Kubernetes volumes are empty when mounted into a Pod by default and they overwrite any existing directory and its contents (this is different to how Docker mounts things, where the directory contents would be inherited by the mounted volume).
Mounted ConfigMaps are read-only by default and the apache/nifi start.sh script attempts to update it based on environment variables, etc. on startup. So, one way of doing this is to change the Entrypoint (or command in Kubernetes) to directly run the "nifi.sh start" command, but that means you'll have to make sure you've got nifi.properties setup correctly first. A StatefulSet could help with that because you'd know the hostname before the Pod was created - with a deployment, the hostname changes every time it restarts. You can change the defaultMode[1] of an injected Secret and (I think) ConfigMap, so that might help in this instance in order to inject a nifi.properties file that the start.sh can then update (but remember that start.sh will change this file every time the Pod is restarted). An alternative might be to use an init-container to do some of the work for you, e.g. change the nifi.properties or other config files and then cross-mount them into the main container. Yet another option would be to script something in the nifi container startup command (we've done this by writing our own scripts into a custom Docker image based upon apache/nifi, but you can probably do it in the StatefulSet/Deployment definition instead) - inject your conf files into a directory like /opt/nifi/nifi-current/conf/injected, then copy those files back into /opt/nifi/nifi-current/conf/ before the start.sh script is executed. [1] https://kubernetes.io/docs/concepts/storage/volumes/#example-configuration-secrets-nondefault-permission-mode --- *Chris Sampson* IT Consultant [email protected] <https://www.naimuri.com/> On Tue, 10 Nov 2020 at 08:52, muhyid72 <[email protected]> wrote: > Hi Sushil, > Thanks for your prompt response > I added my answers below for your comments > > 1. Are you using a deployment or a statefulset, from kubernetes perspective > I would suggest you to deploy using statefulset. > *Answer:* I am using deployment. It is PoC and just one replica therefore I > didn’t use Statefulset > > 2. You need to use securitycontext and following might help you to get > access to the mounted filesystems. > securityContext: > runAsUser: 1000 > runAsGroup: 1000 > fsGroup: 1000 > *Answer:* I already added security context > > 3. conf is a special directory which has prepopulated config files, so if > you want to mount a volume to conf directory then you would need to get > those pre-existing files to the mounted volumes using some way for eg. > confgmap as suggested in https://issues.apache.org/jira/browse/NIFI-6484 > *Answer:* I already used configmap. > I tired with original nifi image and also I created custom image. As you > know it is depending on start.sh therefore I added some extra parameters to > the scripts (start.sh, common.sh etc). The Problem is always happening for > nifi.properties > > I attached my yaml file (from my virtualbox with NFS) for clarification > (combined for all yaml files) > > nifi-non-secure-nfs.yaml > < > http://apache-nifi-users-list.2361937.n4.nabble.com/file/t893/nifi-non-secure-nfs.yaml> > > > > > -- > Sent from: http://apache-nifi-users-list.2361937.n4.nabble.com/ >
