That's awesome, sure will take a look. Thanks, Atul
On Mon, Jul 27, 2020, 10:52 PM Sushil Kumar <[email protected]> wrote: > Hello Atul > > You can have a look at the chart at https://github.com/sushilkm/nifi-chart > repository. > I used this chart to generate and use self-signed certificates, and deploy > it over azure. > > Couple of things to note before you use it: > storageclass -> you might need to change the value of storageclass > parameter as per where you trying to deploy > https://github.com/sushilkm/nifi-chart/blob/master/nifi/values.yaml#L58 > You might need to tweak memory parameters as per your requirement, but it > should not matter to test deploy. > https://github.com/sushilkm/nifi-chart/blob/master/nifi/values.yaml#L49-L54 > Do not forget to update the default sizes of volumes. > https://github.com/sushilkm/nifi-chart/blob/master/nifi/values.yaml#L57-L64 > > There are helpful READMEs in project home as well as in the chart > directory. > FYI, this is not a production code, use at your own risk. > > Let me know if you have any questions. > > Thanks > Sushil Kumar > > On Mon, Jul 27, 2020 at 9:15 AM Atul Wankhade <[email protected]> > wrote: > >> >> Hi Sushil, >> >> Would you be kind enough to share the Helm chart unless it's >> confidential? I really want to make this setup work. As said above I am >> generating the certs in the init container, but I am not sure where they >> are getting stored, when I am redirecting to a volume mount I am getting >> below error. >> initContainers: >> - name: nifi-init >> image: "apache/nifi:1.11.1" >> imagePullPolicy: "IfNotPresent" >> command: [*'sh', '-c', >> '/opt/nifi/nifi-toolkit-current/bin/tls-toolkit.sh client -c nifi-ca-cs -t >> Mytesttoken12345 --dn "CN=$(hostname -f), >> OU=NIFI"','>','/opt/nifi/flowfile_repository/'*] >> # volumeMounts: >> # - mountPath: /opt/certs/ >> # name: certs >> volumeMounts: >> - name: "flowfile-repository" >> mountPath: /opt/nifi/flowfile_repository >> [image: image.png] >> I even tried to write the whole command within the same quotes, no luck. >> Gave cetic helm chart a try after getting rid of that error, now nifi pods >> aren't coming up at all :( >> Will it possible for to connect personally? Below is my whatsapp number. >> >> Thanks again for the helping hand, >> Atul >> +91 9766545790 >> >> On Sun, Jul 26, 2020 at 11:57 PM Sushil Kumar <[email protected]> wrote: >> >>> Hello Atul >>> >>> I wrote the chart myself. >>> Cert generation pattern was similar to what you are trying. >>> I ran the server as a separate container, and generated client certs in >>> init-container. >>> >>> Thanks >>> Sushil >>> >>> On Sun, Jul 26, 2020, 9:46 AM Atul Wankhade <[email protected]> >>> wrote: >>> >>>> Hi Sushil, >>>> >>>> I am using Cetic helm chart only. May I know which did you use? Where >>>> did you generate the certs? >>>> >>>> Thanks, >>>> Atul >>>> >>>> On Sat, Jul 25, 2020 at 2:00 AM Sushil Kumar <[email protected]> wrote: >>>> >>>>> Hello Atul >>>>> >>>>> I have recently tried using self signed certificates generated using >>>>> nifi toolkit while using helm chart. >>>>> cetic helm chart is not written completely to accomplish this, >>>>> I may be able to help if you can share your helm chart. >>>>> >>>>> However, as of now the error is in your values.yaml file. >>>>> >>>>> Thanks >>>>> Sushil Kumar >>>>> >>>>> On Fri, Jul 24, 2020 at 9:14 AM Chris Sampson < >>>>> [email protected]> wrote: >>>>> >>>>>> I don't use our know much about helm, but that error suggests you've >>>>>> got something wrong on line 202 of your yaml, so what's on that line (or >>>>>> the lines immediately before/after)? >>>>>> >>>>>> Notice you're using nifi 1.11.1, might be worth considering 1.11.4 if >>>>>> you can to take advantage of several high priority by fixes in nifi (but >>>>>> that won't affect your helm chart). Also, suggest using the >>>>>> apache/nifi-toolkit image for running the toolkit in tls server mode >>>>>> (much >>>>>> lighter weight), but again that's not likely to be causing you a problem >>>>>> here. >>>>>> >>>>>> >>>>>> Cheers, >>>>>> >>>>>> Chris Sampson >>>>>> >>>>>> On Fri, 24 Jul 2020, 15:05 Atul Wankhade, <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Chris I am trying what you have suggested, while passing the init >>>>>>> container params in values.yaml getting below error, can you please >>>>>>> help to >>>>>>> get around this issue. >>>>>>> *Error: cannot load values.yaml: error converting YAML to JSON: >>>>>>> yaml: line 202: did not find expected ',' or '}'* >>>>>>> I am adding below init container config: tried to edit it in >>>>>>> multiple ways no luck :( >>>>>>> >>>>>>> initContainers: { >>>>>>> name: nifi-init >>>>>>> image: "apache/nifi:1.11.1" >>>>>>> imagePullPolicy: "IfNotPresent" >>>>>>> command: ['sh', '-c', >>>>>>> '/opt/nifi/nifi-toolkit-current/bin/tls-toolkit.sh client -c nifi-ca-cs >>>>>>> -t >>>>>>> Mytesttoken12345 --dn "CN=$(hostname -f), OU=NIFI"','>','/opt/certs'] >>>>>>> volumeMounts: >>>>>>> - mountPath: /opt/certs/ >>>>>>> name: certs >>>>>>> } >>>>>>> >>>>>>> Created CA service as below: >>>>>>> apiVersion: apps/v1 >>>>>>> kind: ReplicaSet >>>>>>> metadata: >>>>>>> name: nifi-ca >>>>>>> namespace: nifi >>>>>>> labels: >>>>>>> app: nifi-ca >>>>>>> spec: >>>>>>> # modify replicas according to your case >>>>>>> replicas: 1 >>>>>>> selector: >>>>>>> matchLabels: >>>>>>> app: nifi-ca >>>>>>> template: >>>>>>> metadata: >>>>>>> namespace: nifi >>>>>>> labels: >>>>>>> app: nifi-ca >>>>>>> spec: >>>>>>> containers: >>>>>>> - name: nifi-ca >>>>>>> image: apache/nifi:1.9.2 >>>>>>> ports: >>>>>>> - containerPort: 8443 >>>>>>> name: ca-client-port >>>>>>> command: >>>>>>> - bash >>>>>>> - -c >>>>>>> - | >>>>>>> ../nifi-toolkit-current/bin/tls-toolkit.sh server -c >>>>>>> nifi-ca-cs -t <token> >>>>>>> --- >>>>>>> # Create service for the nifi-ca replica set >>>>>>> apiVersion: v1 >>>>>>> kind: Service >>>>>>> metadata: >>>>>>> name: nifi-ca-cs >>>>>>> namespace: nifi >>>>>>> labels: >>>>>>> app: nifi-ca >>>>>>> spec: >>>>>>> ports: >>>>>>> - port: 8443 >>>>>>> name: ca-client-port >>>>>>> targetPort: 8443 >>>>>>> selector: >>>>>>> app: nifi-ca >>>>>>> >>>>>>> On Fri, Jul 24, 2020 at 10:13 AM Atul Wankhade < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi Andy, >>>>>>>> >>>>>>>> Sorry for the confusion, Nifi is running inside a container on the >>>>>>>> node(Image has java prebuilt). It seems I need to tweak the image to >>>>>>>> generate the certs inside the container. I have done the same >>>>>>>> setup(worked >>>>>>>> fine) On Azure where I used to generate the certs on VM itself for Node >>>>>>>> Identity so I was trying the same on Kubernetes Node but no