Hi Yang, after looking at the source code I tried this other env and this time it worked! It's not failing because of a missing jar but I can add it manually.
*export KUBERNETES_CERTS_CLIENT_KEY_ALGO=EC* [ec2-user@ip-10-150-120-176 ~]$ export KUBERNETES_CERTS_CLIENT_KEY_ALGO=EC > > [ec2-user@ip-10-150-120-176 ~]$ /storage/flink-1.14.0/bin/flink > run-application ... --target kubernetes-application > -Dkubernetes.config.file=/home/ec2-user/.poddy/credentials/k3s > -Dkubernetes.context=default -Dkubernetes.namespace=default > -Dkubernetes.service-account=default ... > > 2021-11-17 13:09:40,427 INFO > org.apache.flink.kubernetes.kubeclient.FlinkKubeClientFactory > [] - Configuring kubernetes client to use context default. > > > ------------------------------------------------------------ > > The program finished with the following exception: > > > io.fabric8.kubernetes.client.KubernetesClientException: JcaPEMKeyConverter > is provided by BouncyCastle, an optional dependency. To use support for EC > Keys you must explicitly add this dependency to classpath. > > at > io.fabric8.kubernetes.client.internal.CertUtils.handleECKey(CertUtils.java:167) > > at > io.fabric8.kubernetes.client.internal.CertUtils.loadKey(CertUtils.java:137) > > at > io.fabric8.kubernetes.client.internal.CertUtils.createKeyStore(CertUtils.java:115) > > at > io.fabric8.kubernetes.client.internal.CertUtils.createKeyStore(CertUtils.java:251) > > at > io.fabric8.kubernetes.client.internal.SSLUtils.keyManagers(SSLUtils.java:128) > > at > io.fabric8.kubernetes.client.internal.SSLUtils.keyManagers(SSLUtils.java:122) > > at > io.fabric8.kubernetes.client.utils.HttpClientUtils.createHttpClient(HttpClientUtils.java:129) > > at > io.fabric8.kubernetes.client.utils.HttpClientUtils.createHttpClient(HttpClientUtils.java:66) > > at io.fabric8.kubernetes.client.BaseClient.<init>(BaseClient.java:51) > > at > io.fabric8.kubernetes.client.BaseKubernetesClient.<init>(BaseKubernetesClient.java:145) > > at > io.fabric8.kubernetes.client.DefaultKubernetesClient.<init>(DefaultKubernetesClient.java:40) > > at > org.apache.flink.kubernetes.kubeclient.FlinkKubeClientFactory.fromConfiguration(FlinkKubeClientFactory.java:95) > > at > org.apache.flink.kubernetes.KubernetesClusterClientFactory.createClusterDescriptor(KubernetesClusterClientFactory.java:61) > > at > org.apache.flink.kubernetes.KubernetesClusterClientFactory.createClusterDescriptor(KubernetesClusterClientFactory.java:39) > > at > org.apache.flink.client.deployment.application.cli.ApplicationClusterDeployer.run(ApplicationClusterDeployer.java:63) > > at > org.apache.flink.client.cli.CliFrontend.runApplication(CliFrontend.java:213) > > at > org.apache.flink.client.cli.CliFrontend.parseAndRun(CliFrontend.java:1057) > > at > org.apache.flink.client.cli.CliFrontend.lambda$main$10(CliFrontend.java:1132) > > at > org.apache.flink.runtime.security.contexts.NoOpSecurityContext.runSecured(NoOpSecurityContext.java:28) > > at org.apache.flink.client.cli.CliFrontend.main(CliFrontend.java:1132) > It would be great if we could add this to the official documentation. For anyone else that is dealing with this issue: https://stackoverflow.com/questions/68761409/jcapemkeyconverter-is-provided-by-bouncycastle-an-optional-dependency-to-use-s Thanks for your help! On Tue, Nov 16, 2021 at 11:31 PM Yang Wang <danrtsey...@gmail.com> wrote: > If you are using the following command to submit the job, I am afraid the > dynamic properties could not take effect on the client side. > > /flink-1.14.0/bin/flink run-application ... -D > kubernetes.certs.client.key.algo=EC > > Could you please export the environment > KUBERNETES_CLIENT_KEY_ALGO_SYSTEM_PROPERTY and have a try? > > Best, > Yang > > Nicolás Ferrario <nferrari...@gmail.com> 于2021年11月16日周二 上午1:58写道: > >> Hi Yang, I tried that and *-Dkubernetes.certs.client.key.algo=EC* ( >> https://github.com/fabric8io/kubernetes-client/blob/278ca235dc4ab5653e82dbe2960004ab62f021e4/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/Config.java#L79) >> but none seems to work :( >> >> I'm launching flink with this: /flink-1.14.0/bin/flink run-application >> ... >> >> Thanks! >> >> On Mon, Nov 15, 2021 at 4:08 AM Yang Wang <danrtsey...