Hello,
I followed this link to install ECK and now I want to use Spark with ECK by using SSL. I read the following documentation. However for the following configuration I don't know where to find the keystore and truststore files.
Can someone explain where to find them ?
Thanks
Hi,
You have to create the keystore. Assuming you are using the default, self signed, certificates with ECK you can find more information about how to get CA cert here: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-accessing-elastic-services.html#k8s-request-elasticsearch-endpoint
You can then create a keystore, mount it as a secret if Spark is deployed in K8S and set the correct values for Elasticsearch for Hadoop.
Hi @michael.morello, thanks for your reply !
Can you recommend documentation to create the keystore from CA ? I found ones but it didn't work 
.
Futhermore, do I need to create a truststore as well if i use the self-signed certificate ?
Regards
Sorry, I think you should actually add the CA to a truststore, not a keystore
Also note that it will only work if you access Elasticsearch from the k8s cluster since the certificates, by default, only contains some predefined subjects like:
cluster-namecluster-name.cluster-namespacecluster-name.cluster-namespace.svcSee here if you want to add your own subjects.
re. the way to create a keystore I think that something like keytool -import -alias ca -file /path/to/ca.crt -keystore cacerts -storepass changethispassword should work
Thanks @michael.morello, I achieved to generate the truststore.jks file and it can be read by my spark job. However, I got an error "Invalid keystore format". I will open a new topic about this error.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.