Java here. >>>>>>>> I am >>>>>>>> new to K8S/Docker so limited by imagination I assume. TLS toolkit is >>>>>>>> part >>>>>>>> of the NiFi image but nowhere documented as how to use it inside the >>>>>>>> container(k8s env). >>>>>>>> Need to explore more on what Chris said. >>>>>>>> >>>>>>>> Thank you guys >>>>>>>> Atul >>>>>>>> >>>>>>>> On Thu, Jul 23, 2020 at 9:27 PM Andy LoPresto <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Chris has a lot of good suggestions there. NiFi can accept >>>>>>>>> certificates from any provider as long as they meet certain >>>>>>>>> requirements >>>>>>>>> (EKU, SAN, no wildcard, etc.). The toolkit was designed to make the >>>>>>>>> process >>>>>>>>> easier for people who could not obtain their certificates elsewhere. >>>>>>>>> >>>>>>>>> Maybe I am misunderstanding your statement, but I am curious why >>>>>>>>> the toolkit can’t run on the node — if you don’t have Java available, >>>>>>>>> how >>>>>>>>> does NiFi itself run? >>>>>>>>> >>>>>>>>> Andy LoPresto >>>>>>>>> [email protected] >>>>>>>>> *[email protected] <[email protected]>* >>>>>>>>> He/Him >>>>>>>>> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 >>>>>>>>> >>>>>>>>> On Jul 23, 2020, at 12:35 AM, Chris Sampson < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>> My suggestion would be to run the apache/nifi-toolkit image as >>>>>>>>> another Pod within your k8s namespace and have it running as a TLS >>>>>>>>> Server[1]. You'll probably need to do that separately from your Helm >>>>>>>>> chart >>>>>>>>> (I'm not familiar with Helm or this chart). >>>>>>>>> >>>>>>>>> Then connect to that from your NiFi instances as they start up, >>>>>>>>> e.g. with an init-container based on the same apache/nifi-toolkit >>>>>>>>> image >>>>>>>>> using the TLS client function [1] to obtain the required TLS >>>>>>>>> certificate >>>>>>>>> files from the TLS Server. You can use an emptyDir [2] volume to pass >>>>>>>>> the >>>>>>>>> files from the init-container to the NiFi container within the Pod. >>>>>>>>> >>>>>>>>> If you run the TLS Server as a StatefulSet (or a Deployment) with >>>>>>>>> a Persistent Volume Claim that backed by an external volume within >>>>>>>>> your >>>>>>>>> cloud provider (whatever the GKE equivalent is of AWS's EBS volumes), >>>>>>>>> then >>>>>>>>> the TLS Server can be setup with its own Certificate Authority that >>>>>>>>> persists between Pod restarts and thus your NiFi certificates >>>>>>>>> shouldn't >>>>>>>>> become invalid over time (if the TLS Server is restarted and >>>>>>>>> generates a >>>>>>>>> new CA, then subsequent NiFi restarts would mean your NiFi cluster >>>>>>>>> instances would no longer be able to communicate with one another as >>>>>>>>> they >>>>>>>>> wouldn't trust one another's certificates). >>>>>>>>> >>>>>>>>> >>>>>>>>> An alternative, if it's available in your k8s cluster, is to use >>>>>>>>> something like cert-manager [3] to provision certificates for your >>>>>>>>> instances, then use an init-container within the NiFi Pods to convert >>>>>>>>> the >>>>>>>>> PEM files to Java Keystore or PKCS12 format as required by NiFi. >>>>>>>>> >>>>>>>>> >>>>>>>>> [1]: >>>>>>>>> https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#client-server >>>>>>>>> [2]: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir >>>>>>>>> [3]: https://github.com/jetstack/cert-manager >>>>>>>>> >>>>>>>>> >>>>>>>>> *Chris Sampson* >>>>>>>>> IT Consultant >>>>>>>>> [email protected] >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Thu, 23 Jul 2020 at 07:09, Atul Wankhade < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Thanks a lot Andy for your reply, it definitely helped >>>>>>>>>> pinpointing what is going wrong. I tried simulating the same with the >>>>>>>>>> docker image from Apache and generating the keystore/truststore >>>>>>>>>> files on >>>>>>>>>> the Docker host. For one node NiFi it worked fine. The problem comes >>>>>>>>>> when I >>>>>>>>>> am trying the same on Kubernetes. Nodes in GKE have Container >>>>>>>>>> optimized OS >>>>>>>>>> (no pkg installer) , so it does not support using NiFi tls-toolkit >>>>>>>>>> as Java >>>>>>>>>> cannot be installed. Can you please give some pointers/workaround on >>>>>>>>>> how to >>>>>>>>>> solve this issue with k8s? >>>>>>>>>> Once the files are generated we can mount it using Host mount in >>>>>>>>>> the pod. >>>>>>>>>> >>>>>>>>>> Thanks again for your help :) >>>>>>>>>> Atul >>>>>>>>>> >>>>>>>>>> On Tue, Jul 21, 2020 at 10:37 PM Andy LoPresto < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Atul, >>>>>>>>>>> >>>>>>>>>>> I am not a Kubernetes/ingress expert, but that error is >>>>>>>>>>> indicating that you specified NiFi should be secure (i.e. use >>>>>>>>>>> TLS/HTTPS) >>>>>>>>>>> and yet there is no keystore or truststore provided to the >>>>>>>>>>> application, so >>>>>>>>>>> it fails to start. NiFi differs from some other applications in >>>>>>>>>>> that you >>>>>>>>>>> cannot configure authentication and authorization without explicitly >>>>>>>>>>> enabling and configuring TLS for NiFi itself, not just delegating >>>>>>>>>>> that data >>>>>>>>>>> in transit encryption to an external system (like a load balancer, >>>>>>>>>>> proxy, >>>>>>>>>>> or service mesh). >>>>>>>>>>> >>>>>>>>>>> I suggest you read the NiFi walkthrough for “Securing NiFi with >>>>>>>>>>> TLS” [1] which will provide some context around what the various >>>>>>>>>>> requirements are, and the Admin Guide [2] sections on >>>>>>>>>>> authentication and >>>>>>>>>>> authorization for more background. >>>>>>>>>>> >>>>>>>>>>> [1] >>>>>>>>>>> https://nifi.apache.org/docs/nifi-docs/html/walkthroughs.html#securing-nifi-with-tls >>>>>>>>>>> [2] >>>>>>>>>>> https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security_configuration >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Andy LoPresto >>>>>>>>>>> [email protected] >>>>>>>>>>> *[email protected] <[email protected]>* >>>>>>>>>>> He/Him >>>>>>>>>>> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D >>>>>>>>>>> EF69 >>>>>>>>>>> >>>>>>>>>>> On Jul 20, 2020, at 11:58 PM, Atul Wankhade < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>> Hi All, >>>>>>>>>>> I am trying to install NiFi with SSL on Kubernetes using >>>>>>>>>>> Helm(cetic/nifi), Below is my values.yaml. I keep getting an error >>>>>>>>>>> on NiFi >>>>>>>>>>> containers as - Am I missing something? >>>>>>>>>>> *Caused by: >>>>>>>>>>> org.springframework.beans.factory.BeanCreationException: Error >>>>>>>>>>> creating >>>>>>>>>>> bean with name 'clusterCoordinationProtocolSender' defined in class >>>>>>>>>>> path >>>>>>>>>>> resource [nifi-cluster-protocol-context.xml]: Cannot resolve >>>>>>>>>>> reference