@gmail.com> wrote: >> >>> It seems that "EC"[1] is already supported in Kubernetes client v5.5.0. >>> However, the default value is "RSA". Could you please export the >>> following environment first and have a try again? >>> >>> export KUBERNETES_CLIENT_KEY_ALGO_SYSTEM_PROPERTY=EC >>> >>> [1]. >>> https://github.com/fabric8io/kubernetes-client/blob/v5.5.0/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/internal/CertUtils.java#L136 >>> >>> Best, >>> Yang >>> >>> Nicolás Ferrario <nferrari...@gmail.com> 于2021年11月12日周五 下午11:05写道: >>> >>>> Hi all, I am trying to run Flink on a K3s cluster and I'm getting this >>>> exception: >>>> >>>> io.fabric8.kubernetes.client.KubernetesClientException: An error has >>>>> occurred. >>>>> >>>>> at >>>>> io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:64) >>>>> >>>>> at >>>>> io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:53) >>>>> >>>>> at >>>>> io.fabric8.kubernetes.client.utils.HttpClientUtils.createHttpClient(HttpClientUtils.java:234) >>>>> >>>>> at >>>>> io.fabric8.kubernetes.client.utils.HttpClientUtils.createHttpClient(HttpClientUtils.java:66) >>>>> >>>>> at >>>>> io.fabric8.kubernetes.client.BaseClient.<init>(BaseClient.java:51) >>>>> >>>>> at >>>>> io.fabric8.kubernetes.client.BaseKubernetesClient.<init>(BaseKubernetesClient.java:145) >>>>> >>>>> at >>>>> io.fabric8.kubernetes.client.DefaultKubernetesClient.<init>(DefaultKubernetesClient.java:40) >>>>> >>>>> at >>>>> org.apache.flink.kubernetes.kubeclient.FlinkKubeClientFactory.fromConfiguration(FlinkKubeClientFactory.java:95) >>>>> >>>>> at >>>>> org.apache.flink.kubernetes.KubernetesClusterClientFactory.createClusterDescriptor(KubernetesClusterClientFactory.java:61) >>>>> >>>>> at >>>>> org.apache.flink.kubernetes.KubernetesClusterClientFactory.createClusterDescriptor(KubernetesClusterClientFactory.java:39) >>>>> >>>>> at >>>>> org.apache.flink.client.deployment.application.cli.ApplicationClusterDeployer.run(ApplicationClusterDeployer.java:63) >>>>> >>>>> at >>>>> org.apache.flink.client.cli.CliFrontend.runApplication(CliFrontend.java:213) >>>>> >>>>> at >>>>> org.apache.flink.client.cli.CliFrontend.parseAndRun(CliFrontend.java:1057) >>>>> >>>>> at >>>>> org.apache.flink.client.cli.CliFrontend.lambda$main$10(CliFrontend.java:1132) >>>>> >>>>> at >>>>> org.apache.flink.runtime.security.contexts.NoOpSecurityContext.runSecured(NoOpSecurityContext.java:28) >>>>> >>>>> at >>>>> org.apache.flink.client.cli.CliFrontend.main(CliFrontend.java:1132) >>>>> >>>>> Caused by: java.io.IOException: Invalid DER: object is not integer >>>>> >>>>> at >>>>> io.fabric8.kubernetes.client.internal.PKCS1Util$Asn1Object.getInteger(PKCS1Util.java:125) >>>>> >>>>> at >>>>> io.fabric8.kubernetes.client.internal.PKCS1Util.next(PKCS1Util.java:55) >>>>> >>>>> at >>>>> io.fabric8.kubernetes.client.internal.PKCS1Util.decodePKCS1(PKCS1Util.java:46) >>>>> >>>>> at >>>>> io.fabric8.kubernetes.client.internal.CertUtils.handleOtherKeys(CertUtils.java:179) >>>>> >>>>> at >>>>> io.fabric8.kubernetes.client.internal.CertUtils.loadKey(CertUtils.java:139) >>>>> >>>>> at >>>>> io.fabric8.kubernetes.client.internal.CertUtils.createKeyStore(CertUtils.java:115) >>>>> >>>>> at >>>>> io.fabric8.kubernetes.client.internal.CertUtils.createKeyStore(CertUtils.java:251) >>>>> >>>>> at >>>>> io.fabric8.kubernetes.client.internal.SSLUtils.keyManagers(SSLUtils.java:128) >>>>> >>>>> at >>>>> io.fabric8.kubernetes.client.internal.SSLUtils.keyManagers(SSLUtils.java:122) >>>>> >>>>> at >>>>> io.fabric8.kubernetes.client.utils.HttpClientUtils.createHttpClient(HttpClientUtils.java:129) >>>>> >>>> >>>> This seems to be an old issue with Fabric8 Kubernetes Client that I >>>> guess should be fixed in newer releases. You can find more information here >>>> https://issues.jenkins.io/browse/JENKINS-64322. >>>> >>>> My K3s cluster is running on version 1.21.6+k3s1, and Flink 1.14.0 >>>> >>>> Does anyone know a workaround that does not involve replacing the >>>> certificate with a token? >>>> >>>> Thanks >>>> >>>
