Unable to connect NIFI Cluster
kamniphat01 opened this issue · 3 comments
Unable to connect nifi cluster when replica set more than 1
- Have Existing Cert-Manager v1.5.3 (Let's Encrypt)
- Currently using Single Login authentication
- NIFI Image version 1.19.0
My value.yaml (Note: I only put necessary info value not a full value.yaml)
replicaCount: 2
properties:
sensitiveKey: TEST@1234 # Must have at least 12 characters
algorithm: NIFI_PBKDF2_AES_GCM_256
externalSecure: false
isNode: true
httpsPort: 8443
webProxyHost: nifi-cluster.xxxx.xxx.xxx.xxx:443
clusterPort: 6007
provenanceStorage: "8 GB"
clientAuth:
enabled: false
siteToSite:
port: 10000
safetyValve:
nifi.web.http.network.interface.default: eth0
nifi.web.http.network.interface.lo: lo
auth:
admin: CN=admin, OU=NIFI
SSL:
keystorePasswd: changeme
truststorePasswd: changeme
singleUser:
username:
secretName: nifi-secret
secretKey: NIFI_USERNAME
password:
secretName: nifi-secret
secretKey: NIFI_PASSWORD # Must to have at least 12 characters
ldap:
enabled: false
oidc:
enabled: false
headless:
type: ClusterIP
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
service:
type: ClusterIP
httpsPort: 8443
annotations:
kubernetes.io/ingress.class: kong-nginx
konghq.com/protocol: "https"
ingress:
enabled: true
className: kong-nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
konghq.com/strip-path: "false"
tls:
- secretName: nifi-certs
hosts:
- nifi-cluster.xxxx.xxx.xxx.xxx
hosts:
- nifi-cluster.xxxx.xxx.xxx.xxx
path: /nifi
jvmMemory: 6g
ca:
enabled: true
persistence:
enabled: false
server: ""
service:
port: 9090
token: sixteenCharacters
admin:
cn: admin
serviceAccount:
create: false
openshift:
scc:
enabled: false
certManager:
enabled: true
clusterDomain: cluster.devops
keystorePasswd: changeme
truststorePasswd: changeme
replaceDefaultTrustStore: false
additionalDnsNames:
- localhost
refreshSeconds: 300
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 100m
memory: 128Mi
certDuration: 2160h
caDuration: 87660h
zookeeper:
enabled: true
url: ""
port: 2181
replicaCount: 2
clusterDomain: cluster.devops
persistence:
enabled: false
What happened when both CA and Cert-Manager were set true/false.
[main] o.a.nifi.controller.StandardFlowService Failed to connect to cluster due to: org.apache.nifi.cluster.protocol.ProtocolException: Failed marshalling 'CONNECTION_REQUEST' protocol message due to: javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
After login in UI error:
Get Pods
Expected Result
- Able to login in cluster mode
- 2 nodes must be connected
how can fix this issue?
how can fix this issue?
In my ingress i was added like below:
ingress:
enabled: true
className: kongkam
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
konghq.com/strip-path: "false"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/affinity-mode: persistent
nginx.ingress.kubernetes.io/affinity: "cookie"
Thanks @kamniphat01 . I fixed issue.