Hi Yang, I tried that and *-Dkubernetes.certs.client.key.algo=EC* ( https://github.com/fabric8io/kubernetes-client/blob/278ca235dc4ab5653e82dbe2960004ab62f021e4/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/Config.java#L79) but none seems to work :(
I'm launching flink with this: /flink-1.14.0/bin/flink run-application ... Thanks! On Mon, Nov 15, 2021 at 4:08 AM Yang Wang <danrtsey...@gmail.com> wrote: > It seems that "EC"[1] is already supported in Kubernetes client v5.5.0. > However, the default value is "RSA". Could you please export the following > environment first and have a try again? > > export KUBERNETES_CLIENT_KEY_ALGO_SYSTEM_PROPERTY=EC > > [1]. > https://github.com/fabric8io/kubernetes-client/blob/v5.5.0/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/internal/CertUtils.java#L136 > > Best, > Yang > > Nicolás Ferrario <nferrari...@gmail.com> 于2021年11月12日周五 下午11:05写道: > >> Hi all, I am trying to run Flink on a K3s cluster and I'm getting this >> exception: >> >> io.fabric8.kubernetes.client.KubernetesClientException: An error has >>> occurred. >>> >>> at >>> io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:64) >>> >>> at >>> io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:53) >>> >>> at >>> io.fabric8.kubernetes.client.utils.HttpClientUtils.createHttpClient(HttpClientUtils.java:234) >>> >>> at >>> io.fabric8.kubernetes.client.utils.HttpClientUtils.createHttpClient(HttpClientUtils.java:66) >>> >>> at >>> io.fabric8.kubernetes.client.BaseClient.<init>(BaseClient.java:51) >>> >>> at >>> io.fabric8.kubernetes.client.BaseKubernetesClient.<init>(BaseKubernetesClient.java:145) >>> >>> at >>> io.fabric8.kubernetes.client.DefaultKubernetesClient.<init>(DefaultKubernetesClient.java:40) >>> >>> at >>> org.apache.flink.kubernetes.kubeclient.FlinkKubeClientFactory.fromConfiguration(FlinkKubeClientFactory.java:95) >>> >>> at >>> org.apache.flink.kubernetes.KubernetesClusterClientFactory.createClusterDescriptor(KubernetesClusterClientFactory.java:61) >>> >>> at >>> org.apache.flink.kubernetes.KubernetesClusterClientFactory.createClusterDescriptor(KubernetesClusterClientFactory.java:39) >>> >>> at >>> org.apache.flink.client.deployment.application.cli.ApplicationClusterDeployer.run(ApplicationClusterDeployer.java:63) >>> >>> at >>> org.apache.flink.client.cli.CliFrontend.runApplication(CliFrontend.java:213) >>> >>> at >>> org.apache.flink.client.cli.CliFrontend.parseAndRun(CliFrontend.java:1057) >>> >>> at >>> org.apache.flink.client.cli.CliFrontend.lambda$main$10(CliFrontend.java:1132) >>> >>> at >>> org.apache.flink.runtime.security.contexts.NoOpSecurityContext.runSecured(NoOpSecurityContext.java:28) >>> >>> at >>> org.apache.flink.client.cli.CliFrontend.main(CliFrontend.java:1132) >>> >>> Caused by: java.io.IOException: Invalid DER: object is not integer >>> >>> at >>> io.fabric8.kubernetes.client.internal.PKCS1Util$Asn1Object.getInteger(PKCS1Util.java:125) >>> >>> at >>> io.fabric8.kubernetes.client.internal.PKCS1Util.next(PKCS1Util.java:55) >>> >>> at >>> io.fabric8.kubernetes.client.internal.PKCS1Util.decodePKCS1(PKCS1Util.java:46) >>> >>> at >>> io.fabric8.kubernetes.client.internal.CertUtils.handleOtherKeys(CertUtils.java:179) >>> >>> at >>> io.fabric8.kubernetes.client.internal.CertUtils.loadKey(CertUtils.java:139) >>> >>> at >>> io.fabric8.kubernetes.client.internal.CertUtils.createKeyStore(CertUtils.java:115) >>> >>> at >>> io.fabric8.kubernetes.client.internal.CertUtils.createKeyStore(CertUtils.java:251) >>> >>> at >>> io.fabric8.kubernetes.client.internal.SSLUtils.keyManagers(SSLUtils.java:128) >>> >>> at >>> io.fabric8.kubernetes.client.internal.SSLUtils.keyManagers(SSLUtils.java:122) >>> >>> at >>> io.fabric8.kubernetes.client.utils.HttpClientUtils.createHttpClient(HttpClientUtils.java:129) >>> >> >> This seems to be an old issue with Fabric8 Kubernetes Client that I guess >> should be fixed in newer releases. You can find more information here >> https://issues.jenkins.io/browse/JENKINS-64322. >> >> My K3s cluster is running on version 1.21.6+k3s1, and Flink 1.14.0 >> >> Does anyone know a workaround that does not involve replacing the >> certificate with a token? >> >> Thanks >> >
