You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user-zh@flink.apache.org by hjw <10...@qq.com.INVALID> on 2022/03/03 06:04:52 UTC
Flink On K8s 作业提交 SSL证书问题

我在K8s集群外将k8s配置文件放到~/.kube/config.但在部署时出现了SSL证书验证问题。我用kubectl等命令操作k8s (kubectl get pod -n namespace 等)是没问题的。有大大碰到过这问题吗。

Flink版本: 1.13.6
~/.kube/config

apiVersion:v1
kind:config
cluster:
-name: "yf-dev-cluster1"
cluster:
server: "https://in-acpmanager.test.yfzx.cn/k8s/clusters/c-t5h2t"
certificate-authority-data : “……"

报错:
2022-03-02 18:59:30 | OkHttp https://in-acpmanager.test.yfzx.cn/...io.fabric8.kubernetes.client.dsl.internal.WatcherWebSocketListener   Exec Failure javax.net.ssl.SSLPeerUnverifiedException Hostname in-acpmanager.test.yfzx.cn not verified:     certificate: sha256/cw2T2s+Swhl7z+H35/3C1dTLxL26OOMO5VoEN9kAZCA=     DN: CN=in-acpmanager.test.yfzx.cn     subjectAltNames: [] io.fabric8.kubernetes.client.KubernetesClientException: Failed to start websocket         at io.fabric8.kubernetes.client.dsl.internal.WatcherWebSocketListener.onFailure(WatcherWebSocketListener.java:77)         at org.apache.flink.kubernetes.shaded.okhttp3.internal.ws.RealWebSocket.failWebSocket(RealWebSocket.java:570)         at org.apache.flink.kubernetes.shaded.okhttp3.internal.ws.RealWebSocket$1.onFailure(RealWebSocket.java:216)         at org.apache.flink.kubernetes.shaded.okhttp3.RealCall$AsyncCall.execute(RealCall.java:180)         at org.apache.flink.kubernetes.shaded.okhttp3.internal.NamedRunnable.run(NamedRunnable.java:32)         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)         at java.lang.Thread.run(Thread.java:748)         Suppressed: java.lang.Throwable: waiting here                 at io.fabric8.kubernetes.client.utils.Utils.waitUntilReady(Utils.java:164)                 at io.fabric8.kubernetes.client.utils.Utils.waitUntilReadyOrFail(Utils.java:175)                 at io.fabric8.kubernetes.client.dsl.internal.WatcherWebSocketListener.waitUntilReady(WatcherWebSocketListener.java:120)                 at io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager.waitUntilReady(WatchConnectionManager.java:82)                 at io.fabric8.kubernetes.client.dsl.base.BaseOperation.watch(BaseOperation.java:705)                 at io.fabric8.kubernetes.client.dsl.base.BaseOperation.watch(BaseOperation.java:678)                 at io.fabric8.kubernetes.client.dsl.base.BaseOperation.watch(BaseOperation.java:

Caused by: javax.net.ssl.SSLPeerUnverifiedException: Hostname in-acpmanager.test.yfzx.cn not verified:     certificate: sha256/cw2T2s+Swhl7z+H35/3C1dTLxL26OOMO5VoEN9kAZCA=     DN: CN=in-acpmanager.test.yfzx.cn     subjectAltNames: []         at org.apache.flink.kubernetes.shaded.okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:350)         at org.apache.flink.kubernetes.shaded.okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:300)         at org.apache.flink.kubernetes.shaded.okhttp3.internal.connection.RealConnection.connect(RealConnection.java:185)         at org.apache.flink.kubernetes.shaded.okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224)         at org.apache.flink.kubernetes.shaded.okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:108)         at org.apache.flink.kubernetes.shaded.okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.java:88)         at org.apache.flink.kubernetes.shaded.okhttp3.internal.connection.Transmitter.newExchange(Transmitter.java:169)         at org.apache.flink.kubernetes.shaded.okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41)         at org.apache.flink.kubernetes.shaded.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)         at org.apache.flink.kubernetes.shaded.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)         at org.apache.flink.kubernetes.shaded.okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94)         at org.apache.flink.kubernetes.shaded.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)         at org.apache.flink.kubernetes.shaded.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)         at org.apache.flink.kubernetes.shaded.okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)         at org.apache.flink.kubernetes.shade