[cetic/nifi] ca keystore invalid

Describe the bug ca toolkit generated invalid keystore.jks properties

Version of Helm and Kubernetes: helm Version:"v3.4.1 Kubernetes Version: 1.18.5

What happened: Deployed nifi using the helm charts using instructions provided however after successful deployment keystore was invalid and nifi ui service is falling to start

What you expected to happen: Nifi should be run with HTTPS and user authentication should be enabled with OpenLDAP

How to reproduce it (as minimally and precisely as possible): Deploy helm chart and change the values as mentioned in the the ReadMe file for HTTPS + LDAP authentication

Anything else we need to know: 2020-12-17 12:09:23,598 INFO [main] o.a.nifi.properties.NiFiPropertiesLoader Loaded 138 properties from /opt/nifi/nifi-current/./conf/nifi.properties 2020-12-17 12:09:26,143 ERROR [main] org.apache.nifi.encrypt.StringEncryptor **** 2020-12-17 12:09:26,144 ERROR [main] org.apache.nifi.encrypt.StringEncryptor A blank sensitive properties key was provided 2020-12-17 12:09:26,151 ERROR [main] org.apache.nifi.encrypt.StringEncryptor Specify a unique key in nifi.properties 2020-12-17 12:09:26,151 ERROR [main] org.apache.nifi.encrypt.StringEncryptor for nifi.sensitive.props.key 2020-12-17 12:09:26,157 ERROR [main] org.apache.nifi.encrypt.StringEncryptor 2020-12-17 12:09:26,157 ERROR [main] org.apache.nifi.encrypt.StringEncryptor The Encrypt Config Tool in NiFi Toolkit can be used to 2020-12-17 12:09:26,158 ERROR [main] org.apache.nifi.encrypt.StringEncryptor migrate the flow to the new key 2020-12-17 12:09:26,158 ERROR [main] org.apache.nifi.encrypt.StringEncryptor **** 2020-12-17 12:09:26,291 INFO [main] o.a.n.admin.AuditDataSourceFactoryBean Database not built for repository: jdbc:h2:../data/database_repository/nifi-flow-audit;AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE. Building now... 2020-12-17 12:09:26,348 INFO [main] o.a.n.r.v.FileBasedVariableRegistry Loaded 144 properties from system properties and environment variables 2020-12-17 12:09:26,348 INFO [main] o.a.n.r.v.FileBasedVariableRegistry Loaded a total of 144 properties. Including precedence overrides effective accessible registry key size is 144 2020-12-17 12:09:26,396 WARN [main] o.a.nifi.security.util.SslContextFactory Some keystore properties are populated (/opt/nifi/nifi-current/conf/nifi-nifi-0.nifi-nifi-headless.test.svc.cluster.local/keystore.jks, ****, ****, JKS) but not valid 2020-12-17 12:09:26,396 ERROR [main] o.apache.nifi.controller.FlowController Unable to start the flow controller because the TLS configuration was invalid: The keystore properties are not valid 2020-12-17 12:09:26,399 WARN [main] org.eclipse.jetty.webapp.WebAppContext Failed startup of context o.e.j.w.WebAppContext@26586b74{nifi-api,/nifi-api,file:///opt/nifi/nifi-current/work/jetty/nifi-web-api-1.12.1.war/webapp/,UNAVAILABLE}{./work/nar/framework/nifi-framework-nar-1.12.1.nar-unpacked/NAR-INF/bundled-dependencies/nifi-web-api-1.12.1.war} org.apache.nifi.web.NiFiCoreException: Unable to start Flow Controller. at org.apache.nifi.web.contextlistener.ApplicationStartupContextListener.contextInitialized(ApplicationStartupContextListener.java:88) at org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:930) at org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:553) at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:889) at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1445) at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1409) at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:822) at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:524) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) at org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:425) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.server.Server.start(Server.java:407) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) at org.eclipse.jetty.server.Server.doStart(Server.java:371) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.apache.nifi.web.server.JettyServer.start(JettyServer.java:1052) at org.apache.nifi.NiFi.(NiFi.java:158) at org.apache.nifi.NiFi.(NiFi.java:72) at org.apache.nifi.NiFi.main(NiFi.java:301) Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'flowService': FactoryBean threw exception on object creation; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'flowController': FactoryBean threw exception on object creation; nested exception is java.lang.IllegalStateException: Flow controller TLS configuration is invalid at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:185) at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103) at org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1640) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:323) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202) at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1086) at org.apache.nifi.web.contextlistener.ApplicationStartupContextListener.contextInitialized(ApplicationStartupContextListener.java:55) ... 