[cetic/nifi] HTTP is mentioned in the README but appears inconsistently supported

cetic / helm-nifi

Helm Chart for Apache Nifi

Apache License 2.0

215 stars 228 forks source link

[cetic/nifi] HTTP is mentioned in the README but appears inconsistently supported #226

Open mnp opened 2 years ago

mnp commented 2 years ago

Describe the bug README.md mentions properties.httpPort. It looks partially supported in the readiness probe for the statefulset, the safety valve, etc., but HTTPS is assumed in many places with no branching for HTTP.

README.md, values.yaml, STS, and Service should probably be clarified and aligned on HTTP.

Version of Helm, Kubernetes and the Nifi chart:

1.0.4

What happened:

Experimenting setting properties.httpsPort = null and properties.httpPort=8080 as readme implies might work.

What you expected to happen:

I was hoping for port 8080 HTTP service to be enabled, and maybe 8443 disabled.

How to reproduce it (as minimally and precisely as possible):

 # approx example
 helm install --set properties.httpPort=8080 foo cetic/nifi

Anything else we need to know:

makapszenna commented 2 years ago

@banzo @mnp Is it possible to enable HTTP instead of HTTPS? I have problems setting up ingress right now. Thanks for the answers.

mnp commented 2 years ago

It /sounds/ like upstream supports HTTP and HTTPS , but not both at once but I think someone needs to do the legwork to configure it using this helm. Hopefully a maintainer can confirm.

palex351 commented 2 years ago

Workaround:

properties:
  safetyValve:
    nifi.remote.input.secure: false
    nifi.web.https.port: ""
    nifi.web.http.host: 127.0.0.1
    nifi.web.http.port: 8080
    nifi.security.keystore: ""
    nifi.security.keystoreType: ""
    nifi.security.truststore: ""
    nifi.security.truststoreType: ""
    nifi.security.user.login.identity.provider: ""
    nifi.security.user.authorizer: ""
service:
  processors:
    enabled: true
    ports:
      - name: nifi-http
        port: 8080
        targetPort: 8080

DekelDevunet commented 1 year ago

Extending your answer, I think the following will work better because there is liveness on the HTTPS port and not on the HTTP one

properties:
  safetyValve:
    nifi.remote.input.secure: false
    nifi.web.https.port: ""
    nifi.web.http.host: 0.0.0.0
    nifi.web.http.port: 8443
    nifi.security.keystore: ""
    nifi.security.keystoreType: ""
    nifi.security.truststore: ""
    nifi.security.truststoreType: ""

JavadHosseini commented 1 year ago

Does these workarounds work for cluster mode? I get this error: java.lang.RuntimeException: The nifi.web.https.port must be specified if running in a cluster with nifi.cluster.protocol.is.secure set to true. @palex351 @DekelDevunet