[cetic/nifi] Documented default service type is incorrect

[wbauern]

Describe the bug The helm configuration documentation shows the default service type as NodePort not LoadBalancer.

Version of Helm and Kubernetes: Helm 3.4.2 Kubernetes 1.19

What happened: The default helm configuration for the UI service unexpectedly created an externally exposed ELB. We used a configuration to setup an ingress with only internal access for the Nifi UI but were initially unaware that an ELB was created by the LoadBalancer service by default. While exposed this ELB allowed an unknown external party to access the Nifi UI to create and run an xmrig mining process in our cluster.

What you expected to happen: The chart documentation to state that the service type defaults to LoadBalancer. Or it would probably be better and safer to change the values.yaml of the chart to really make the default type as NodePort so no accidental ELB creations by default.

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know:

Here are some information that help troubleshooting:

Helm install configuration used:

ingress:
  enabled: true
  annotations:
    kubernetes.io/ingress.class: "nginx-internal"
  hosts:
  - nifi.internal.xxxxxxx.com
persistence:
  enabled: true

[banzo]

Many thanks for the bug report, this is indeed not a safe default.

It is now set as ClusterIP by default.