37 common frames omitted Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'flowController': FactoryBean threw exception on object creation; nested exception is java.lang.IllegalStateException: Flow controller TLS configuration is invalid at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:185) at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103) at org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1640) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:323) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202) at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1086) at org.apache.nifi.spring.StandardFlowServiceFactoryBean.getObject(StandardFlowServiceFactoryBean.java:48) at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178) ... 43 common frames omitted Caused by: java.lang.IllegalStateException: Flow controller TLS configuration is invalid at org.apache.nifi.controller.FlowController.(FlowController.java:476) at org.apache.nifi.controller.FlowController.createStandaloneInstance(FlowController.java:388) at org.apache.nifi.spring.FlowControllerFactoryBean.getObject(FlowControllerFactoryBean.java:80) at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178) ... 50 common frames omitted Caused by: org.apache.nifi.security.util.TlsException: The keystore properties are not valid at org.apache.nifi.security.util.SslContextFactory.getKeyManagers(SslContextFactory.java:161) at org.apache.nifi.security.util.SslContextFactory.createSslContext(SslContextFactory.java:88) at org.apache.nifi.security.util.SslContextFactory.createSslContext(SslContextFactory.java:55) at org.apache.nifi.controller.FlowController.(FlowController.java:473) ... 53 common frames omitted 2020-12-17 12:09:26,740 INFO [main] o.e.j.a.AnnotationConfiguration Scanning elapsed time=144ms 2020-12-17 12:09:26,743 INFO [main] o.e.j.s.h.C._nifi_content_viewer No Spring WebApplicationInitializer types detected on classpath 2020-12-17 12:09:26,788 INFO [main] o.e.jetty.server.handler.ContextHandler Started o.e.j.w.WebAppContext@52f57666{nifi-content-viewer,/nifi-content-viewer,file:///opt/nifi/nifi-current/work/jetty/nifi-web-content-viewer-1.12.1.war/webapp/,AVAILABLE}{./work/nar/framework/nifi-framework-nar-1.12.1.nar-unpacked/NAR-INF/bundled-dependencies/nifi-web-content-viewer-1.12.1.war} 2020-12-17 12:09:26,826 INFO [main] o.e.j.a.AnnotationConfiguration Scanning elapsed time=21ms 2020-12-17 12:09:26,828 WARN [main] o.e.j.webapp.StandardDescriptorProcessor Duplicate mapping from / to default 2020-12-17 12:09:26,829 INFO [main] o.e.j.s.h.ContextHandler._nifidocs No Spring WebApplicationInitializer types detected on classpath 2020-12-17 12:09:26,874 INFO [main] o.e.jetty.server.handler.ContextHandler Started o.e.j.w.WebAppContext@6e041285{nifi-docs,/nifi-docs,file:///opt/nifi/nifi-current/work/jetty/nifi-web-docs-1.12.1.war/webapp/,AVAILABLE}{./work/nar/framework/nifi-framework-nar-1.12.1.nar-unpacked/NAR-INF/bundled-dependencies/nifi-web-docs-1.12.1.war} 2020-12-17 12:09:26,918 INFO [main] o.e.j.a.AnnotationConfiguration Scanning elapsed time=20ms 2020-12-17 12:09:26,921 INFO [main] o.e.j.server.handler.ContextHandler. No Spring WebApplicationInitializer types detected on classpath 2020-12-17 12:09:26,952 INFO [main] o.e.jetty.server.handler.ContextHandler Started o.e.j.w.WebAppContext@267dc982{nifi-error,/,file:///opt/nifi/nifi-current/work/jetty/nifi-web-error-1.12.1.war/webapp/,AVAILABLE}{./work/nar/framework/nifi-framework-nar-1.12.1.nar-unpacked/NAR-INF/bundled-dependencies/nifi-web-error-1.12.1.war} 2020-12-17 12:09:26,970 WARN [main] org.apache.nifi.web.server.JettyServer Failed to start web server... shutting down. java.lang.IllegalStateException: no valid keystore at org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:50) at org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextFactory.java:1188) at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:323) at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:92) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:320) at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:231) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.server.Server.doStart(Server.java:385) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.apache.nifi.web.server.JettyServer.start(JettyServer.java:1052) at org.apache.nifi.NiFi.(NiFi.java:158) at org.apache.nifi.NiFi.(NiFi.java:72) at org.apache.nifi.NiFi.main(NiFi.java:301) 2020-12-17 12:09:26,972 INFO [Thread-1] org.apache.nifi.NiFi Initiating shutdown of Jetty web server... 2020-12-17 12:09:26,980 INFO [Thread-1] o.eclipse.jetty.server.AbstractConnector Stopped ServerConnector@4649d70a{SSL,[ssl, http/1.1]}{0.0.0.0:9443} 2020-12-17 12:09:26,980 INFO [Thread-1] org.eclipse.jetty.server.session node0 Stopped scavenging 2020-12-17 12:09:31,598 INFO [main] org.apache.nifi.NiFi Launching NiFi...

