Setting Custom KeyStore

This topic describes how to set custom KeyStore for Livy SSL encryption for non Data Fabric tenants.

A Java KeyStore is a repository of security certificates and their corresponding private keys used for SSL encryptions.

To set the custom KeyStore, perform the following steps:
  1. Create a secret with KeyStore file in the tenant namespace.
    kubectl create secret generic "livy-ssl-secret" --from-file="./path/to/ssl_keystore"

    The secret must have a KeyStore file stored under a particular key.

  2. To configure the Livy with SSL configurations, set extraConfigs section in values.yaml file.
    For example, if the secret name is livy-ssl-secret, KeyStore name in secret is ssl-keystore, and passwords are examplepass, update the values.yaml file as follows:
      useCustomKeystore: true
      sslSecretName: "livy-ssl-secret"
      secretMountPath: /var/livy
      livy.conf: |
        livy.keystore = /var/livy/ssl_keystore
        livy.keystore.password = examplepass
        livy.key-password = examplepass