From 4b989805965c8da67dd61bc81c7a68a51083510f Mon Sep 17 00:00:00 2001 From: Maxi Wittich Date: Wed, 14 May 2025 20:41:03 +0200 Subject: [PATCH 01/16] Adding if clause to deactivate service port metrics if nifi 2.x.x is deployed --- rust/operator-binary/src/controller.rs | 32 +++++++++++++++----------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index cca71af6..6d73376c 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -810,6 +810,23 @@ fn build_node_rolegroup_service( resolved_product_image: &ResolvedProductImage, rolegroup: &RoleGroupRef, ) -> Result { + let mut enabled_ports = vec![ServicePort { + name: Some(HTTPS_PORT_NAME.to_string()), + port: HTTPS_PORT.into(), + protocol: Some("TCP".to_string()), + ..ServicePort::default() + }]; + + // Nifi 2.x.x offers nifi-api/flow/metrics/prometheus at the HTTPS_PORT, therefore METRICS_PORT is not necessary anymore. + if resolved_product_image.product_version.starts_with("1.") { + enabled_ports.push(ServicePort { + name: Some(METRICS_PORT_NAME.to_string()), + port: METRICS_PORT.into(), + protocol: Some("TCP".to_string()), + ..ServicePort::default() + }) + } + Ok(Service { metadata: ObjectMetaBuilder::new() .name_and_namespace(nifi) @@ -829,20 +846,7 @@ fn build_node_rolegroup_service( // Internal communication does not need to be exposed type_: Some("ClusterIP".to_string()), cluster_ip: Some("None".to_string()), - ports: Some(vec![ - ServicePort { - name: Some(HTTPS_PORT_NAME.to_string()), - port: HTTPS_PORT.into(), - protocol: Some("TCP".to_string()), - ..ServicePort::default() - }, - ServicePort { - name: Some(METRICS_PORT_NAME.to_string()), - port: METRICS_PORT.into(), - protocol: Some("TCP".to_string()), - ..ServicePort::default() - }, - ]), + ports: Some(enabled_ports), selector: Some( Labels::role_group_selector(nifi, APP_NAME, &rolegroup.role, &rolegroup.role_group) .context(LabelBuildSnafu)? From 56822312514bcb252fff979305b612b50ea5e70f Mon Sep 17 00:00:00 2001 From: Maxi Wittich Date: Wed, 14 May 2025 20:51:26 +0200 Subject: [PATCH 02/16] Add container port only if nifi 1xx --- rust/operator-binary/src/controller.rs | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index 6d73376c..479fe1da 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -1072,7 +1072,7 @@ async fn build_node_rolegroup_statefulset( create_vector_shutdown_file_command = create_vector_shutdown_file_command(STACKABLE_LOG_DIR), }]; - let container_nifi = container_builder + let mut container_nifi = container_builder .image_from_product_image(resolved_product_image) .command(vec![ "/bin/bash".to_string(), @@ -1121,7 +1121,6 @@ async fn build_node_rolegroup_statefulset( .add_container_port(HTTPS_PORT_NAME, HTTPS_PORT.into()) .add_container_port(PROTOCOL_PORT_NAME, PROTOCOL_PORT.into()) .add_container_port(BALANCE_PORT_NAME, BALANCE_PORT.into()) - .add_container_port(METRICS_PORT_NAME, METRICS_PORT.into()) .liveness_probe(Probe { initial_delay_seconds: Some(10), period_seconds: Some(10), @@ -1143,6 +1142,11 @@ async fn build_node_rolegroup_statefulset( }) .resources(merged_config.resources.clone().into()); + // Nifi 2.x.x offers nifi-api/flow/metrics/prometheus at the HTTPS_PORT, therefore METRICS_PORT is not necessary anymore. + if resolved_product_image.product_version.starts_with("1.") { + container_nifi.add_container_port(METRICS_PORT_NAME, METRICS_PORT.into()); + } + let mut pod_builder = PodBuilder::new(); add_graceful_shutdown_config(merged_config, &mut pod_builder).context(GracefulShutdownSnafu)?; From 0e068d3294a4aebbc02f97c0ccd0850fd14e1a44 Mon Sep 17 00:00:00 2001 From: Maxi Wittich Date: Wed, 14 May 2025 21:10:20 +0200 Subject: [PATCH 03/16] remove mut from container_nifi --- rust/operator-binary/src/controller.