Hello, i found this issue closed and im getting the exact same error trying to configure ldap

Here is a values.yaml to reproduce it.


---
# Number of nifi nodes
replicaCount: 1

## Set default image, imageTag, and imagePullPolicy.
## ref: https://hub.docker.com/r/apache/nifi/
##
image:
  repository: apache/nifi
  tag: "1.14.0"
  pullPolicy: "IfNotPresent"

  ## Optionally specify an imagePullSecret.
  ## Secret must be manually created in the namespace.
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  ##
  # pullSecret: myRegistrKeySecretName

securityContext: {}
#  runAsUser: 1000
#  fsGroup: 1000

## @param useHostNetwork - boolean - optional
## Bind ports on the hostNetwork. Useful for CNI networking where hostPort might
## not be supported. The ports need to be available on all hosts. It can be
## used for custom metrics instead of a service endpoint.
##
## WARNING: Make sure that hosts using this are properly firewalled otherwise
## metrics and traces are accepted from any host able to connect to this host.
#

sts:
  # Parallel podManagementPolicy for faster bootstrap and teardown. Default is OrderedReady.
  podManagementPolicy: Parallel
  AntiAffinity: soft
  useHostNetwork: null
  hostPort: null
  pod:
    annotations:
      security.alpha.kubernetes.io/sysctls: net.ipv4.ip_local_port_range=10000 65000
      prometheus.io/scrape: "true"      
  serviceAccount:
    create: false
    #name: nifi
    annotations: {}
  hostAliases: {}
  #  - ip: "0.0.0.0"
  #    hostnames:
  #      - ingress.url

## Useful if using any custom secrets
## Pass in some secrets to use (if required)
# secrets:
# - name: myNifiSecret
#   keys:
#     - key1
#     - key2
#   mountPath: /opt/nifi/secret

## Useful if using any custom configmaps
## Pass in some configmaps to use (if required)
# configmaps:
#   - name: myNifiConf
#     keys:
#       - myconf.conf
#     mountPath: /opt/nifi/custom-config

properties:
  # use externalSecure for when inbound SSL is provided by nginx-ingress or other external mechanism
  sensitiveKey: changeMechangeMe # Must to have minimal 12 length key
  algorithm: NIFI_PBKDF2_AES_GCM_256
  externalSecure: true
  isNode: true
  httpPort: 8443 
  webProxyHost: "ingress.url"
  webHttpsHost: 
  clusterPort: 6007
  provenanceStorage: "8 GB"
  # needClientAuth: false
  siteToSite:
    port: 10000
  # use properties.safetyValve to pass explicit 'key: value' pairs that overwrite other configuration
  safetyValve:
    org.apache.nifi.web.security: DEBUG
    #nifi.variable.registry.properties: "${NIFI_HOME}/example1.properties, ${NIFI_HOME}/example2.properties"
    nifi.web.http.network.interface.default: eth0
    # listen to loopback interface so "kubectl port-forward ..." works
    nifi.web.http.network.interface.lo: lo

  ## Include aditional processors
  # customLibPath: "/opt/configuration_resources/custom_lib"

## Include additional libraries in the Nifi containers by using the postStart handler
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
# postStart: /opt/nifi/psql; wget -P /opt/nifi/psql https://jdbc.postgresql.org/download/postgresql-42.2.6.jar

