helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
nifikop nifi 1 2022-03-27 17:53:38.599003529 +0000 UTC deployed nifikop-0.10.0 0.10.0-release
apiVersion: nifi.konpyutaika.com/v1alpha1
kind: NifiCluster
metadata:
name: tlsnifi
spec:
service:
headlessEnabled: true
zkAddress: "zookeeper-svc.zookeeper:2181"
zkPath: "/tlsnifi"
clusterImage: "apache/nifi:1.12.1"
oneNifiNodePerNode: true
managedAdminUsers:
- identity : "[email protected]"
name: "nifiadmin"
managedReaderUsers:
- identity : "[email protected]"
name: "nifireader"
propagateLabels: true
nifiClusterTaskSpec:
retryDurationMinutes: 10
nodeConfigGroups:
default_group:
isNode: true
storageConfigs:
- mountPath: "/opt/nifi/nifi-current/logs"
name: logs
pvcSpec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
- mountPath: "/opt/nifi/data"
name: data
pvcSpec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
- mountPath: "/opt/nifi/flowfile_repository"
name: flowfile-repository
pvcSpec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
- mountPath: "/opt/nifi/nifi-current/conf"
name: conf
pvcSpec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
- mountPath: "/opt/nifi/content_repository"
name: content-repository
pvcSpec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
- mountPath: "/opt/nifi/provenance_repository"
name: provenance-repository
pvcSpec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
serviceAccountName: "default"
resourcesRequirements:
limits:
cpu: "2"
memory: 3Gi
requests:
cpu: "1"
memory: 1Gi
nodes:
- id: 0
nodeConfigGroup: "default_group"
- id: 1
nodeConfigGroup: "default_group"
listenersConfig:
clusterDomain: c2.bugslifesolutions.com
useExternalDNS: false
internalListeners:
- type: "https"
name: "https"
containerPort: 8443
- type: "cluster"
name: "cluster"
containerPort: 6007
- type: "s2s"
name: "s2s"
containerPort: 10000
sslSecrets:
tlsSecretName: "tlsnifi.c2.bugslifesolutions.com"
create: true
issuerRef:
group: cert-manager.io
kind: ClusterIssuer
name: letsencrypt-staging
externalServices:
- name: "nifi-cluster"
spec:
type: LoadBalancer
portConfigs:
- port: 8443
internalListenerName: "https"
readOnlyConfig:
# NifiProperties configuration that will be applied to the node.
nifiProperties:
webProxyHosts:
- nifi.cluster2.admin.bugslifesolutions.com
- nifi.c2.admin.bugslifesolutions.com
# Additionnals nifi.properties configuration that will override the one produced based
# on template and configurations.
overrideConfigs: |
nifi.ui.banner.text=NiFi
nifi.security.user.oidc.discovery.url=https://accounts.google.com/.well-known/openid-configuration
nifi.security.user.oidc.client.id=930711295780-i72an91pqj7rib88r23qfv5q7mth8hgv.apps.googleusercontent.com
nifi.security.user.oidc.client.secret=BvmEyr81P0YXZtIt1FIfGsRs
nifi.security.identity.mapping.pattern.dn=CN=([^,]*)(?:, (?:O|OU)=.*)?
nifi.security.identity.mapping.value.dn=$1
nifi.security.identity.mapping.transform.dn=NONE
status:
nodesState:
"0":
configurationState: ""
gracefulActionState:
actionState: ""
errorMessage: ""
initClusterNode: true
podIsReady: false
prometheusReportingTask:
id: ""
version: 0
rollingUpgradeStatus:
errorCount: 0
lastSuccess: ""
state: ClusterReconciling
{"level":"info","ts":1648403623.7630396,"logger":"setup","msg":"manager set up with multiple namespaces","namespaces":"nifi"}
...