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index 479fe1da..14d1087d 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -1072,7 +1072,7 @@ async fn build_node_rolegroup_statefulset( create_vector_shutdown_file_command = create_vector_shutdown_file_command(STACKABLE_LOG_DIR), }]; - let mut container_nifi = container_builder + let container_nifi = container_builder .image_from_product_image(resolved_product_image) .command(vec![ "/bin/bash".to_string(), From afa25da1ec4b107bafbf7e1ce4c99e2820b5cbb7 Mon Sep 17 00:00:00 2001 From: Maxi Wittich Date: Wed, 14 May 2025 22:18:44 +0200 Subject: [PATCH 04/16] Adding interface.lo to nifi.properties --- rust/operator-binary/src/config/mod.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/rust/operator-binary/src/config/mod.rs b/rust/operator-binary/src/config/mod.rs index b075c495..c311f2a1 100644 --- a/rust/operator-binary/src/config/mod.rs +++ b/rust/operator-binary/src/config/mod.rs @@ -455,6 +455,10 @@ pub fn build_nifi_properties( "nifi.web.https.network.interface.default".to_string(), "".to_string(), ); + properties.insert( + "nifi.web.https.network.interface.lo".to_string(), + "lo".to_string(), + ); properties.insert( "nifi.web.jetty.working.directory".to_string(), "./work/jetty".to_string(), From 0deba3ebfed23842977065c15766e3a7c2238c46 Mon Sep 17 00:00:00 2001 From: Maxi Wittich Date: Mon, 19 May 2025 15:18:59 +0200 Subject: [PATCH 05/16] Adapting startup and liveness probe --- rust/operator-binary/src/controller.rs | 30 +++++++++++++++++++------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index 14d1087d..81fa1212 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -37,8 +37,8 @@ use stackable_operator::{ apps::v1::{StatefulSet, StatefulSetSpec, StatefulSetUpdateStrategy}, core::v1::{ ConfigMap, ConfigMapKeySelector, ConfigMapVolumeSource, EmptyDirVolumeSource, - EnvVar, EnvVarSource, Node, ObjectFieldSelector, Probe, SecretVolumeSource, - Service, ServicePort, ServiceSpec, TCPSocketAction, Volume, + EnvVar, EnvVarSource, ExecAction, Node, ObjectFieldSelector, Probe, + SecretVolumeSource, Service, ServicePort, ServiceSpec, TCPSocketAction, Volume, }, }, apimachinery::pkg::{apis::meta::v1::LabelSelector, util::intstr::IntOrString}, @@ -1121,12 +1121,20 @@ async fn build_node_rolegroup_statefulset( .add_container_port(HTTPS_PORT_NAME, HTTPS_PORT.into()) .add_container_port(PROTOCOL_PORT_NAME, PROTOCOL_PORT.into()) .add_container_port(BALANCE_PORT_NAME, BALANCE_PORT.into()) + // Probes have been changed to exec as we introduced nifi.web.https.network.interface.lo=lo by default. + // Probe will succeed for any HTTPS errors ( SIN Invalid, 400 ) as this confirms the port to be open. .liveness_probe(Probe { initial_delay_seconds: Some(10), period_seconds: Some(10), - tcp_socket: Some(TCPSocketAction { - port: IntOrString::String(HTTPS_PORT_NAME.to_string()), - ..TCPSocketAction::default() + exec: Some(ExecAction { + command: Some(vec![ + "/bin/bash".to_string(), + "-c".to_string(), + // "-euo".to_string(), + // "pipefail".to_string(), + "curl --insecure --silent --head https://127.0.0.1:8443/nifi > /dev/null || true" + .to_string(), + ]), }), ..Probe::default() }) @@ -1134,9 +1142,15 @@ async fn build_node_rolegroup_statefulset( initial_delay_seconds: Some(10), period_seconds: Some(10), failure_threshold: Some(20 * 6), - tcp_socket: Some(TCPSocketAction { - port: IntOrString::String(HTTPS_PORT_NAME.to_string()), - ..TCPSocketAction::default() + exec: Some(ExecAction { + command: Some(vec![ + "/bin/bash".to_string(), + "-c".to_string(), + // "-euo".to_string(), + // "pipefail".to_string(), + "curl --insecure --silent --head https://127.0.0.1:8443/nifi > /dev/null || true" + .to_string(), + ]), }), ..Probe::default() }) From d861fd374430f69228dc58741f9346e2d036cb5f Mon Sep 17 00:00:00 2001 From: Maxi Wittich Date: Mon, 19 May 2025 15:20:48 +0200 Subject: [PATCH 06/16] Removing old bash options --- rust/operator-binary/src/controller.rs | 4 ---- 1 file changed, 4 deletions(-) diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index 81fa1212..84efe4ec 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -1130,8 +1130,6 @@ async fn build_node_rolegroup_statefulset( command: Some(vec![ "/bin/bash".to_string(), "-c".to_string(), - // "-euo".to_string(), - // "pipefail".to_string(), "curl --insecure --silent --head https://127.0.0.1:8443/nifi > /dev/null || true" .to_string(), ]), @@ -1146,8 +1144,6 @@ async fn build_node_rolegroup_statefulset( command: Some(vec![ "/bin/bash".to_string(), "-c".to_string(), - // "-euo".to_string(), - // "pipefail".to_string(), "curl --insecure --silent --head https://127.0.0.1:8443/nifi > /dev/null || true" .to_string(), ]), From 41f0500da14f295e6c2749fe7b3bd19709c4cf8f Mon Sep 17 00:00:00 2001 From: Maxi Wittich Date: Mon, 19 May 2025 15:21:35 +0200 Subject: [PATCH 07/16] Removing uneccessary imports --- rust/operator-binary/src/controller.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index 84efe4ec..1912d9d0 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -38,10 +38,10 @@ use stackable_operator::{ core::v1::{ ConfigMap, ConfigMapKeySelector, ConfigMapVolumeSource, EmptyDirVolumeSource, EnvVar, EnvVarSource, ExecAction, Node, ObjectFieldSelector, Probe, - SecretVolumeSource, Service, ServicePort, ServiceSpec, TCPSocketAction, Volume, + SecretVolumeSource, Service, ServicePort, ServiceSpec, Volume, }, }, - apimachinery::pkg::{apis::meta::v1::LabelSelector, util::intstr::IntOrString}, + apimachinery::pkg::apis::meta::v1::LabelSelector, }, kube::{ Resource, ResourceExt, From a0e497204a61948490f49de17ebf8fe2d4710a8f Mon Sep 17 00:00:00 2001 From: Maxi Wittich Date: Mon, 19 May 2025 15:36:02 +0200 Subject: [PATCH 08/16] Adding docs for portforwarding --- docs/modules/nifi/pages/troubleshooting/index.adoc | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/modules/nifi/pages/troubleshooting/index.adoc b/docs/modules/nifi/pages/troubleshooting/index.adoc index 020770b3..4f8fd10a 100644 --- a/docs/modules/nifi/pages/troubleshooting/index.adoc +++ b/docs/modules/nifi/pages/troubleshooting/index.adoc @@ -21,6 +21,18 @@ spec: == `HTTP ERROR 400 Invalid SNI` +=== Local PORT-FORWARD + +Since NiFi requires a valid SIN, we need to configure `/etc/hosts` by adding e.g. from NiFi xref:getting_started/index.adoc[getting started] +[source,text] +---- +127.0.0.1 simple-nifi-node-default-0.simple-nifi-node-default.default.svc.cluster.local +---- + +from here you should be able to access your local Nifi instance from `https://127.0.0.1:8443` + +=== NGINX ingress-controller + You are very likely accessing a NiFi >= 2.0 stacklet using HTTPS to secure its WebUI and an Ingress in front of it. The URL requested by the ingress-controller (such as nginx) needs to be the FQDN of the nifi service, not only the service name. You can instruct nginx ingress to use the FQDN by setting the following annotation: From 77ce68177cf6c95b85405894f0a64520e13ee028 Mon Sep 17 00:00:00 2001 From: Maximilian Wittich <56642549+Maleware@users.noreply.github.com> Date: Tue, 3 Jun 2025 12:45:39 +0200 Subject: [PATCH 09/16] Update docs/modules/nifi/pages/troubleshooting/index.adoc Co-authored-by: Malte Sander --- docs/modules/nifi/pages/troubleshooting/index.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/modules/nifi/pages/troubleshooting/index.adoc b/docs/modules/nifi/pages/troubleshooting/index.adoc index 4f8fd10a..41c1ed2a 100644 --- a/docs/modules/nifi/pages/troubleshooting/index.adoc +++ b/docs/modules/nifi/pages/troubleshooting/index.adoc @@ -23,7 +23,7 @@ spec: === Local PORT-FORWARD -Since NiFi requires a valid SIN, we need to configure `/etc/hosts` by adding e.g. from NiFi xref:getting_started/index.adoc[getting started] +Since NiFi requires a valid SNI (Server Name Indication), we need to configure `/etc/hosts` by adding e.g. from NiFi xref:getting_started/index.adoc[getting started] [source,text] ---- 127.0.0.1 simple-nifi-node-default-0.simple-nifi-node-default.default.svc.cluster.local From 2d22cd4bcd6ac93817a8d803c713b004f0f79b5f Mon Sep 17 00:00:00 2001 From: Maximilian Wittich <56642549+Maleware@users.noreply.github.com> Date: Tue, 3 Jun 2025 12:45:45 +0200 Subject: [PATCH 10/16] Update rust/operator-binary/src/controller.rs Co-authored-by: Malte Sander --- rust/operator-binary/src/controller.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index c15f84b3..882535f2 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -1145,7 +1145,7 @@ async fn build_node_rolegroup_statefulset( .add_container_port(PROTOCOL_PORT_NAME, PROTOCOL_PORT.into()) .add_container_port(BALANCE_PORT_NAME, BALANCE_PORT.into()) // Probes have been changed to exec as we introduced nifi.web.https.network.interface.lo=lo by default. - // Probe will succeed for any HTTPS errors ( SIN Invalid, 400 ) as this confirms the port to be open. + // Probe will succeed for any HTTPS errors (SNI Invalid, 400) as this confirms the port to be open. .liveness_probe(Probe { initial_delay_seconds: Some(10), period_seconds: Some(10), From 5ff01b2ee8c5f3eea4de7ab1a5a0090dc12b30b5 Mon Sep 17 00:00:00 2001 From: Maxi Wittich Date: Tue, 3 Jun 2025 13:01:52 +0200 Subject: [PATCH 11/16] Removing property and add documentation --- .../nifi/pages/troubleshooting/index.adoc | 13 ++++++++- rust/operator-binary/src/config/mod.rs | 4 --- rust/operator-binary/src/controller.rs | 28 ++++++------------- 3 files changed, 21 insertions(+), 24 deletions(-) diff --git a/docs/modules/nifi/pages/troubleshooting/index.adoc b/docs/modules/nifi/pages/troubleshooting/index.adoc index 41c1ed2a..e4e7f6bb 100644 --- a/docs/modules/nifi/pages/troubleshooting/index.adoc +++ b/docs/modules/nifi/pages/troubleshooting/index.adoc @@ -23,7 +23,16 @@ spec: === Local PORT-FORWARD -Since NiFi requires a valid SNI (Server Name Indication), we need to configure `/etc/hosts` by adding e.g. from NiFi xref:getting_started/index.adoc[getting started] +Since NiFi requires