[
https://issues.apache.org/jira/browse/NIFI-7246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17215494#comment-17215494
]
Sebastian Valle edited comment on NIFI-7246 at 10/16/20, 4:58 PM:
------------------------------------------------------------------
Hi. This change would greatly benefit my particular use case:
We run NiFi on k8s with 5 nodes and hard limits on the memory consumption of
each node, every time one of the pods gets killed and restarted due to memory
usage, the load balancer (nginx ingress) directs the traffic to another pod
thus invalidating the JWT, and causing whatever UI operation we were doing to
fail. Aside from that, when we reload the page the UI remains in a reload loop
due to a failure of the new pod to validate the JWT (outputting JWT validation
errors in the console), only clearing the localStorage (particularly the "jwt"
variable) fixes the infinite-reload issue.
If all nodes used the same JWT key then this problem would simply go away, if a
node fails then another one can pick up the request and authorize it properly.
For the record, the second problem i mentioned is being tracked as NIFI-7771
was (Author: subv):
Hi. This change would greatly benefit my particular use case:
We run NiFi on k8s with 5 nodes and hard limits on the memory consumption of
each node, every time one of the pods gets killed and restarted due to memory
usage, the load balancer (nginx ingress) directs the traffic to another pod
thus invalidating the JWT, and causing whatever UI operation we were doing to
fail. Aside from that, when we reload the page the UI remains in a reload loop
due to a failure of the new pod to validate the JWT (outputting JWT validation
errors in the console), only clearing the localStorage (particularly the "jwt"
variable) fixes the infinite-reload issue.
If all nodes used the same JWT key then this problem would simply go away, if a
node fails then another one can pick up the request and authorize it properly.
> JWT Generated by a node in the cluster is not honored by other nodes in the
> cluster.
> ------------------------------------------------------------------------------------
>
> Key: NIFI-7246
> URL: https://issues.apache.org/jira/browse/NIFI-7246
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Security
> Reporter: Shreyas KC
> Priority: Major
> Time Spent: 1h
> Remaining Estimate: 0h
>
> In an externally load balanced cluster without sticky session, it is not
> possible to currently share the JWT generated by one node with the rest of
> the nodes in the cluster.
> Hence we need a mechanism where we can introduce static key in the
> nifi.properties in its chosen by the cluster administrator.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
