[cetic/nifi] Nifi 3 node cluster in k8s - failing due to tls
vjvel opened this issue · 2 comments
vjvel commented
Team,
We have configured 3 node nifi cluster in k8s using this 1.1.1 latest chart.
values.yml
certManager:
enabled: true
clusterDomain: cluster.local
keystorePasswd: changeme
truststorePasswd: changeme
replaceDefaultTrustStore: false
commonname: "preprod-apache-nifi*"
caSecrets: preprod-apache-nifi-ca
additionalDnsNames:
- localhost
refreshSeconds: 300
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 100m
memory: 128Mi
properties:
# https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#nifi_sensitive_props_key
sensitiveKey: changeMechangeMe # Must have at least 12 characters
algorithm: NIFI_PBKDF2_AES_GCM_256
# use externalSecure for when inbound SSL is provided by nginx-ingress or other external mechanism
externalSecure: false
isNode: true
httpsPort: 8443
httpPort: 8080
webProxyHost: nifi.preprod.oci.ksa.cloud.unifonic.com # <clusterIP>:<NodePort> (If Nifi service is NodePort or LoadBalancer)
clusterPort: 6007
clusterSecure: true # tried with false also
provenanceStorage: "8 GB"
siteToSite:
port: 10000
# use properties.safetyValve to pass explicit 'key: value' pairs that overwrite other configuration
safetyValve:
#nifi.variable.registry.properties: "${NIFI_HOME}/example1.properties, ${NIFI_HOME}/example2.properties"
nifi.web.http.network.interface.default: eth0
# listen to loopback interface so "kubectl port-forward ..." works
nifi.web.http.network.interface.lo: lo
ca:
## If true, enable the nifi-toolkit certificate authority
enabled: true
persistence:
enabled: true
storageClass: oci
size: 10Gi
server: ""
service:
port: 9090
token: caaxxxxxx-sxxxxx
admin:
cn: admin
serviceAccount:
create: false
openshift:
scc:
enabled: false
Getting the below error
2022-07-20 15:53:50,922 WARN [Clustering Tasks Thread-2] o.apache.nifi.controller.FlowController Failed to send heartbeat due to: org.apache.nifi.cluster.protocol.ProtocolException: Failed marshalling 'HEARTBEAT' protocol message
2022-07-20 15:53:55,929 WARN [Clustering Tasks Thread-2] o.apache.nifi.controller.FlowController Failed to send heartbeat due to: org.apache.nifi.cluster.protocol.ProtocolException: Failed marshalling 'HEARTBEAT' protocol message
2022-07-20 15:54:00,938 WARN [Clustering Tasks Thread-2] o.apache.nifi.controller.FlowController Failed to send heartbeat due to: org.apache.nifi.cluster.protocol.ProtocolException: Failed marshalling 'HEARTBEAT' protocol message
2022-07-20 15:54:05,944 WARN [Clustering Tasks Thread-2] o.apache.nifi.controller.FlowController Failed to send heartbeat due to: org.apache.nifi.cluster.protocol.ProtocolException: Failed marshalling 'HEARTBEAT' protocol message
2022-07-20 15:54:10,951 WARN [Clustering Tasks Thread-2] o.apache.nifi.controller.FlowController Failed to send heartbeat due to: org.apache.nifi.cluster.protocol.ProtocolException: Failed marshalling 'HEARTBEAT' protocol message
2022-07-20 15:54:15,959 WARN [Clustering Tasks Thread-2] o.apache.nifi.controller.FlowController Failed to send heartbeat due to: org.apache.nifi.cluster.protocol.ProtocolException: Failed marshalling 'HEARTBEAT' protocol message
2022-07-20 15:54:20,968 WARN [Clustering Tasks Thread-2] o.apache.nifi.controller.FlowController Failed to send heartbeat due to: org.apache.nifi.cluster.protocol.ProtocolException: Failed marshalling 'HEARTBEAT' protocol message
2022-07-20 15:54:25,975 WARN [Clustering Tasks Thread-2] o.apache.nifi.controller.FlowController Failed to send heartbeat due to: org.apache.nifi.cluster.protocol.ProtocolException: Failed marshalling 'HEARTBEAT' protocol message
2022-07-20 15:54:30,984 WARN [Clustering Tasks Thread-2] o.apache.nifi.controller.FlowController Failed to send heartbeat due to: org.apache.nifi.cluster.protocol.ProtocolException: Failed marshalling 'HEARTBEAT' protocol message
2022-07-20 15:54:35,991 WARN [Clustering Tasks Thread-2] o.apache.nifi.controller.FlowController Failed to send heartbeat due to: org.apache.nifi.cluster.protocol.ProtocolException: Failed marshalling 'HEARTBEAT' protocol message
wknickless commented
@vjvel certManager.enabled: true and ca.enabled: true are mutually exclusive; you should use only one or the other. Perhaps we should put in a test so that it breaks with a helpful diagnostic?
Also: what is your Helm command line? (Redacting any sensitive values, of course.)
github-actions commented
This issue is stale because it has not seen recent activity. Remove stale label or comment or this will be closed.