a valid SNI (Server Name Indication), we need to configure the nifi property +[source,yaml] +---- + configOverrides: + nifi.properties: + nifi.web.https.network.interface.lo: "lo" +---- + +and change `/etc/hosts` by adding e.g. from NiFi xref:getting_started/index.adoc[getting started] + [source,text] ---- 127.0.0.1 simple-nifi-node-default-0.simple-nifi-node-default.default.svc.cluster.local @@ -31,6 +40,8 @@ Since NiFi requires a valid SNI (Server Name Indication), we need to configure ` from here you should be able to access your local Nifi instance from `https://127.0.0.1:8443` +WARNING: Although this should add to existing binds, testing revealed it is not. Hence cluster internal communication won't work at this point. + === NGINX ingress-controller You are very likely accessing a NiFi >= 2.0 stacklet using HTTPS to secure its WebUI and an Ingress in front of it. diff --git a/rust/operator-binary/src/config/mod.rs b/rust/operator-binary/src/config/mod.rs index c311f2a1..b075c495 100644 --- a/rust/operator-binary/src/config/mod.rs +++ b/rust/operator-binary/src/config/mod.rs @@ -455,10 +455,6 @@ pub fn build_nifi_properties( "nifi.web.https.network.interface.default".to_string(), "".to_string(), ); - properties.insert( - "nifi.web.https.network.interface.lo".to_string(), - "lo".to_string(), - ); properties.insert( "nifi.web.jetty.working.directory".to_string(), "./work/jetty".to_string(), diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index 882535f2..13e60608 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -37,11 +37,11 @@ use stackable_operator::{ apps::v1::{StatefulSet, StatefulSetSpec, StatefulSetUpdateStrategy}, core::v1::{ ConfigMap, ConfigMapKeySelector, ConfigMapVolumeSource, EmptyDirVolumeSource, - EnvVar, EnvVarSource, ExecAction, Node, ObjectFieldSelector, Probe, - SecretVolumeSource, Service, ServicePort, ServiceSpec, Volume, + EnvVar, EnvVarSource, Node, ObjectFieldSelector, Probe, SecretVolumeSource, + Service, ServicePort, ServiceSpec, TCPSocketAction, Volume, }, }, - apimachinery::pkg::apis::meta::v1::LabelSelector, + apimachinery::pkg::{apis::meta::v1::LabelSelector, util::intstr::IntOrString}, }, kube::{ Resource, ResourceExt, @@ -1144,18 +1144,12 @@ async fn build_node_rolegroup_statefulset( .add_container_port(HTTPS_PORT_NAME, HTTPS_PORT.into()) .add_container_port(PROTOCOL_PORT_NAME, PROTOCOL_PORT.into()) .add_container_port(BALANCE_PORT_NAME, BALANCE_PORT.into()) - // Probes have been changed to exec as we introduced nifi.web.https.network.interface.lo=lo by default. - // Probe will succeed for any HTTPS errors (SNI Invalid, 400) as this confirms the port to be open. .liveness_probe(Probe { initial_delay_seconds: Some(10), period_seconds: Some(10), - exec: Some(ExecAction { - command: Some(vec![ - "/bin/bash".to_string(), - "-c".to_string(), - "curl --insecure --silent --head https://127.0.0.1:8443/nifi > /dev/null || true" - .to_string(), - ]), + tcp_socket: Some(TCPSocketAction { + port: IntOrString::String(HTTPS_PORT_NAME.to_string()), + ..TCPSocketAction::default() }), ..Probe::default() }) @@ -1163,13 +1157,9 @@ async fn build_node_rolegroup_statefulset( initial_delay_seconds: Some(10), period_seconds: Some(10), failure_threshold: Some(20 * 6), - exec: Some(ExecAction { - command: Some(vec![ - "/bin/bash".to_string(), - "-c".to_string(), - "curl --insecure --silent --head https://127.0.0.1:8443/nifi > /dev/null || true" - .to_string(), - ]), + tcp_socket: Some(TCPSocketAction { + port: IntOrString::String(HTTPS_PORT_NAME.to_string()), + ..TCPSocketAction::default() }), ..Probe::default() }) From 3693df0434147f86d8be5b20656f8ae0daf46120 Mon Sep 17 00:00:00 2001 From: Maximilian Wittich <56642549+Maleware@users.noreply.github.com> Date: Tue, 3 Jun 2025 13:51:35 +0200 Subject: [PATCH 12/16] Apply suggestions from code review Adding review comments Co-authored-by: Malte Sander --- docs/modules/nifi/pages/troubleshooting/index.adoc | 4 ++-- rust/operator-binary/src/controller.rs | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/modules/nifi/pages/troubleshooting/index.adoc b/docs/modules/nifi/pages/troubleshooting/index.adoc index e4e7f6bb..63bd0aa5 100644 --- a/docs/modules/nifi/pages/troubleshooting/index.adoc +++ b/docs/modules/nifi/pages/troubleshooting/index.adoc @@ -23,7 +23,7 @@ spec: === Local PORT-FORWARD -Since NiFi requires a valid SNI (Server Name Indication), we need to configure the nifi property +Since NiFi requires a valid SNI (Server Name Indication), for local testing you need to configure the NiFi property: [source,yaml] ---- configOverrides: @@ -38,7 +38,7 @@ and change `/etc/hosts` by adding e.g. from NiFi xref:getting_started/index.adoc 127.0.0.1 simple-nifi-node-default-0.simple-nifi-node-default.default.svc.cluster.local ---- -from here you should be able to access your local Nifi instance from `https://127.0.0.1:8443` +from here you should be able to access your local NiFi instance via `https://127.0.0.1:8443` WARNING: Although this should add to existing binds, testing revealed it is not. Hence cluster internal communication won't work at this point. diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index 13e60608..53aae862 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -833,7 +833,7 @@ fn build_node_rolegroup_service( ..ServicePort::default() }]; - // Nifi 2.x.x offers nifi-api/flow/metrics/prometheus at the HTTPS_PORT, therefore METRICS_PORT is not necessary anymore. + // NiFi 2.x.x offers nifi-api/flow/metrics/prometheus at the HTTPS_PORT, therefore METRICS_PORT is only required for NiFi 1.x.x... if resolved_product_image.product_version.starts_with("1.") { enabled_ports.push(ServicePort { name: Some(METRICS_PORT_NAME.to_string()), @@ -1165,7 +1165,7 @@ async fn build_node_rolegroup_statefulset( }) .resources(merged_config.resources.clone().into()); - // Nifi 2.x.x offers nifi-api/flow/metrics/prometheus at the HTTPS_PORT, therefore METRICS_PORT is not necessary anymore. + // NiFi 2.x.x offers nifi-api/flow/metrics/prometheus at the HTTPS_PORT, therefore METRICS_PORT is only required for NiFi 1.x.x. if resolved_product_image.product_version.starts_with("1.") { container_nifi.add_container_port(METRICS_PORT_NAME, METRICS_PORT.into()); } From cc4f24bcd8de33b8a0d4c643f772f4db84c10f20 Mon Sep 17 00:00:00 2001 From: Maxi Wittich Date: Tue, 3 Jun 2025 18:37:49 +0200 Subject: [PATCH 13/16] remove docs, not good enough solution --- .../nifi/pages/troubleshooting/index.adoc | 21 ------------------- 1 file changed, 21 deletions(-) diff --git a/docs/modules/nifi/pages/troubleshooting/index.adoc b/docs/modules/nifi/pages/troubleshooting/index.adoc index 63bd0aa5..3723e50b 100644 --- a/docs/modules/nifi/pages/troubleshooting/index.adoc +++ b/docs/modules/nifi/pages/troubleshooting/index.adoc @@ -21,27 +21,6 @@ spec: == `HTTP ERROR 