nifikop
nifikop copied to clipboard
Orange-OpenSource
Failed to decode x509 certificate from PEM
Hi Guys!
I'm trying to start nifi in k8s and I've configured sslSecrets, but it's responsing error of decode PEM.
2021-12-15T14:05:56.529Z ERROR controller-runtime.manager.controller.nificluster Reconciler error {"reconciler group": "nifi.orange.com", "reconciler kind": "NifiCluster", "name": "nifi-cluster", "namespace": "operator", "error": "failed to decode certificate: Failed to decode x509 certificate from PEM", "errorVerbose": "Failed to decode x509 certificate from PEM\nfailed to decode certificate\ngithub.com/Orange-OpenSource/nifikop/pkg/resources/nifi.(*Reconciler).getServerAndClientDetails\n\t/workspace/pkg/resources/nifi/nifi.go:441\ngithub.com/Orange-OpenSource/nifikop/pkg/resources/nifi.(*Reconciler).Reconcile\n\t/workspace/pkg/resources/nifi/nifi.go:148\ngithub.com/Orange-OpenSource/nifikop/controllers.(*NifiClusterReconciler).Reconcile\n\t/workspace/controllers/nificluster_controller.go:135\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:263\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:235\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1.1\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:198\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext.func1\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.UntilWithContext\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:99\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1374"}
I've tried same configuration of the tutorials, but it not found.
My Configuration:
apiVersion: nifi.orange.com/v1alpha1
kind: NifiCluster
metadata:
name: nifi-cluster
spec:
service:
headlessEnabled: true
zkAddress: "MY_SERVICE_OF_ZK:2181"
zkPath: "/hmlnificluster"
clusterImage: "apache/nifi:1.13.2"
oneNifiNodePerNode: false
managedAdminUsers:
- identity : "[email protected]"
name: "wanderson.pereira"
managedReaderUsers:
- identity : "[email protected]"
name: "wanderson.pereira"
propagateLabels: true
nifiClusterTaskSpec:
retryDurationMinutes: 10
readOnlyConfig:
nifiProperties:
webProxyHosts:
- nifi-hubb2b-hml.ifcshop.com.br:8443
overrideConfigs: |
nifi.web.http.network.interface.default=eth0
nifi.web.http.network.interface.lo=lo
xxxx
bootstrapNotificationServicesConfig:
replaceConfigMap:
name: config-map-nifi
namespace: operator
data: bootstrap_notifications_services.xml
nodeConfigGroups:
default_group:
isNode: true
storageConfigs:
- mountPath: "/opt/nifi/nifi-current/logs"
name: logs
pvcSpec:
accessModes:
- ReadWriteOnce
storageClassName: "nifi-storage"
resources:
requests:
storage: 10Gi
serviceAccountName: "default"
resourcesRequirements:
limits:
cpu: "1.25"
memory: 4Gi
requests:
cpu: "1.25"
memory: 2Gi
nodes:
- id: 1
nodeConfigGroup: "default_group"
- id: 2
nodeConfigGroup: "default_group"
listenersConfig:
internalListeners:
- type: "https"
name: "https"
containerPort: 8443
- type: "cluster"
name: "cluster"
containerPort: 6007
- type: "s2s"
name: "s2s"
containerPort: 10000
- type: "prometheus"
name: "prometheus"
containerPort: 9090
sslSecrets:
tlsSecretName: "nifi-staging-tls"
create: true
I tried to use same version of cert-manager:
- https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.crds.yaml
- https://github.com/jetstack/cert-manager/releases/download/v1.5.4/cert-manager.crds.yaml
- https://github.com/jetstack/cert-manager/releases/download/v1.6.0/cert-manager.crds.yaml
Environment
-
nifikop version: 0.7.5
-
Kubernetes version information: 1.20.9
-
Kubernetes cluster kind: AKS
-
NiFi version: apache/nifi:1.13.2
I've resolved using the exemple: https://github.com/Orange-OpenSource/nifikop/tree/master/config/samples/keycloak-example.
Hi Are the Managed Users are getting created for you, can you please confirm how or which user you are using to login Into Nifi UI. appreciate your response.
Hello @Sreenivas-Ratakonda!
I'm creating users and groups with the NifiUser and NifUserGroup:
https://orange-opensource.github.io/nifikop/docs/5_references/2_nifi_user https://orange-opensource.github.io/nifikop/docs/5_references/6_nifi_usergroup
@wandersonpereira
I have followed the same exact approach for user creation but they are not getting created. atleast nifikop says it created but the user is not there in Nificluster
please have a look: https://github.com/Orange-OpenSource/nifikop/issues/179
Just wanted to check with you did you deploy the Nifikop in AWS EKS in private subnets I facing a lot of issues
Your response is appreciated.