From 66a672c6316a2cdf3d5003f9d4c0615f0f41554b Mon Sep 17 00:00:00 2001 From: Said Sef Date: Thu, 3 Aug 2023 18:20:14 +0100 Subject: [PATCH] Updated node/pod HOSTNAME, HOST and IDENTITY and ADDRESS env variable with Kubernetes pod name from metadata name This StatefulSet of Apache NiFi deployment uses hostname as reference in the cluster names. When Apache NiFi nodes/pods occasionally terminated and redeployed old zombie nodes/pods hostnames are still list in the cluster page and can not be removed, this will/should fix that bug The HOSTNAME env variable is never empty as Kubernetes controller will always populate it if is not set The NIFI_CLUSTER_NODE_ADDRESS requires FQDN else it will generate it own address and that will result in error. --- deployment/nifi-ssl-configmap.yml | 4 ++-- deployment/nifi.yml | 27 +++++++++++++++------------ 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/deployment/nifi-ssl-configmap.yml b/deployment/nifi-ssl-configmap.yml index ef9d21c..a069c59 100644 --- a/deployment/nifi-ssl-configmap.yml +++ b/deployment/nifi-ssl-configmap.yml @@ -27,7 +27,7 @@ data: then echo "Creating keystore" keytool -genkey -noprompt -alias nifi-keystore \ - -dname "CN=SA,OU=${ORGANISATION_UNIT},O=${ORGANISATION},L=${CITY},S=${STATE},C=${COUNTRY_CODE}" \ + -dname "CN=${HOSTNAME},OU=${ORGANISATION_UNIT},O=${ORGANISATION},L=${CITY},S=${STATE},C=${COUNTRY_CODE}" \ -keystore ${NIFI_HOME}/keytool/keystore.p12 \ -storepass ${KEYSTORE_PASS:-$NIFI_SENSITIVE_PROPS_KEY} \ -KeySize 2048 \ @@ -40,7 +40,7 @@ data: then echo "Creating truststore" keytool -genkey -noprompt -alias nifi-truststore \ - -dname "CN=SA,OU=${ORGANISATION_UNIT},O=${ORGANISATION},L=${CITY},S=${STATE},C=${COUNTRY_CODE}" \ + -dname "CN=${HOSTNAME},OU=${ORGANISATION_UNIT},O=${ORGANISATION},L=${CITY},S=${STATE},C=${COUNTRY_CODE}" \ -keystore ${NIFI_HOME}/keytool/truststore.jks \ -storetype jks \ -keypass ${KEYSTORE_PASS:-$NIFI_SENSITIVE_PROPS_KEY} \ diff --git a/deployment/nifi.yml b/deployment/nifi.yml index a6659f7..77a559f 100644 --- a/deployment/nifi.yml +++ b/deployment/nifi.yml @@ -23,6 +23,7 @@ spec: spec: automountServiceAccountToken: false enableServiceLinks: false + setHostnameAsFQDN: true restartPolicy: Always securityContext: runAsGroup: 1000 @@ -74,26 +75,28 @@ spec: - containerPort: 6342 name: cluster-lb env: - - name: NIFI_WEB_HTTP_HOST + - name: POD_NAME valueFrom: fieldRef: - fieldPath: status.podIP - - name: NIFI_CLUSTER_NODE_ADDRESS + fieldPath: metadata.name # Use pod name + - name: POD_NAMESPACE valueFrom: fieldRef: - fieldPath: status.podIP - - name: NIFI_REMOTE_INPUT_HOST + fieldPath: metadata.namespace # Use pod namespace + - name: POD_IP valueFrom: fieldRef: - fieldPath: status.podIP + fieldPath: status.podIP # Use pod ip + - name: NIFI_WEB_HTTP_HOST + value: $(POD_IP) # Use pod ip as web host + - name: NIFI_CLUSTER_NODE_ADDRESS + value: $(POD_NAME).$(POD_NAMESPACE) # Use pod name as node address + - name: NIFI_REMOTE_INPUT_HOST + value: $(POD_NAME).$(POD_NAMESPACE) # Use pod name as input host - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: status.podIP + value: $(POD_NAME).$(POD_NAMESPACE) # Use pod name as hostname - name: NODE_IDENTITY - valueFrom: - fieldRef: - fieldPath: metadata.name + value: $(POD_NAME).$(POD_NAMESPACE) # Use pod name as identity envFrom: - configMapRef: name: nifi-cm