search

konpyutaika / nifikop

The NiFiKop NiFi Kubernetes operator makes it easy to run Apache NiFi on Kubernetes. Apache NiFI is a free, open-source solution that support powerful and scalable directed graphs of data routing, transformation, and system mediation logic.
https://konpyutaika.github.io/nifikop/
Apache License 2.0
125 stars 42 forks source link

How to import nifi registry self-signed certificate to nifi cluster #262

Open Demcheck opened 1 year ago

Demcheck commented 1 year ago

Type of question

General Context

Support question

Hello everyone! I wanna connect my new nifi cluster provisioned by nifikop with NifI Registry. But registry use self-signed certificate and I need import it to trustore generated by Cert-Manager. How can I do it?

NiFiKop version

No response

Golang version

No response

Kubernetes version

No response

NiFi version

No response

mh013370 commented 1 year ago

If you insist on using self-signed certs, I would recommend using a common CA to sign the certs for Registry and NiFi. For example, create a self-signer CA independently of nifikop and Registry:

https://cert-manager.io/docs/configuration/selfsigned/

And then in nifikop you can configure SSLSecrets with an issuerRef to tell nifikop which CA to have sign the certs for each nifi pod. You would point to the CA you created above. https://konpyutaika.github.io/nifikop/docs/5_references/1_nifi_cluster/6_listeners_config#sslsecrets

I'm not sure how you're deploying Registry - can you control which CA signs its certs?