Using Custom KeyStore

This topic describes how to use custom KeyStore for Spark History Server SSL encryption for non data-fabric (none) tenants.

A Java keystore is a repository of security certificates and their corresponding private keys used for SSL encryptions.

To use the custom KeyStore, perform the following steps:
  1. Create a secret with KeyStore file in a tenant namespace.
    kubectl create secret generic "spark-ssl-secret" --from-file="./path/to/ssl_keystore"
    The secret must have a keystore file stored under a particular key.
  2. To configure the Spark History Server with SSL configurations, set sparkExtraConfigs section on values.yaml file.
    For example, if the secret name is spark-ssl-secret, KeyStore name in secret is ssl-keystore, and passwords are examplepass, update the values.yaml file as follows:
      useCustomKeystore: true
      sslSecretName: "spark-ssl-secret"
      secretMountPath: /var/spark
    sparkExtraConfigs: |
      spark.ssl.historyServer.enabled           true
      spark.ssl.historyServer.keyStore          /var/spark/ssl_keystore
      spark.ssl.historyServer.keyStorePassword  examplepass
      spark.ssl.historyServer.keyPassword       examplepass
      spark.ssl.historyServer.protocol          TLSv1.2
      spark.ssl.historyServer.keyStoreType      PKCS12