search

konpyutaika / nifikop

The NiFiKop NiFi Kubernetes operator makes it easy to run Apache NiFi on Kubernetes. Apache NiFI is a free, open-source solution that support powerful and scalable directed graphs of data routing, transformation, and system mediation logic.
https://konpyutaika.github.io/nifikop/
Apache License 2.0
125 stars 42 forks source link

Deploy without storage #280

Open barhoz10 opened 1 year ago

barhoz10 commented 1 year ago

In the docs StorageConfig is not required, but when you not mention this attribute the operator raise error. I also checked the code and there is IF statement that check if there is any storage mentioned in the crd.

I need to run the operator without storage.

I will appreciate if you solve this problem. Thank you very much!

wrender commented 4 months ago

I believe the default templates for NiFiKop are using ../data/users.xml as the path for the config files for the authorizers.xml so when it runs a cluster it expects there to be a volumeMount at that location. I'm not sure what the reason is for this.

What you can do to overcome this, is create your own Read only configuration. Here: https://konpyutaika.github.io/nifikop/docs/5_references/1_nifi_cluster/2_read_only_config

For example if you created:

  # Authorizer configuration that will be applied to the node
  authorizerConfig:
    # An authorizers.xml configuration template that will replace the default template seen in authorizers.go and the replaceTemplateConfigMap
    replaceTemplateSecretConfig:
      # The key of the value,in data content, that we want use.
      data: authorizers.xml
      # Name of the configmap that we want to refer.
      name: raw
      # Namespace where is located the secret that we want to refer.
      namespace: nifikop

Then you would create a secret called raw, with the key authorizers.xml and contents like this to override the defaults:

{{- $nodeList := .NodeList }}
{{- $clusterName := .ClusterName }}
{{- $namespace := .Namespace }}<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
{{- if and .SingleUserConfiguration.AuthorizerEnabled .SingleUserConfiguration.Enabled}}
<authorizers>
    <authorizer>
    <identifier>single-user-authorizer</identifier>
    <class>org.apache.nifi.authorization.single.user.SingleUserAuthorizer</class>
    </authorizer>
</authorizers>
{{- else}}
<authorizers>
    <userGroupProvider>
        <identifier>file-user-group-provider</identifier>
        <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
        <property name="Users File">./conf/users.xml</property>
        <property name="Legacy Authorized Users File"></property>
        <property name="Initial User Identity admin">{{ .ControllerUser }}</property>
{{- range $i, $host := .NodeList }}
        <property name="Initial User Identity {{ $i }}">{{ $host }}</property>
{{- end }}
    </userGroupProvider>
    <accessPolicyProvider>
        <identifier>file-access-policy-provider</identifier>
        <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
        <property name="User Group Provider">file-user-group-provider</property>
        <property name="Authorizations File">./conf/authorizations.xml</property>
        <property name="Initial Admin Identity">{{ .ControllerUser }}</property>
        <property name="Legacy Authorized Users File"></property>
{{- range $i, $host := .NodeList }}
        <property name="Node Identity {{ $i }}">{{ $host }}</property>
{{- end }}
        <property name="Node Group"></property>
    </accessPolicyProvider>
    <authorizer>
        <identifier>managed-authorizer</identifier>
        <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
        <property name="Access Policy Provider">file-access-policy-provider</property>
    </authorizer>
</authorizers>
{{- end}}

To view the default template that NiFiKop is using you can see it here for reference. : https://github.com/konpyutaika/nifikop/blob/master/pkg/resources/templates/config/authorizers.go