In NiFi 1.25.0 the access JWT changed its issuer/sub to a specific pod. Due to the round robin of the service / nodeport (it should be fine with load balancers and sticky sessions), it happens that you are connecting with a JWT from pod X to pod Y which is rejected and basically logs you out or results in strange behavior... This makes the UI more or less not usable for proper production.
We should create a single pod service (or adapt the create-reporting-task service that talks to only one pod) to avoid this behavior. It probably makes sense to deploy one (single-pod) service per pod (listener??).
In NiFi 1.25.0 the access JWT changed its issuer/sub to a specific pod. Due to the round robin of the service / nodeport (it should be fine with load balancers and sticky sessions), it happens that you are connecting with a JWT from pod X to pod Y which is rejected and basically logs you out or results in strange behavior... This makes the UI more or less not usable for proper production.
We should create a single pod service (or adapt the create-reporting-task service that talks to only one pod) to avoid this behavior. It probably makes sense to deploy one (single-pod) service per pod (listener??).