Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple fixes related to secure clusters #1

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Multiple fixes related to secure clusters #1

wants to merge 5 commits into from

Conversation

Subv
Copy link
Owner

@Subv Subv commented Oct 11, 2020

  • The Ingress definition was using the httpPort by default instead of the httpsPort when the cluster was installed in secure mode.
  • Leave all the security configurations blank in nifi.properties by default.
  • Set the keystore/truststore types to jks only when clusterSecure is enabled.
  • Corrected the label key for the soft antiAffinity configuration.

What this PR does / why we need it:

Which issue this PR fixes

(optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged)

Special notes for your reviewer:

Checklist

[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]

  • DCO signed
  • Chart Version bumped
  • Variables are documented in the README.md

Subv added 5 commits October 11, 2020 17:17
@Subv
Use the proper port variable when clusterSecure is enabled.
345059c 
The Ingress definition was using the httpPort by default instead of the httpsPort when the cluster was installed in secure mode.
@Subv
Bump chart version to 0.5.5
91d6a4f
@Subv
Leave all the security configurations blank in nifi.properties by def…
c5322c5 
…ault.

Nifi 1.12.1 checks whether any of these `nifi.security.XXX` values is non-empty to determine whether the user wants to set a keystore or not.

We leave them blank by default so unsecured clusters will at least run.

Fixes the "TlsException: The keystore properties are not valid" error when starting up.

Fixes cetic#77
@Subv
Set the keystore and truststore types to jks when clusterSecure is true
b91ed52 
This is a continuation of c5322c5 , it allows secured clusters to start up again by setting the keystore types to their expected values.
@Subv
Corrected the label key for the soft antiAffinity configuration
39f987d 
It was previously using "component" as the key, which doesn't actually exist by default, the proper key should be "app".
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
hacktoberfest-accepted
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

v1.12.0: The keystore properties are not valid
1 participant
@Subv