Skip to main content
Version: v1.9.0

NiFi cluster

NifiCluster describes the desired state of the NiFi cluster we want to setup through the operator.

apiVersion: nifi.konpyutaika.com/v1
kind: NifiCluster
metadata:
name: simplenifi
spec:
service:
headlessEnabled: true
annotations:
tyty: ytyt
labels:
cluster-name: simplenifi
tete: titi
zkAddress: "zookeeper.zookeeper:2181"
zkPath: /simplenifi
externalServices:
- metadata:
annotations:
toto: tata
labels:
cluster-name: driver-simplenifi
titi: tutu
name: driver-ip
spec:
portConfigs:
- internalListenerName: http
port: 8080
type: ClusterIP
clusterImage: "apache/nifi:1.26.0"
initContainerImage: "bash:5.2.2"
oneNifiNodePerNode: true
readOnlyConfig:
nifiProperties:
overrideConfigs: |
nifi.sensitive.props.key=thisIsABadSensitiveKeyPassword
pod:
annotations:
toto: tata
labels:
cluster-name: simplenifi
titi: tutu
nodeConfigGroups:
default_group:
imagePullPolicy: IfNotPresent
isNode: true
serviceAccountName: default
storageConfigs:
- mountPath: "/opt/nifi/nifi-current/logs"
name: logs
reclaimPolicy: Delete
pvcSpec:
accessModes:
- ReadWriteOnce
storageClassName: "standard"
resources:
requests:
storage: 10Gi
resourcesRequirements:
limits:
cpu: "1"
memory: 2Gi
requests:
cpu: "1"
memory: 2Gi
nodes:
- id: 1
nodeConfigGroup: "default_group"
- id: 2
nodeConfigGroup: "default_group"
propagateLabels: true
nifiClusterTaskSpec:
retryDurationMinutes: 10
listenersConfig:
internalListeners:
- containerPort: 8080
type: http
name: http
- containerPort: 6007
type: cluster
name: cluster
- containerPort: 10000
type: s2s
name: s2s
- containerPort: 9090
type: prometheus
name: prometheus
- containerPort: 6342
type: load-balance
name: load-balance

NifiCluster

FieldTypeDescriptionRequiredDefault
metadataObjectMetadatais metadata that all persisted resources must have, which includes all objects users must create.Nonil
specNifiClusterSpecdefines the desired state of NifiCluster.Nonil
statusNifiClusterStatusdefines the observed state of NifiCluster.Nonil

