Object Storage with SSL/TLS Enabled¶

You only need to import the Object Storage certificate into the Lakehouse Accelerator’s truststore if the certificate is self-signed or it is signed by a private authority that does not exist within the Lakehouse Accelerator’s truststore.

To import the certificate is necessary to add the certificate in lakehouseaccelerator\presto\secrets\certs and lakehouseaccelerator\hive-metastore\secrets\certs directories. This way the certificate will be automatically imported into the Lakehouse Accelerator’s truststores (Presto and Hive Metastore).

To check that the certificate has been imported correctly, use kubectl logs <presto-coordinator pod> -c init-cacert and kubectl logs <hive-metastore pod> -c init-cacert commands to check the logs.

If successful, the message will be:

Adding /opt/certs/storage.cer to keystore
Certificate was added to keystore

If it fails, the message will display an error, e.g.:

Adding /opt/certs/storage.cer to keystore
keytool error\: java.lang.Exception: Input not an X.509 certificate

If there were errors when importing the certificate and you run kubectl get pods Lakehouse Accelerator pods will display error states like Init:Error or Init:CrashLoopBackOff.

GET PODS
NAME                                 READY   STATUS       RESTARTS     AGE
presto-coordinator-fdbd79df5-p77ll   0/1     Init:Error   1 (2s ago)   3s
presto-worker-76cf6864b5-gshv5       0/1     Init:Error   1 (2s ago)   3s
presto-worker-76cf6864b5-jxrxh       0/1     Init:Error   1 (2s ago)   3s
presto-coordinator-fdbd79df5-p77ll   0/1     Init:CrashLoopBackOff   1 (12s ago)   14s
presto-worker-76cf6864b5-gshv5       0/1     Init:CrashLoopBackOff   1 (12s ago)   14s
presto-worker-76cf6864b5-jxrxh       0/1     Init:CrashLoopBackOff   1 (13s ago)   15s
hive-metastore-f6f588fb-f9qrd        0/1     Init:Error   0            23s
hive-metastore-f6f588fb-f9qrd        0/1     Init:CrashLoopBackOff   1 (32s ago)   2m28s