-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support switch to non-TLS UI #369
Comments
Looking forward to get this feature! I was also a bit confused that by default a NodePort will be exposed and there is no way to disable this or reconfigure it to use a regular ClusterIP, LoadBalancer etc. I am missing from the operator(s) some ways to override usual things that can be overridden in nearly all helm charts etc. I've got the same use case (exposing NiFi via ingress), maybe my workaround can help someone. I configured my Traefik ingress controller accordingly to accept insecure https. Here are some more details: apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: simple-nifi-cluster
namespace: stackable
spec:
rules:
- host: {{ .Values.ingress.host }}
http:
paths:
- backend:
service:
name: simple-nifi-cluster
port:
name: https
path: /
pathType: Prefix
tls:
- hosts:
- {{ .Values.ingress.host }}
---
apiVersion: v1
kind: Service
metadata:
name: simple-nifi-cluster
namespace: stackable
annotations:
traefik.ingress.kubernetes.io/service.serverstransport: stackable-simple-nifi-cluster@kubernetescrd
spec:
type: ClusterIP
ports:
- name: https
port: 8443
protocol: TCP
targetPort: 8443
selector:
app.kubernetes.io/component: node
app.kubernetes.io/instance: simple-nifi
app.kubernetes.io/name: nifi
---
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
name: simple-nifi-cluster
namespace: stackable
spec:
serverName: {{ .Values.ingress.host }}
insecureSkipVerify: true The And for your kind: NifiCluster
...
spec:
...
nodes:
configOverrides:
nifi.properties:
{{ if .Values.ingress.host -}}
nifi.web.proxy.host: {{ .Values.ingress.host }}
{{- end }} |
Affected version
nifi-operator-0.6.0
Current and expected behavior
Current behavior
defaults
When using Nifi in a default setting, I fail to establish an ingress properly exposing the Nifi UI to the outside, probably because Nifi is set to use httpS/8443.
with overrides
When providing overriding Nifi settings to use http/8080
the ingress is working, but Nifi is unstable because health checks (still assuming 8443) are always failing.
Expected behavior
There's a supported way to use Ingress with the Nifi UI with health checks succeeding.
Bonus
Operator recognizes http/https and will set up a k8s Service accordingly.
Possible solution
No response
Additional context
off-topic: trying to open a feature request led to a 404 for me.
Environment
k3s
Would you like to work on fixing this bug?
No response
The text was updated successfully, but these errors were encountered: