > /opt/flink/bin/flink run-application \ > -p 8 \ > -t kubernetes-application \ > -Dkubernetes.cluster-id=k3d-k3s-default \ > -Dkubernetes.container.image=local.registry:5000/mycompany/app:0.0.1 \ > -Dkubernetes.namespace=mycompany \ > -Dkubernetes.rest-service.exposed.type=NodeType \ > -Dkubernetes.taskmanager.cpu=1 \ > -Dresourcemanager.taskmanager-timeout=360000 \ > -Dtaskmanager.memory.process.size=2048m \ > -Dtaskmanager.numberOfTaskSlots=1 \ > local://opt/flink/usrlib/app.jar > > > however I get the following error > > io.fabric8.kubernetes.client.KubernetesClientException: JcaPEMKeyConverter > is provided by BouncyCastle, an optional dependency. To use support for EC > Keys you must explicitly add this dependency to classpath. > > at > io.fabric8.kubernetes.client.internal.CertUtils.handleECKey(CertUtils.java:161) > > at > io.fabric8.kubernetes.client.internal.CertUtils.loadKey(CertUtils.java:131) > > at > io.fabric8.kubernetes.client.internal.CertUtils.createKeyStore(CertUtils.java:111) > > at > io.fabric8.kubernetes.client.internal.CertUtils.createKeyStore(CertUtils.java:243) > > at > io.fabric8.kubernetes.client.internal.SSLUtils.keyManagers(SSLUtils.java:128) > > at > io.fabric8.kubernetes.client.internal.SSLUtils.keyManagers(SSLUtils.java:122) > > at > io.fabric8.kubernetes.client.utils.HttpClientUtils.createHttpClient(HttpClientUtils.java:82) > > at > io.fabric8.kubernetes.client.utils.HttpClientUtils.createHttpClient(HttpClientUtils.java:62) > > at > io.fabric8.kubernetes.client.BaseClient.<init>(BaseClient.java:51) > > at > io.fabric8.kubernetes.client.DefaultKubernetesClient.<init>(DefaultKubernetesClient.java:105) > > at > org.apache.flink.kubernetes.kubeclient.KubeClientFactory.fromConfiguration(KubeClientFactory.java:72) > > at > org.apache.flink.kubernetes.KubernetesClusterClientFactory.createClusterDescriptor(KubernetesClusterClientFactory.java:58) > > at > org.apache.flink.kubernetes.KubernetesClusterClientFactory.createClusterDescriptor(KubernetesClusterClientFactory.java:39) > > at > org.apache.flink.client.deployment.application.cli.ApplicationClusterDeployer.run(ApplicationClusterDeployer.java:61) > > at > org.apache.flink.client.cli.CliFrontend.runApplication(CliFrontend.java:197) > > at > org.apache.flink.client.cli.CliFrontend.parseParameters(CliFrontend.java:919) > > at > org.apache.flink.client.cli.CliFrontend.lambda$main$10(CliFrontend.java:992) > > at > org.apache.flink.runtime.security.contexts.NoOpSecurityContext.runSecured(NoOpSecurityContext.java:30) > > at > org.apache.flink.client.cli.CliFrontend.main(CliFrontend.java:992) > > > I've tried copying *bcpkix-jdk15on-1.67.jar *binary in to the app image > in /opt/flink/lib directory, but no luck > >