400 Invalid SNI` -=== Local PORT-FORWARD - -Since NiFi requires a valid SNI (Server Name Indication), for local testing you need to configure the NiFi property: -[source,yaml] ----- - configOverrides: - nifi.properties: - nifi.web.https.network.interface.lo: "lo" ----- - -and change `/etc/hosts` by adding e.g. from NiFi xref:getting_started/index.adoc[getting started] - -[source,text] ----- -127.0.0.1 simple-nifi-node-default-0.simple-nifi-node-default.default.svc.cluster.local ----- - -from here you should be able to access your local NiFi instance via `https://127.0.0.1:8443` - -WARNING: Although this should add to existing binds, testing revealed it is not. Hence cluster internal communication won't work at this point. - === NGINX ingress-controller You are very likely accessing a NiFi >= 2.0 stacklet using HTTPS to secure its WebUI and an Ingress in front of it. From 6bc0402dd2e8fbf6983993c80d5d806919cf09ed Mon Sep 17 00:00:00 2001 From: Maxi Wittich Date: Tue, 3 Jun 2025 18:38:58 +0200 Subject: [PATCH 14/16] REmove leftover --- docs/modules/nifi/pages/troubleshooting/index.adoc | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/modules/nifi/pages/troubleshooting/index.adoc b/docs/modules/nifi/pages/troubleshooting/index.adoc index 3723e50b..020770b3 100644 --- a/docs/modules/nifi/pages/troubleshooting/index.adoc +++ b/docs/modules/nifi/pages/troubleshooting/index.adoc @@ -21,8 +21,6 @@ spec: == `HTTP ERROR 400 Invalid SNI` -=== NGINX ingress-controller - You are very likely accessing a NiFi >= 2.0 stacklet using HTTPS to secure its WebUI and an Ingress in front of it. The URL requested by the ingress-controller (such as nginx) needs to be the FQDN of the nifi service, not only the service name. You can instruct nginx ingress to use the FQDN by setting the following annotation: From 7b095bef52afa3842232f66c2219ef20cc824ee6 Mon Sep 17 00:00:00 2001 From: Maxi Wittich Date: Wed, 4 Jun 2025 08:57:33 +0200 Subject: [PATCH 15/16] Adding changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ec44e88..f81ec4f9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,7 @@ All notable changes to this project will be documented in this file. - BREAKING: Inject the vector aggregator address into the vector config using the env var `VECTOR_AGGREGATOR_ADDRESS` instead of having the operator write it to the vector config ([#772]). - test: Bump to Vector `0.46.1` ([#789]). +- The ReportingTask metrics ports now is only exposed in NiFi 1.x.x ([#794]) ### Fixed @@ -43,6 +44,7 @@ All notable changes to this project will be documented in this file. [#785]: https://github.com/stackabletech/nifi-operator/pull/785 [#787]: https://github.com/stackabletech/nifi-operator/pull/787 [#789]: https://github.com/stackabletech/nifi-operator/pull/789 +[#794]: https://github.com/stackabletech/nifi-operator/pull/794 ## [25.3.0] - 2025-03-21 From 7ee500b880156bf840679537995d9cf665210c67 Mon Sep 17 00:00:00 2001 From: Maxi Wittich Date: Wed, 4 Jun 2025 09:03:41 +0200 Subject: [PATCH 16/16] removing newline --- CHANGELOG.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2d8afdc9..7dae0373 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -57,7 +57,6 @@ All notable changes to this project will be documented in this file. [#799]: https://github.com/stackabletech/nifi-operator/pull/799 [#801]: https://github.com/stackabletech/nifi-operator/pull/801 - ## [25.3.0] - 2025-03-21 ### Added