# Nifi User Authentication
auth:
  admin: CN=adminaccount
  SSL:
    keystorePasswd: changeMe
    truststorePasswd: changeMe

  # Automaticaly disabled if OIDC or LDAP enabled 
  singleUser:
    username: thisisainvalidusername
    password: thisisainvalidpassword # Must to have at least 12 characters

  ldap:
    enabled: true
    host: ldap://ldapurl:389
    searchBase: CN=Users,DC=test,DC=local
    admin: CN=service-account,OU=Some ou With spaces,DC=test,DC=local
    pass: ********
    searchFilter: (sAMAccountName=*)
    userIdentityAttribute: cn
    authStrategy: SIMPLE # How the connection to the LDAP server is authenticated. Possible values are ANONYMOUS, SIMPLE, LDAPS, or START_TLS.
    IdentityStrategy: USE_USERNAME
    authExpiration: 12 hours

  oidc:
    enabled: false
    discoveryUrl: #http://<oidc_provider_address>:<oidc_provider_port>/auth/realms/<client_realm>/.well-known/openid-configuration
    clientId: #<client_name_in_oidc_provider>
    clientSecret: #<client_secret_in_oidc_provider>
    claimIdentifyingUser: preferred_username
    ## Request additional scopes, for example profile
    additionalScopes:

openldap:
  enabled: false
  persistence:
    enabled: false
  env:
    LDAP_ORGANISATION: # name of your organization e.g. "Example"
    LDAP_DOMAIN: # your domain e.g. "ldap.example.be"
    LDAP_BACKEND: "hdb"
    LDAP_TLS: "true"
    LDAP_TLS_ENFORCE: "false"
    LDAP_REMOVE_CONFIG_AFTER_SETUP: "false"
  adminPassword: #ChengeMe
  configPassword: #ChangeMe
  customLdifFiles:
    1-default-users.ldif: |-
      # You can find an example ldif file at https://github.com/cetic/fadi/blob/master/examples/basic/example.ldif
## Expose the nifi service to be accessed from outside the cluster (LoadBalancer service).
## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.
## ref: http://kubernetes.io/docs/user-guide/services/
##

# headless service
headless:
  type: ClusterIP
  annotations:
    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"

# ui service
service:
  type: ClusterIP
  httpPort: 8443
  # nodePort: 30236
  annotations:
    loadBalancerIP: 10.36.121.30
    ## Load Balancer sources
    ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
    ##
    # loadBalancerSourceRanges:
    # - 10.10.10.0/24
    ## OIDC authentication requires "sticky" session on the LoadBalancer for JWT to work properly...but AWS doesn't like it on creation
    # sessionAffinity: ClientIP
    # sessionAffinityConfig:
    #   clientIP:
  #     timeoutSeconds: 10800

  # Enables additional port/ports to nifi service for internal processors
  processors:
    enabled: false
    ports:
      - name: processor01
        port: 7001
        targetPort: 7001
        #nodePort: 30701
      - name: processor02
        port: 7002
        targetPort: 7002
        #nodePort: 30702

## Configure Ingress based on the documentation here: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
  enabled: true
  annotations:
    ingress.kubernetes.io/ssl-redirect: "true"
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/proxy-buffer-size: "100m"
    nginx.org/location-snippets: |
            proxy_set_header HOST "0.0.0.0";
            proxy_set_header X-ProxyHost "0.0.0.0";

  tls: []
  hosts:
    - ingress.url
  path: /
  # If you want to change the default path, see this issue https://github.com/cetic/helm-nifi/issues/22

# Amount of memory to give the NiFi java heap
jvmMemory: 4g

# Separate image for tailing each log separately and checking zookeeper connectivity
sidecar:
  image: busybox
  tag: "1.32.0"
  imagePullPolicy: "IfNotPresent"

## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
  enabled: false

  # When creating persistent storage, the NiFi helm chart can either reference an already-defined
  # storage class by name, such as "standard" or can define a custom storage class by specifying
  # customStorageClass: true and providing the "storageClass", "storageProvisioner" and "storageType".
  # For example, to use SSD storage on Google Compute Engine see values-gcp.yaml
  #
  # To use a storage class that already exists on the Kubernetes cluster, we can simply reference it by name.
  # For example:
  storageClass: azurefile
  #
  # The default storage class is used if this variable is not set.