NifiClusterSpec

FieldTypeDescriptionRequiredDefault
clientTypeEnum=basicdefines if the operator will use basic or tls authentication to query the NiFi cluster.Notls
typeEnum=internaldefines if the cluster is internal (i.e manager by the operator) or external.Nointernal
nodeURITemplatestringused to dynamically compute node uri.if external type-
nifiURIstringused access through a LB uri.if external type-
rootProcessGroupIdstringcontains the uuid of the root process group for this cluster.if external type-
secretRef[ ]SecretReferencereference the secret containing the informations required to authentiticate to the cluster.if external type-
proxyUrlstringdefines the proxy required to query the NiFi cluster.if external type-
serviceServicePolicydefines the policy for services owned by NiFiKop operator.No-
podPodPolicydefines the policy for pod owned by NiFiKop operator.No-
zkAddressstringspecifies the ZooKeeper connection string in the form hostname:port where host and port are those of a Zookeeper server.No""
zkPathstringspecifies the Zookeeper chroot path as part of its Zookeeper connection string which puts its data under same path in the global ZooKeeper namespace.Yes"/"
initContainerImagestringcan override the default image used into the init container to check if ZoooKeeper server is reachable.Yes"bash"
initContainers[ ]stringdefines additional initContainers configurations.No[ ]
clusterImagestringcan specify the whole nificluster image in one place.No""
oneNifiNodePerNodebooleanif set to true every nifi node is started on a new node, if there is not enough node to do that it will stay in pending state. If set to false the operator also tries to schedule the nifi node to a unique node but if the node number is insufficient the nifi node will be scheduled to a node where a nifi node is already running.Nonil
propagateLabelsbooleanwhether the labels defined on the NifiCluster metadata will be propagated to resources created by the operator or not.Yesfalse
managedAdminUsers[ ]ManagedUsercontains the list of users that will be added to the managed admin group (with all rights).No[]
managedReaderUsers[ ]ManagedUsercontains the list of users that will be added to the managed admin group (with all rights).No[]
readOnlyConfigReadOnlyConfigspecifies the read-only type Nifi config cluster wide, all theses will be merged with node specified readOnly configurations, so it can be overwritten per node.Nonil
nodeUserIdentityTemplatestringspecifies the template to be used when naming the node user identity (e.g. node-%d-mysuffix)Yes"node-%d-<cluster-name>"
nodeConfigGroupsmap[string]NodeConfigspecifies multiple node configs with unique nameNonil
nodes[ ]Nodespecifies the list of cluster nodes, all node requires an image, unique id, and storageConfigs settingsYesnil
disruptionBudgetDisruptionBudgetdefines the configuration for PodDisruptionBudget.Nonil
ldapConfigurationLdapConfigurationspecifies the configuration if you want to use LDAP.Nonil
singleUserConfigurationSingleUserConfigurationspecifies the configuration if you want to use SingleUser.Nonil
nifiClusterTaskSpecNifiClusterTaskSpecspecifies the configuration of the nifi cluster Tasks.Nonil
listenersConfigListenersConfigspecifies nifi's listener specifig configs.No-
sidecarConfigs[ ]ContainerDefines additional sidecar configurations. [Check documentation for more informations]
externalServices[ ]ExternalServiceConfigsspecifies settings required to access nifi externally.No-
topologySpreadConstraints[ ]TopologySpreadConstraintspecifies any TopologySpreadConstraint objects to be applied to all nodes.Nonil
nifiControllerTemplatestringNifiControllerTemplate specifies the template to be used when naming the node controller (e.g. %s-mysuffix) Warning: once defined don't change this value either the operator will no longer be able to manage the clusterYes"%s-controller"
controllerUserIdentitystringControllerUserIdentity specifies what to call the static admin user's identity Warning: once defined don't change this value either the operator will no longer be able to manage the clusterYesfalse

NifiClusterStatus

FieldTypeDescriptionRequiredDefault
nodesStatemap[string]NodeStateStore the state of each nifi node.No-
StateClusterStateStore the state of each nifi node.Yes-
rootProcessGroupIdstringcontains the uuid of the root process group for this cluster.No-

ServicePolicy

FieldTypeDescriptionRequiredDefault
headlessEnabledbooleanspecifies if the cluster should use headlessService for Nifi or individual services using service per nodes may come an handy case of service mesh.Yesfalse
serviceTemplatestringspecifies the template to be used when naming the service.YesIf headlessEnabled = true ? "%s-headless" = "%s-all-node"
annotationsmap[string]stringAnnotations specifies the annotations to attach to services the NiFiKop operator createsNo-
labelsmap[string]stringLabels specifies the labels to attach to services the NiFiKop operator createsNo-

PodPolicy

FieldTypeDescriptionRequiredDefault
annotationsmap[string]stringAnnotations specifies the annotations to attach to pods the NiFiKop operator createsNo-
labelsmap[string]stringLabels specifies the Labels to attach to pods the NiFiKop operator createsNo-
hostAliases[ ]HostAliasA list of host aliases to include in every pod's /etc/hosts configuration in the scenario where DNS is not available.No[ ]
readinessProbeProbeThe readiness probe that the Pod is configured with. If not provided, a default will be used.Nonil
livenessProbeProbeThe liveness probe that the Pod is configured with. If not provided, a default will be used.Nonil

ManagedUsers

FieldTypeDescriptionRequiredDefault
identitystringidentity field is use to define the user identity on NiFi cluster side, it use full when the user's name doesn't suite with Kubernetes resource name.No-
namestringname field is use to name the NifiUser resource, if not identity is provided it will be used to name the user on NiFi cluster side.Yes-

