Configure AWS S3 as state backend via AWS Privatelink from on-prem
I'm running flink v1.18.1 workloads on on-premise K8s cluster via deployment of FlinkDeployment CR jobs.
The on-prem environment has no access to the public internet - and I've been advised to configure my deployments to use a privatelink S3 endpoint that's been setup - and not the public s3.eu-central-1.amazonaws.com endpoint.
The AWS privatelink endpoint looks like this - vpce-<abc>-<efg>.s3.eu-central-1.vpce.amazonaws.com.
I've updated the flinkConfiguration in my k8s deployment like so:
s3.access-key: "$S3_ACCESS_KEY"
s3.secret-key: "$S3_SECRET_KEY"
s3.endpoint: vpce-<abc>-<efg>.s3.eu-central-1.vpce.amazonaws.com
s3.region: eu-central-1
The issue that I have is that the checkpoint init timesout - I've attached the JobManager log and the Flink UI checkpoints tab for this.
Is there anything else I need to configure?
I've got a working solution for this now - these are the config key/values in my flinkConfiguration:
state.checkpoints.dir: s3a://<bucket>/<folder>/state-checkpoints
state.savepoints.dir: s3a://<bucket>/<folder>/state-savepoints
execution.savepoint.path: s3a://<bucket>/<folder>/execution-savepoints
# secrets
s3.access-key: "$S3_ACCESS_KEY"
s3.secret-key: "$S3_SECRET_KEY"
## hadoop configs
s3.endpoint: https://bucket.vpce-<abc>-<efg>.s3.eu-central-1.vpce.amazonaws.com
s3.endpoint.region: eu-central-1
s3.region: eu-central-1
s3.path.style.access: "true"
I had to explicitly use s3a for the S3 urls - with just the s3 URL, the checkpointing operation seemed to use the Presto filesytem implementation to write the checkpoint.
This URL for the Hadoop S3 connector had pretty good details on how to configure this - however the Presto S3 connector doc didn't seem to touch on via privatelink connections at all.
- Configure AWS S3 as state backend via AWS Privatelink from on-prem
- Over Windows in Batch Mode
- Apache Flink, number of Task Slot vs env.setParallelism
- Issue while adding Tumble Window/Watermark with TIMESTAMP AS event_time to view
- Using Flink's state as a cache
- How can I support multiple KeyBy?
- Early(?) Triggering of Flink's Event Time Windows and Non-Deterministic Results
- Unable to stream data to azure blob using flink job
- Flink Scheduled JDBC Source
- Event sourcing with CDC and stream processing
- Graphite Metric Reporter for Apache Flink does not recognize Port value
- Getting JAR file from S3 using Flink Kubernetes operator
- Unable to sink Hudi table to S3 in Flink
- Unable to start a pyFlink job from savepoint
- Elastic Scaling in Apache Flink and minimum parallelism
- Flink Windows - how to emit intermediate results as soon as new event comes in?
- How can I use Flink SQL to aggregate each list within a DataStream<List<Row>>?
- How to submit job with python language to Apache Flink?
- java.io.IOException: No FileSystem for scheme: s3 in Flink
- How to change the file name with updated date in flink job
- Difference between nifi and flink nussknacker
- Batch elements in Apache Flink
- Flink SQL left join inserting null values to right table even after showing matching records
- Apache Flink job trying to read from Mongo via cdc source connector results in MongoTimeoutException
- How is data handled by task workers from Kafka when using keyed partitioning?
- How to unit test a Flink ProcessFunction?
- Did Apache Flink drop the StreamOperatorTestHarness classes, or did they move to a different artifact?
- Execution error when trying to run pyflink Word_count.py in Flink
- How to read state generate by flink sql code
- Unit Tests failing when upgrading Apache Flink from 1.16 to 1.20 - ClassNotFoundException: org.apache.flink.api.common.ExecutionConfig