Support switch to non-TLS UI

[berndfo]

Affected version

nifi-operator-0.6.0

Current and expected behavior

Current behavior

1. defaults
   When using Nifi in a default setting, I fail to establish an ingress properly exposing the Nifi UI to the outside, probably because Nifi is set to use httpS/8443.

2. with overrides
   When providing overriding Nifi settings to use http/8080

configOverrides:
   nifi.properties:
     nifi.web.https.host: ""
     nifi.web.https.port: ""
     nifi.web.http.host: "0.0.0.0"
     nifi.web.http.port: "8080"
     nifi.cluster.protocol.is.secure: "false"

the ingress is working, but Nifi is unstable because health checks (still assuming 8443) are always failing.

Expected behavior

There's a supported way to use Ingress with the Nifi UI with health checks succeeding.

Bonus

Operator recognizes http/https and will set up a k8s Service accordingly.

Possible solution

No response

Additional context

off-topic: trying to open a feature request led to a 404 for me.

Environment

k3s

Would you like to work on fixing this bug?

No response

[chris922]

Looking forward to get this feature! I was also a bit confused that by default a NodePort will be exposed and there is no way to disable this or reconfigure it to use a regular ClusterIP, LoadBalancer etc. I am missing from the operator(s) some ways to override usual things that can be overridden in nearly all helm charts etc.

I've got the same use case (exposing NiFi via ingress), maybe my workaround can help someone.

I configured my Traefik ingress controller accordingly to accept insecure https. Here are some more details:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: simple-nifi-cluster
  namespace: stackable
spec:
  rules:
    - host: {{ .Values.ingress.host }}
      http:
        paths:
          - backend:
              service:
                name: simple-nifi-cluster
                port:
                  name: https
            path: /
            pathType: Prefix
  tls:
    - hosts:
        - {{ .Values.ingress.host }}

---

apiVersion: v1
kind: Service
metadata:
  name: simple-nifi-cluster
  namespace: stackable
  annotations:
    traefik.ingress.kubernetes.io/service.serverstransport: stackable-simple-nifi-cluster@kubernetescrd
spec:
  type: ClusterIP
  ports:
  - name: https
    port: 8443
    protocol: TCP
    targetPort: 8443
  selector:
    app.kubernetes.io/component: node
    app.kubernetes.io/instance: simple-nifi
    app.kubernetes.io/name: nifi

---

apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
  name: simple-nifi-cluster
  namespace: stackable
spec:
  serverName: {{ .Values.ingress.host }}
  insecureSkipVerify: true

The Service annotations value must have the format {{namespace}}-{{service-name}}@kubernetescrd and update the simple-nifi value everywhere with your NiFi cluster name.

And for your NifiCluster override the nifi.web.proxy.host setting (restart pod afterwards due to #531):

kind: NifiCluster
...
spec:
  ...
  nodes:
    configOverrides:
      nifi.properties:
        {{ if .Values.ingress.host -}}
        nifi.web.proxy.host: {{ .Values.ingress.host }}
        {{- end }}