search

cetic / helm-nifi

Helm Chart for Apache Nifi
Apache License 2.0
215 stars 225 forks source link

[cetic/nifi] Invalid host header issue #199

Closed asiriwork closed 2 years ago

asiriwork commented 2 years ago

Helm version: v3.5.2 Kubernetes version: v1.20.4 nifi chart version: latest : 1.0.2

I'm trying to connect to nifi UI deployed in kubernetes.

I have set following properties in values yaml

properties:
  # use externalSecure for when inbound SSL is provided by nginx-ingress or other external mechanism
  sensitiveKey: changeMechangeMe # Must to have minimal 12 length key
  algorithm: NIFI_PBKDF2_AES_GCM_256
  externalSecure: false
  isNode: false
  httpsPort: 8443 
  webProxyHost: 10.0.39.39:30666
  clusterPort: 6007

  # ui service
service:
  type: NodePort
  httpsPort: 8443
  nodePort: 30666
  annotations: {}
    # loadBalancerIP:
    ## Load Balancer sources
    ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
    ##
    # loadBalancerSourceRanges:
    # - 10.10.10.0/24
    ## OIDC authentication requires "sticky" session on the LoadBalancer for JWT to work properly...but AWS doesn't like it on creation
    # sessionAffinity: ClientIP
    # sessionAffinityConfig:
    #   clientIP:
  #     timeoutSeconds: 10800

10.0.39.39 - is the kubernetes masternode internal ip.

When nifi get started i get follwoing 

  WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/k8sadmin/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/k8sadmin/.kube/config
NAME: nifi
LAST DEPLOYED: Thu Nov 25 12:38:00 2021
NAMESPACE: jeed-cluster
STATUS: deployed
REVISION: 1
NOTES:
Cluster endpoint IP address will be available at:
kubectl get svc nifi -n jeed-cluster -o jsonpath='{.status.loadBalancer.ingress[*].ip}'

Cluster endpoint domain name is: 10.0.39.39:30666 - please update your DNS or /etc/hosts accordingly!

Once you are done, your NiFi instance will be available at:

  https://10.0.39.39:30666/nifi

and when i do a curl
curl https://10.0.39.39:30666 put sample.txt -k

<h1>System Error</h1>
<h2>The request contained an invalid host header [<code>10.0.39.39:30666</
the request [<code>/</code>]. Check for request manipulation or third-part
t.</h2>
<h3>Valid host headers are [<code>empty
<ul><li>127.0.0.1</li>
<li>127.0.0.1:8443</li>
<li>localhost</li>
<li>localhost:8443</li>
<li>[::1]</li>
<li>[::1]:8443</li>
<li>nifi-0.nifi-headless.jeed-cluste
<li>nifi-0.nifi-headless.jeed-cluste
<li>10.42.0.8</li>
<li>10.42.0.8:8443</li>
<li>0.0.0.0</li>
<li>0.0.0.0:8443</li>
</ul>

Tried lot of things but still cannot add whitelist master node ip in proxy hosts Ingress is not used

edit: it looks like properties set in values.yaml is not set in nifi.properties in side the pod. Is there any reason for this? Appreciate help!

leshibily commented 2 years ago

I am having a similar issue.

@banzo Can we expect a fix anytime soon?

zakaria2905 commented 2 years ago

https://github.com/cetic/helm-nifi/issues/192#issuecomment-996648726

https://github.com/cetic/helm-nifi/issues/192#issuecomment-999113241

kavndu commented 2 years ago

@asiriwork You can try the branch named develop instead of master. I could be able to overcome this error by using develop branch.

arunbabumm commented 2 years ago

@kavndu I have followed the develop branch values.yaml getting this error. Any idea. Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: error validating "": error validating data: ValidationError(Service.spec.ports[0]): missing required field "port" in io.k8s.api.core.v1.ServicePort

banzo commented 2 years ago

Closing, this is stale.

Please reopen if the problem is still happening.