From 718d7ae8609b348e1dde41573a873596f2beb158 Mon Sep 17 00:00:00 2001 From: Said Sef Date: Thu, 3 Aug 2023 18:20:14 +0100 Subject: [PATCH] Updated node/pod HOSTNAME, HOST and IDENTITY and ADDRESS env variable with Kubernetes pod name from metadata name This StatefulSet of Apache NiFi deployment uses hostname as reference in the cluster names. When Apache NiFi nodes/pods occasionally terminated and redeployed old zombie nodes/pods hostnames are still list in the cluster page and can not be removed, this will/should fix that bug The HOSTNAME env variable is never empty as Kubernetes controller will always populate it if is not set The NIFI_CLUSTER_NODE_ADDRESS requires FQDN else it will generate it own address and that will result in error. Added setHostnameAsFQDN to Kubernetes StatefulSet deployment, this has been added as stable in Kubernetes 1.22 and we are currently running Kubernetes 1.27 --- deployment/nifi-ssl-configmap.yml | 4 ++-- deployment/nifi.yml | 32 +++++++++++++++++++------------ deployment/zookeeper.yml | 2 ++ 3 files changed, 24 insertions(+), 14 deletions(-) diff --git a/deployment/nifi-ssl-configmap.yml b/deployment/nifi-ssl-configmap.yml index ef9d21c..a069c59 100644 --- a/deployment/nifi-ssl-configmap.yml +++ b/deployment/nifi-ssl-configmap.yml @@ -27,7 +27,7 @@ data: then echo "Creating keystore" keytool -genkey -noprompt -alias nifi-keystore \ - -dname "CN=SA,OU=${ORGANISATION_UNIT},O=${ORGANISATION},L=${CITY},S=${STATE},C=${COUNTRY_CODE}" \ + -dname "CN=${HOSTNAME},OU=${ORGANISATION_UNIT},O=${ORGANISATION},L=${CITY},S=${STATE},C=${COUNTRY_CODE}" \ -keystore ${NIFI_HOME}/keytool/keystore.p12 \ -storepass ${KEYSTORE_PASS:-$NIFI_SENSITIVE_PROPS_KEY} \ -KeySize 2048 \ @@ -40,7 +40,7 @@ data: then echo "Creating truststore" keytool -genkey -noprompt -alias nifi-truststore \ - -dname "CN=SA,OU=${ORGANISATION_UNIT},O=${ORGANISATION},L=${CITY},S=${STATE},C=${COUNTRY_CODE}" \ + -dname "CN=${HOSTNAME},OU=${ORGANISATION_UNIT},O=${ORGANISATION},L=${CITY},S=${STATE},C=${COUNTRY_CODE}" \ -keystore ${NIFI_HOME}/keytool/truststore.jks \ -storetype jks \ -keypass ${KEYSTORE_PASS:-$NIFI_SENSITIVE_PROPS_KEY} \ diff --git a/deployment/nifi.yml b/deployment/nifi.yml index a6659f7..2d26d6d 100644 --- a/deployment/nifi.yml +++ b/deployment/nifi.yml @@ -23,6 +23,8 @@ spec: spec: automountServiceAccountToken: false enableServiceLinks: false + setHostnameAsFQDN: true + dnsPolicy: ClusterFirstWithHostNet restartPolicy: Always securityContext: runAsGroup: 1000 @@ -74,26 +76,32 @@ spec: - containerPort: 6342 name: cluster-lb env: - - name: NIFI_WEB_HTTP_HOST + - name: POD_IP valueFrom: fieldRef: - fieldPath: status.podIP - - name: NIFI_CLUSTER_NODE_ADDRESS + fieldPath: status.podIP # Use pod ip + - name: POD_NAME valueFrom: fieldRef: - fieldPath: status.podIP - - name: NIFI_REMOTE_INPUT_HOST + fieldPath: metadata.name # Use pod name + - name: POD_NAMESPACE valueFrom: fieldRef: - fieldPath: status.podIP + fieldPath: metadata.namespace # Use pod namespace + - name: NIFI_UI_BANNER_TEXT + value: $(POD_NAME) # Use pod name for banner + - name: NIFI_WEB_HTTP_HOST + value: $(POD_NAME).nifi.$(POD_NAMESPACE).svc.cluster.local # Use pod fqdn as web host + - name: NIFI_CLUSTER_NODE_ADDRESS + value: $(POD_NAME).nifi.$(POD_NAMESPACE).svc.cluster.local # Use pod fqdn as node address + - name: NIFI_REMOTE_INPUT_SOCKET_HOST + value: $(POD_NAME).nifi.$(POD_NAMESPACE).svc.cluster.local # Use pod fqdn as input socket address + - name: NIFI_REMOTE_INPUT_HOST + value: $(POD_NAME).nifi.$(POD_NAMESPACE).svc.cluster.local # Use pod fqdn as input host address - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: status.podIP + value: $(POD_IP) # Use pod ip as hostname - name: NODE_IDENTITY - valueFrom: - fieldRef: - fieldPath: metadata.name + value: $(POD_NAME) # Use pod name as identity envFrom: - configMapRef: name: nifi-cm diff --git a/deployment/zookeeper.yml b/deployment/zookeeper.yml index c8a117f..1d16b50 100644 --- a/deployment/zookeeper.yml +++ b/deployment/zookeeper.yml @@ -23,6 +23,8 @@ spec: spec: automountServiceAccountToken: false enableServiceLinks: false + setHostnameAsFQDN: true + dnsPolicy: ClusterFirstWithHostNet restartPolicy: Always securityContext: runAsGroup: 1000