  accessModes:  [ReadWriteOnce]
  ## Storage Capacities for persistent volumes
  configStorage:
    size: 100Mi
  authconfStorage:
    size: 100Mi
  # Storage capacity for the 'data' directory, which is used to hold things such as the flow.xml.gz, configuration, state, etc.
  dataStorage:
    size: 1Gi
  # Storage capacity for the FlowFile repository
  flowfileRepoStorage:
    size: 1Gi
  # Storage capacity for the Content repository
  contentRepoStorage:
    size: 1Gi
  # Storage capacity for the Provenance repository. When changing this, one should also change the properties.provenanceStorage value above, also.
  provenanceRepoStorage:
    size: 1Gi
  # Storage capacity for nifi logs
  logStorage:
    size: 5Gi

## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources: #{}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  limits:
   cpu: 500m
   memory: 2000Mi
  requests:
   cpu: 100m
   memory: 256Mi

logresources:
  requests:
    cpu: 10m
    memory: 50Mi
  limits:
    cpu: 500m
    memory: 500Mi

## Enables setting your own affinity. Mutually exclusive with sts.AntiAffinity
## You need to set the value of sts.AntiAffinity other than "soft" and "hard"
affinity: {}

nodeSelector: {}

tolerations: []

initContainers: {}
  # foo-init:  # <- will be used as container name
  #   image: "busybox:1.30.1"
  #   imagePullPolicy: "IfNotPresent"
  #   command: ['sh', '-c', 'echo this is an initContainer']
  #   volumeMounts:
  #     - mountPath: /tmp/foo
  #       name: foo

extraVolumeMounts: []

extraVolumes: []

## Extra containers
extraContainers: []

terminationGracePeriodSeconds: 30

## Extra environment variables that will be pass onto deployment pods
env:
  #- name: NIFI_WEB_PROXY_HOST
  #  value: "ingress.url"
  #- name: AUTH
  #  value: ldap
  #  value: ingress.url

## Extra environment variables from secrets and config maps
envFrom: []

# envFrom:
#   - configMapRef:
#       name: config-name
#   - secretRef:
#       name: mysecret

## Openshift support
## Use the following varables in order to enable Route and Security Context Constraint creation
openshift:
  scc:
    enabled: false
  route:
    enabled: false
    #host: www.test.com
    #path: /nifi

# ca server details
# Setting this true would create a nifi-toolkit based ca server
# The ca server will be used to generate self-signed certificates required setting up secured cluster
ca:
  ## If true, enable the nifi-toolkit certificate authority
  enabled: false
  persistence:
    enabled: true
  server: ""
  service:
    port: 9090
  token: sixteenCharacters
  admin:
    cn: admin
  serviceAccount:
    create: false
    #name: nifi-ca
  openshift:
    scc:
      enabled: false

# ------------------------------------------------------------------------------
# Zookeeper:
# ------------------------------------------------------------------------------
zookeeper:
  ## If true, install the Zookeeper chart
  ## ref: https://github.com/bitnami/charts/blob/master/bitnami/zookeeper/values.yaml
  enabled: true
  ## If the Zookeeper Chart is disabled a URL and port are required to connect
  url: ""
  port: 2181
  replicaCount: 1
  persistence:
    storageClass: azurefile

# ------------------------------------------------------------------------------
# Nifi registry:
# ------------------------------------------------------------------------------
registry:
  ## If true, install the Nifi registry
  enabled: false
  url: ""
  port: 80
  ## Add values for the nifi-registry here
  ## ref: https://github.com/dysnix/charts/blob/master/nifi-registry/values.yaml

# Configure metrics
metrics:
  prometheus:
    # Enable Prometheus metrics
    enabled: false
    # Port used to expose Prometheus metrics
    port: 9092
    serviceMonitor:
      # Enable deployment of Prometheus Operator ServiceMonitor resource
      enabled: false
      # namespace: monitoring
      # Additional labels for the ServiceMonitor
      labels: {}

cetic / helm-nifi

[cetic/nifi] ca keystore invalid #114