This article provides a detailed, step-by-step guide on setting up a secure Apache NiFi cluster with a NiFi Registry in Kubernetes, featuring the f...
For further actions, you may consider blocking this person and/or reporting abuse
Update
The restrictions for using Apache NiFi versions `>1.18.0´ (section 4.1) have been fixed:
cetic/nifi
in version1.2.0
(pull request)dysnix/nifi-registry
in version1.1.5
(pull request)This means that you can now also use the latest Apache NiFi versions.
Hi Jannik Rebmann,
I am trying this configuration but i am facing some issue .
Using oidc nifi and nifi-registry redirect-uri is coming as below:
Nifi : https://:443/nifi-api/access/oidc/callback
Nifi-registry: http://:80/nifi-registry-api/access/oidc/callback
is there something i am missing. why nifi-registry oidc redirect uri is coming on http. but in logs it is running on https(18443).
Please help me out here.
Hi @anmoln4
I had face this issue before you need add header x-proxyscheme: https and x-proxyport:443 in request-transformer for nifi to redirect https header instead of http
Hope its help you.
Hi @anmoln4
I think I need more information about your OIDC configuration.
The
Callback URL
must be set with your OIDC provider. This is the URL that sends back the OIDC authentication response to your NIFI service.So maybe you have set
http://:80/nifi-registry-api/access/oidc/callback
asCallback URL
on your OIDC server?Hi @jrebmann ,
I am following your configuration to enabled CertManager, but i am hitting some issue on unable to locate initial admin. Could you possible to share an example for authorizers.xml ?
Error:
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authorizer': FactoryBean threw exception on object creation; nested exception is org.apache.nifi.authorization.exception.AuthorizerCreationException: org.apache.nifi.authorization.exception.AuthorizerCreationException: Unable to locate initial admin JoseAce@xxxx.com to seed policies
authorizers.xml
Hi @kamniphat01,
thanks for your question.
I have never experienced this error.
Please make sure you also have the mail
joseace@xxxx.com
set in thesecurity
andoidc
sections.hi @jrebmann ,
Thanks for the article on how to setup a secure nifi cluster. Now i was able to successfully deploy nifi cluster with oidc method. Appreciate it
@kamniphat01 You're welcome! Thank you for reading. I hope you will like Apache NiFi ... it has solved so many problems for me.
am deploying nifi and nifi-registry on aks and everything is working but the integration with git.
I try almost everything
change persistance from true to false, tried username and password auth.
this code is part of the values.yaml of nifi.
Hi @heni_nechi,
first of all, I would recommend that you use at least version 1.18.0 of the Apache NIfi Registry. I had a similar problem with the Git integration. I finally solved the problem by using a ssh key.
The corresponding secret looks like following:
I hope this helps you.
Hello @jrebmann
Thanks for your quick response I tried using the integration with ssh key before, I'll give it a shot again with the code provided and I'll get back to you with a reply.
Hey again @jrebmann
as I already told I have tried using the ssh key before and it didn't work same as now.
I really don't know what am doing worng, the secret is being set right by checking the logs it's always defaulting to FileSystemFlowPersistenceProvider and the providers.xml is not being configured :