DisruptionBudget

FieldTypeDescriptionRequiredDefault
createboolif set to true, will create a podDisruptionBudget.No-
budgetstringthe budget to set for the PDB, can either be static number or a percentage.Yes-

LdapConfiguration

FieldTypeDescriptionRequiredDefault
enabledbooleanif set to true, we will enable ldap usage into nifi.properties configuration.Nofalse
urlstringspace-separated list of URLs of the LDAP servers (i.e. ldap://${hostname}:${port}).No""
searchBasestringbase DN for searching for users (i.e. CN=Users,DC=example,DC=com).No""
searchFilterstringFilter for searching for users against the 'User Search Base'. (i.e. sAMAccountName=0). The user specified name is inserted into '0'.No""
authenticationStrategystringHow the connection to the LDAP server is authenticated. Possible values are ANONYMOUS, SIMPLE, LDAPS, or START_TLS.NoSTART_TLS
managerDnstringThe DN of the manager that is used to bind to the LDAP server to search for users.No""
managerPasswordstringThe password of the manager that is used to bind to the LDAP server to search for users.No""
tlsKeystorestringPath to the Keystore that is used when connecting to LDAP using LDAPS or START_TLS. Not required for LDAPS. Only used for mutual TLSNo""
tlsKeystorePasswordstringPassword for the Keystore that is used when connecting to LDAP using LDAPS or START_TLS.No""
tlsKeystoreTypestringType of the Keystore that is used when connecting to LDAP using LDAPS or START_TLS (i.e. JKS or PKCS12).No""
tlsTruststorestringPath to the Truststore that is used when connecting to LDAP using LDAPS or START_TLS. Required for LDAPSNo""
tlsTruststorePasswordstringPassword for the Truststore that is used when connecting to LDAP using LDAPS or START_TLS.No""
tlsTruststoreTypestringType of the Truststore that is used when connecting to LDAP using LDAPS or START_TLS (i.e. JKS or PKCS12).No""
clientAuthstringClient authentication policy when connecting to LDAP using LDAPS or START_TLS. Possible values are REQUIRED, WANT, NONE.No""
protocolstringProtocol to use when connecting to LDAP using LDAPS or START_TLS. (i.e. TLS, TLSv1.1, TLSv1.2, etc).No""
shutdownGracefullystringSpecifies whether the TLS should be shut down gracefully before the target context is closed. Defaults to false.No""
referralStrategystringStrategy for handling referrals. Possible values are FOLLOW, IGNORE, THROW.NoFOLLOW
identityStrategystringStrategy to identify users. Possible values are USE_DN and USE_USERNAME.NoUSE_DN

SingleUserConfiguration

FieldTypeDescriptionRequiredDefault
enabledbooleanspecifies whether or not the cluster should use single user authentication for NifiNofalse
authorizerEnabledbooleanspecifies if the cluster should use use the single-user-authorizer instead of the managed-authorizer (if enabled, the creation of users and user groups will not work in NiFi, and the single user will have no rights by default.)Notrue
secretRefSecretReferencereferences the secret containing the informations required to authentiticate to the clusterNonil
secretKeysUserSecretKeysreferences the keys from the secret containing the user name and password.No{username:"username", password:"password"}

NifiClusterTaskSpec

FieldTypeDescriptionRequiredDefault
retryDurationMinutesintdescribes the time the operator waits before going back and retrying a cluster task, which can be: scale up, scale down, rolling upgrade..Yes5

ClusterState

NameValueDescription
NifiClusterInitializingClusterInitializingstates that the cluster is still in initializing stage
NifiClusterInitializedClusterInitializedstates that the cluster is initialized
NifiClusterReconcilingClusterReconcilingstates that the cluster is still in reconciling stage
NifiClusterRollingUpgradingClusterRollingUpgradingstates that the cluster is rolling upgrading
NifiClusterRunningClusterRunningstates that the cluster is in running state
NifiClusterNoNodesNifiClusterNoNodesstates that the cluster has no nodes

UserSecretKeys

FieldTypeDescriptionRequiredDefault
usernamestringspecifies he name of the secret key to retrieve the user name.Nousername
passwordstringspecifies he name of the secret key to retrieve the user password.Nopassword