Closed kobethuwis closed 1 year ago
Himanshu-pvt-repo
commented
1 year ago NIFI is quite new to me, and I am also experiencing the issue described above. I have tried so many things to resolve this issue, but have not been successful. Could someone please help us?
wknickless
commented
1 year ago The problem is likely in this line:
nginx.ingress.kubernetes.io/app-root: "/nifi",As you see in the error message, the NiFi UI doesn't just access /nifi, it also accesses /nifi-api. So your Ingress configuration is not complete. See also https://github.com/cetic/helm-nifi/issues/22 for more background.
Himanshu-pvt-repo
commented
1 year ago I have tried without a path in the ingress, but I am still receiving the same error.
kobethuwis
commented
1 year ago The problem is likely in this line:
nginx.ingress.kubernetes.io/app-root: "/nifi",As you see in the error message, the NiFi UI doesn't just access
/nifi, it also accesses/nifi-api. So your Ingress configuration is not complete. See also #22 for more background.
That line simply specifies what to resolve to when navigating to /; the path of the ingress is still "/" so should be able to handle both /nifi & /nifi-api
kobethuwis
commented
1 year ago After some digging I've managed to setup a proxy as mentioned here. I did need to remove nginx.ingress.kubernetes.io/app-root: "/nifi", since it resolved to localhost:9443/nifi with the proxy in place.
@Himanshu-pvt-repo I'm using port 9443 instead of 8443 for the HTTPS resolving since our ingress-nginx-controller runs on 8443, which presents a ton of issues when exposing the Nifi UI on the same port. The remapping of the port might not be necessary in your case.
Final chart setup
resource "helm_release" "nifi" {
depends_on = [XXXXXXXX, XXXXXXXX]
repository = "https://cetic.github.io/helm-charts"
chart = "nifi"
name = "nifi"
namespace = var.namespace
version = var.chart_tag
wait = true
values = [
<<EOT
replicaCount: 1
image:
repository: XXXXXXXX
tag: ${var.nifi_version}
pullPolicy: Always
auth:
singleUser:
username: XXXXXXXX
password: XXXXXXXX
properties:
sensitiveKey: XXXXXXXX
webProxyHost: "${var.host_nifi}"
httpsPort: 9443
service:
httpsPort: 9443
ingress:
enabled: true
hosts:
- ${var.host_nifi}
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/upstream-vhost: "localhost:9443"
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://localhost:9443"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header X-ProxyScheme "https";
proxy_set_header X-ProxyPort "443";
jvmMemory: 32g
persistence:
enabled: true
resources:
limits:
cpu: 4000m
memory: 32Gi
requests:
cpu: 2000m
memory: 16Gi
zookeeper:
enabled: true
replicaCount: 1
registry:
enabled: true
url: "https://nifi-registry:"
port: 18080
image:
repository: ${data.aws_ecr_repository.nifi_registry.repository_url}
pullPolicy: Always
tag: ${var.nifi_registry_version}
persistence:
enabled: false
metrics:
prometheus:
enabled: true
serviceMonitor:
enabled: true
EOT
]
}
github-actions[bot]
commented
1 year ago This issue is stale because it has not seen recent activity. Remove stale label or comment or this will be closed.
Running NiFi in an EKS cluster, exposed by an ingress-nginx-controller. Recently bound a SSL-certificate to the ingress-nginx-controller, managing SSL termination by default across applications. The NiFi UI however won't load the details of it's controller services when using this public SSL certificate in the UI.
Error
Thrown in the web browser after clicking the UI cogwheel element inside the Controller Services menu:
Chart
We use the 1.1.1 version of the Chart backed by a 1.16.3 version of the official NiFi docker image.