to >>>>>>>>>>> bean 'protocolSocketConfiguration' while setting constructor >>>>>>>>>>> argument; >>>>>>>>>>> nested exception is >>>>>>>>>>> org.springframework.beans.factory.BeanCreationException: Error >>>>>>>>>>> creating >>>>>>>>>>> bean with name 'protocolSocketConfiguration': FactoryBean threw >>>>>>>>>>> exception >>>>>>>>>>> on object creation; nested exception is >>>>>>>>>>> java.io.FileNotFoundException: (No >>>>>>>>>>> such file or directory)* >>>>>>>>>>> >>>>>>>>>>> VALUES.YAML: >>>>>>>>>>> --- >>>>>>>>>>> # Number of nifi nodes >>>>>>>>>>> replicaCount: 1 >>>>>>>>>>> >>>>>>>>>>> ## Set default image, imageTag, and imagePullPolicy. >>>>>>>>>>> ## ref: https://hub.docker.com/r/apache/nifi/ >>>>>>>>>>> ## >>>>>>>>>>> image: >>>>>>>>>>> repository: apache/nifi >>>>>>>>>>> tag: "1.11.4" >>>>>>>>>>> pullPolicy: IfNotPresent >>>>>>>>>>> >>>>>>>>>>> ## Optionally specify an imagePullSecret. >>>>>>>>>>> ## Secret must be manually created in the namespace. >>>>>>>>>>> ## ref: >>>>>>>>>>> https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ >>>>>>>>>>> ## >>>>>>>>>>> # pullSecret: myRegistrKeySecretName >>>>>>>>>>> >>>>>>>>>>> securityContext: >>>>>>>>>>> runAsUser: 1000 >>>>>>>>>>> fsGroup: 1000 >>>>>>>>>>> >>>>>>>>>>> sts: >>>>>>>>>>> # Parallel podManagementPolicy for faster bootstrap and >>>>>>>>>>> teardown. Default is OrderedReady. >>>>>>>>>>> podManagementPolicy: Parallel >>>>>>>>>>> AntiAffinity: soft >>>>>>>>>>> hostPort: null >>>>>>>>>>> >>>>>>>>>>> ## Useful if using any custom secrets >>>>>>>>>>> ## Pass in some secrets to use (if required) >>>>>>>>>>> # secrets: >>>>>>>>>>> # - name: myNifiSecret >>>>>>>>>>> # keys: >>>>>>>>>>> # - key1 >>>>>>>>>>> # - key2 >>>>>>>>>>> # mountPath: /opt/nifi/secret >>>>>>>>>>> >>>>>>>>>>> ## Useful if using any custom configmaps >>>>>>>>>>> ## Pass in some configmaps to use (if required) >>>>>>>>>>> # configmaps: >>>>>>>>>>> # - name: myNifiConf >>>>>>>>>>> # keys: >>>>>>>>>>> # - myconf.conf >>>>>>>>>>> # mountPath: /opt/nifi/custom-config >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> properties: >>>>>>>>>>> # use externalSecure for when inbound SSL is provided by >>>>>>>>>>> nginx-ingress or other external mechanism >>>>>>>>>>> externalSecure: true >>>>>>>>>>> isNode: true >>>>>>>>>>> httpPort: null >>>>>>>>>>> httpsPort: 8443 >>>>>>>>>>> clusterPort: 6007 >>>>>>>>>>> clusterSecure: true >>>>>>>>>>> needClientAuth: true >>>>>>>>>>> provenanceStorage: "8 GB" >>>>>>>>>>> siteToSite: >>>>>>>>>>> secure: true >>>>>>>>>>> port: 10000 >>>>>>>>>>> authorizer: managed-authorizer >>>>>>>>>>> # use properties.safetyValve to pass explicit 'key: value' >>>>>>>>>>> pairs that overwrite other configuration >>>>>>>>>>> safetyValve: >>>>>>>>>>> #nifi.variable.registry.properties: >>>>>>>>>>> "${NIFI_HOME}/example1.properties, ${NIFI_HOME}/example2.properties" >>>>>>>>>>> nifi.web.http.network.interface.default: eth0 >>>>>>>>>>> # listen to loopback interface so "kubectl port-forward ..." >>>>>>>>>>> works >>>>>>>>>>> nifi.web.http.network.interface.lo: lo >>>>>>>>>>> >>>>>>>>>>> ## Include additional libraries in the Nifi containers by using >>>>>>>>>>> the postStart handler >>>>>>>>>>> ## ref: >>>>>>>>>>> https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/ >>>>>>>>>>> # postStart: /opt/nifi/psql; wget -P /opt/nifi/psql >>>>>>>>>>> https://jdbc.postgresql.org/download/postgresql-42.2.6.jar >>>>>>>>>>> >>>>>>>>>>> # Nifi User Authentication >>>>>>>>>>> auth: >>>>>>>>>>> ldap: >>>>>>>>>>> enabled: false >>>>>>>>>>> host: ldap://<hostname>:<port> >>>>>>>>>>> searchBase: CN=Users,DC=example,DC=com >>>>>>>>>>> searchFilter: CN=john >>>>>>>>>>> >>>>>>>>>>> ## Expose the nifi service to be accessed from outside the >>>>>>>>>>> cluster (LoadBalancer service). >>>>>>>>>>> ## or access it from within the cluster (ClusterIP service). Set >>>>>>>>>>> the service type and the port to serve it. >>>>>>>>>>> ## ref: http://kubernetes.io/docs/user-guide/services/ >>>>>>>>>>> ## >>>>>>>>>>> >>>>>>>>>>> # headless service >>>>>>>>>>> headless: >>>>>>>>>>> type: ClusterIP >>>>>>>>>>> annotations: >>>>>>>>>>> service.alpha.kubernetes.io/tolerate-unready-endpoints: >>>>>>>>>>> "true" >>>>>>>>>>> >>>>>>>>>>> # ui service >>>>>>>>>>> service: >>>>>>>>>>> type: LoadBalancer >>>>>>>>>>> httpPort: 80 >>>>>>>>>>> httpsPort: 443 >>>>>>>>>>> annotations: {} >>>>>>>>>>> # loadBalancerIP: >>>>>>>>>>> ## Load Balancer sources >>>>>>>>>>> ## >>>>>>>>>>> https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service >>>>>>>>>>> ## >>>>>>>>>>> # loadBalancerSourceRanges: >>>>>>>>>>> # - 10.10.10.0/24 >>>>>>>>>>> >>>>>>>>>>> # Enables additional port/ports to nifi service for internal >>>>>>>>>>> processors >>>>>>>>>>> processors: >>>>>>>>>>> enabled: false >>>>>>>>>>> ports: >>>>>>>>>>> - name: processor01 >>>>>>>>>>> port: 7001 >>>>>>>>>>> targetPort: 7001 >>>>>>>>>>> #nodePort: 30701 >>>>>>>>>>> - name: processor02 >>>>>>>>>>> port: 7002 >>>>>>>>>>> targetPort: 7002 >>>>>>>>>>> #nodePort: 30702 >>>>>>>>>>> >>>>>>>>>>> ## Configure Ingress based on the documentation here: >>>>>>>>>>> https://kubernetes.io/docs/concepts/services-networking/ingress/ >>>>>>>>>>> ## >>>>>>>>>>> ingress: >>>>>>>>>>> enabled: false >>>>>>>>>>> annotations: {} >>>>>>>>>>> tls: [] >>>>>>>>>>> hosts: [] >>>>>>>>>>> path: / >>>>>>>>>>> rule: [] >>>>>>>>>>> # If you want to change the default path, see this issue >>>>>>>>>>> https://github.com/cetic/helm-nifi/issues/22 >>>>>>>>>>> >>>>>>>>>>> # Amount of memory to give the NiFi java heap >>>>>>>>>>> jvmMemory: 2g >>>>>>>>>>> >>>>>>>>>>> # Separate image for tailing each log separately >>>>>>>>>>> sidecar: >>>>>>>>>>> image: ez123/alpine-tini >>>>>>>>>>> >>>>>>>>>>> # Busybox image >>>>>>>>>>> busybox: >>>>>>>>>>> image: busybox >>>>>>>>>>> >>>>>>>>>>> ## Enable persistence using Persistent Volume Claims >>>>>>>>>>> ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ >>>>>>>>>>> ## >>>>>>>>>>> persistence: >>>>>>>>>>> enabled: false >>>>>>>>>>> >>>>>>>>>>> # When creating persistent storage, the NiFi helm chart can >>>>>>>>>>> either reference an already-defined >>>>>>>>>>> # storage class by name, such as "standard" or can define a >>>>>>>>>>> custom storage class by specifying >>>>>>>>>>> # customStorageClass: true and providing the "storageClass", >>>>>>>>>>> "storageProvisioner" and "storageType". >>>>>>>>>>> # For example, to use SSD storage on Google Compute Engine see >>>>>>>>>>> values-gcp.yaml >>>>>>>>>>> # >>>>>>>>>>> # To use a storage class that already exists on the Kubernetes >>>>>>>>>>> cluster, we can simply reference it by name. >>>>>>>>>>> # For example: >>>>>>>>>>> # storageClass: standard >>>>>>>>>>> # >>>>>>>>>>> # The default storage class is used if this variable is not >>>>>>>>>>> set. >>>>>>>>>>> >>>>>>>>>>> accessModes: [ReadWriteOnce] >>>>>>>>>>> ## Storage Capacities for persistent volumes >>>>>>>>>>> # Storage capacity for the 'data' directory, which is used to >>>>>>>>>>> hold things such as the flow.xml.gz, configuration, state, etc. >>>>>>>>>>> dataStorage: >>>>>>>>>>> size: 1Gi >>>>>>>>>>> # Storage capacity for the FlowFile repository >>>>>>>>>>> flowfileRepoStorage: >>>>>>>>>>> size: 10Gi >>>>>>>>>>> # Storage capacity for the Content repository >>>>>>>>>>> contentRepoStorage: >>>>>>>>>>> size: 10Gi >>>>>>>>>>> # Storage capacity for the Provenance repository. When >>>>>>>>>>> changing this, one should also change the >>>>>>>>>>> properties.provenanceStorage >>>>>>>>>>> value above, also. >>>>>>>>>>> provenanceRepoStorage: >>>>>>>>>>> size: 10Gi >>>>>>>>>>> # Storage capacity for nifi logs >>>>>>>>>>> logStorage: >>>>>>>>>>> size: 5Gi >>>>>>>>>>> >>>>>>>>>>> ## Configure resource requests and limits >>>>>>>>>>> ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ >>>>>>>>>>> ## >>>>>>>>>>> resources: {} >>>>>>>>>>> # We usually recommend not to specify default resources and to >>>>>>>>>>> leave this as a conscious >>>>>>>>>>> # choice for the user. This also increases chances charts run >>>>>>>>>>> on environments with little >>>>>>>>>>> # resources, such as Minikube. If you do want to specify >>>>>>>>>>> resources, uncomment the following >>>>>>>>>>> # lines, adjust them as necessary, and remove the curly braces >>>>>>>>>>> after 'resources:'. >>>>>>>>>>> # limits: >>>>>>>>>>> # cpu: 100m >>>>>>>>>>> # memory: 128Mi >>>>>>>>>>> # requests: >>>>>>>>>>> # cpu: 100m >>>>>>>>>>> # memory: 128Mi >>>>>>>>>>> >>>>>>>>>>> logresources: >>>>>>>>>>> requests: >>>>>>>>>>> cpu: 10m >>>>>>>>>>> memory: 10Mi >>>>>>>>>>> limits: >>>>>>>>>>> cpu: 50m >>>>>>>>>>> memory: 50Mi >>>>>>>>>>> >>>>>>>>>>> nodeSelector: {} >>>>>>>>>>> >>>>>>>>>>> tolerations: [] >>>>>>>>>>> >>>>>>>>>>> initContainers: {} >>>>>>>>>>> # foo-init: # <- will be used as container name >>>>>>>>>>> # image: "busybox:1.30.1" >>>>>>>>>>> # imagePullPolicy: "IfNotPresent" >>>>>>>>>>> # command: ['sh', '-c', 'echo this is an initContainer'] >>>>>>>>>>> # volumeMounts: >>>>>>>>>>> # - mountPath: /tmp/foo >>>>>>>>>>> # name: foo >>>>>>>>>>> >>>>>>>>>>> extraVolumeMounts: [] >>>>>>>>>>> >>>>>>>>>>> extraVolumes: [] >>>>>>>>>>> >>>>>>>>>>> ## Extra containers >>>>>>>>>>> extraContainers: [] >>>>>>>>>>> >>>>>>>>>>> terminationGracePeriodSeconds: 30 >>>>>>>>>>> >>>>>>>>>>> ## Extra environment variables that will be pass onto deployment >>>>>>>>>>> pods >>>>>>>>>>> env: [] >>>>>>>>>>> >>>>>>>>>>> # >>>>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>>>> # Zookeeper: >>>>>>>>>>> # >>>>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>>>> zookeeper: >>>>>>>>>>> ## If true, install the Zookeeper chart >>>>>>>>>>> ## ref: >>>>>>>>>>> https://github.com/kubernetes/charts/tree/master/incubator/zookeeper >>>>>>>>>>> enabled: true >>>>>>>>>>> ## If the Zookeeper Chart is disabled a URL and port are >>>>>>>>>>> required to connect >>>>>>>>>>> url: "" >>>>>>>>>>> port: 2181 >>>>>>>>>>> >>>>>>>>>>> *Complete stacktrace:* >>>>>>>>>>> Caused by: >>>>>>>>>>> org.springframework.beans.factory.BeanCreationException: Error >>>>>>>>>>> creating >>>>>>>>>>> bean with name 'clusterCoordinationProtocolSender' defined in class >>>>>>>>>>> path >>>>>>>>>>> resource [nifi-cluster-protocol-context.xml]: Cannot resolve >>>>>>>>>>> reference to >>>>>>>>>>> bean 'protocolSocketConfiguration' while setting constructor >>>>>>>>>>> argument; >>>>>>>>>>> nested exception is >>>>>>>>>>> org.springframework.beans.factory.BeanCreationException: Error >>>>>>>>>>> creating >>>>>>>>>>> bean with name 'protocolSocketConfiguration': FactoryBean threw >>>>>>>>>>> exception >>>>>>>>>>> on object creation; nested exception is >>>>>>>>>>> java.io.FileNotFoundException: (No >>>>>>>>>>> such file or directory) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:648) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:145) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1198) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1100) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:511) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351) >>>>>>>>>>> ... 75 common frames omitted >>>>>>>>>>> Caused by: >>>>>>>>>>> org.springframework.beans.factory.BeanCreationException: Error >>>>>>>>>>> creating >>>>>>>>>>> bean with name 'protocolSocketConfiguration': FactoryBean threw >>>>>>>>>>> exception >>>>>>>>>>> on object creation; nested exception is >>>>>>>>>>> java.io.FileNotFoundException: (No >>>>>>>>>>> such file or directory) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:185) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1640) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:323) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351) >>>>>>>>>>> ... 87 common frames omitted >>>>>>>>>>> Caused by: java.io.FileNotFoundException: (No such file or >>>>>>>>>>> directory) >>>>>>>>>>> at java.io.FileInputStream.open0(Native Method) >>>>>>>>>>> at java.io.FileInputStream.open(FileInputStream.java:195) >>>>>>>>>>> at >>>>>>>>>>> java.io.FileInputStream.<init>(FileInputStream.java:138) >>>>>>>>>>> at >>>>>>>>>>> java.io.FileInputStream.<init>(FileInputStream.java:93) >>>>>>>>>>> at >>>>>>>>>>> org.apache.nifi.io.socket.SSLContextFactory.<init>(SSLContextFactory.java:66) >>>>>>>>>>> at >>>>>>>>>>> org.apache.nifi.cluster.protocol.spring.SocketConfigurationFactoryBean.getObject(SocketConfigurationFactoryBean.java:45) >>>>>>>>>>> at >>>>>>>>>>> org.apache.nifi.cluster.protocol.spring.SocketConfigurationFactoryBean.getObject(SocketConfigurationFactoryBean.java:30) >>>>>>>>>>> at >>>>>>>>>>> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178) >>>>>>>>>>> ... 92 common frames omitted >>>>>>>>>>> 2020-07-17 11:04:25,204 INFO [Thread-1] org.apache.nifi.NiFi >>>>>>>>>>> Initiating shutdown of Jetty web server... >>>>>>>>>>> 2020-07-17 11:04:25,214 INFO [Thread-1] >>>>>>>>>>> o.eclipse.jetty.server.AbstractConnector Stopped >>>>>>>>>>> ServerConnector@700f518a{SSL,[ssl, >>>>>>>>>>> http/1.1]}{0.0.0.0:8443} >>>>>>>>>>> 2020-07-17 11:04:25,214 INFO [Thread-1] >>>>>>>>>>> org.eclipse.jetty.server.session node0 Stopped scavenging >>>>>>>>>>> >>>>>>>>>>> Any help to resolve this is appreciated. >>>>>>>>>>> Atul Wankhade >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>> >>>>> >>>>> -- >>>>> -- >>>>> >>>>> Thanks >>>>> >>>>> Sushil Kumar >>>>> +1-(206)-698-4116 >>>>> >>>>> > > -- > -- > > Thanks > > Sushil Kumar > +1-(206)-698-4116 > >