{"level":"info","ts":1648403625.282073,"logger":"controller.nifidataflow","msg":"Starting workers","reconciler group":"nifi.konpyutaika.com","reconciler kind":"NifiDataflow","worker count":1}
{"level":"info","ts":1648403877.1215262,"logger":"controllers.NifiCluster","msg":"CR status updated","status":"ClusterInitializing"}
{"level":"info","ts":1648403877.1492836,"logger":"controllers.NifiCluster","msg":"Nifi cluster state updated"}
{"level":"info","ts":1648403877.1786754,"logger":"controllers.NifiCluster","msg":"CR status updated","status":"ClusterInitialized"}
{"level":"info","ts":1648403877.2189906,"logger":"controllers.NifiCluster","msg":"CR status updated","status":"ClusterReconciling"}
{"level":"info","ts":1648403877.2191544,"logger":"controllers.NifiCluster","msg":"Reconciling cert-manager PKI","component":"nifi","clusterName":"tlsnifi","clusterNamespace":"nifi"}
{"level":"info","ts":1648403877.3570118,"logger":"controllers.NifiCluster","msg":"resource created","component":"nifi","clusterName":"tlsnifi","clusterNamespace":"nifi","kind":"*v1.Service","name":"tlsnifi-headless"}
{"level":"info","ts":1648403877.3572803,"logger":"controllers.NifiCluster","msg":"A new resource was not found or may not be ready"}
{"level":"info","ts":1648403877.3573396,"logger":"controllers.NifiCluster","msg":"server secret not ready: Secret \"tlsnifi-0-server-certificate\" not found"}
{"level":"info","ts":1648403877.3895488,"logger":"controllers.NifiCluster","msg":"CR status updated","status":"ClusterReconciling"}
{"level":"info","ts":1648403877.3896518,"logger":"controllers.NifiCluster","msg":"Reconciling cert-manager PKI","component":"nifi","clusterName":"tlsnifi","clusterNamespace":"nifi"}
{"level":"info","ts":1648403877.391266,"logger":"controllers.NifiCluster","msg":"resource updated","component":"nifi","clusterName":"tlsnifi","clusterNamespace":"nifi","kind":"*v1.Service","name":"tlsnifi-headless"}
{"level":"info","ts":1648403877.3913736,"logger":"controllers.NifiCluster","msg":"A new resource was not found or may not be ready"}
{"level":"info","ts":1648403877.3913915,"logger":"controllers.NifiCluster","msg":"server secret not ready: Secret \"tlsnifi-0-server-certificate\" not found"}
{"level":"info","ts":1648403877.6715496,"logger":"controllers.NifiUser","msg":"generated secret not found, may not be ready"}
{"level":"info","ts":1648403877.796963,"logger":"controllers.NifiUser","msg":"failed to reconcile user secret"}
{"level":"error","ts":1648403877.7970812,"logger":"controller.nifiuser","msg":"Reconciler error","reconciler group":"nifi.konpyutaika.com","reconciler kind":"NifiUser","name":"tlsnifi-0-node.tlsnifi-headless.nifi.svc.c2.bugslifesolutions.com","namespace":"nifi","error":"could not create user certificate: admission webhook \"webhook.cert-manager.io\" denied the request: spec.commonName: Too long: must have at most 64 bytes","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227"}
{"level":"info","ts":1648403877.7981198,"logger":"controllers.NifiUser","msg":"generated secret not found, may not be ready"}
{"level":"info","ts":1648403877.8216078,"logger":"controllers.NifiUser","msg":"failed to reconcile user secret"}
{"level":"error","ts":1648403877.8217096,"logger":"controller.nifiuser","msg":"Reconciler error","reconciler group":"nifi.konpyutaika.com","reconciler kind":"NifiUser","name":"tlsnifi-0-node.tlsnifi-headless.nifi.svc.c2.bugslifesolutions.com","namespace":"nifi","error":"could not create secret with jks password: secrets \"tlsnifi-0-server-certificate\" already exists","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227"}
I0327 18:09:00.095912 1 setup.go:202] cert-manager/clusterissuers "msg"="skipping re-verifying ACME account as cached registration details look sufficient" "related_resource_kind"="Secret" "related_resource_name"="letsencrypt-staging-account-private-key" "related_resource_namespace"="cert-manager" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-staging" "resource_namespace"="" "resource_version"="v1"
I0327 18:09:05.034646 1 setup.go:202] cert-manager/clusterissuers "msg"="skipping re-verifying ACME account as cached registration details look sufficient" "related_resource_kind"="Secret" "related_resource_name"="letsencrypt-staging-account-private-key" "related_resource_namespace"="cert-manager" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-staging" "resource_namespace"="" "resource_version"="v1"
I0327 18:10:03.378491 1 conditions.go:201] Setting lastTransitionTime for Certificate "tlsnifi-controller" condition "Ready" to 2022-03-27 18:10:03.37839815 +0000 UTC m=+63.713073736
I0327 18:10:03.378861 1 trigger_controller.go:181] cert-manager/certificates-trigger "msg"="Certificate must be re-issued" "key"="nifi/tlsnifi-controller" "message"="Issuing certificate as Secret does not contain a private key" "reason"="MissingData"
I0327 18:10:03.378913 1 conditions.go:201] Setting lastTransitionTime for Certificate "tlsnifi-controller" condition "Issuing" to 2022-03-27 18:10:03.378908921 +0000 UTC m=+63.713584482
I0327 18:10:03.762733 1 controller.go:161] cert-manager/certificates-readiness "msg"="re-queuing item due to optimistic locking on resource" "key"="nifi/tlsnifi-controller" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"tlsnifi-controller\": the object has been modified; please apply your changes to the latest version and try again"
I0327 18:10:03.762897 1 conditions.go:201] Setting lastTransitionTime for Certificate "tlsnifi-controller" condition "Ready" to 2022-03-27 18:10:03.762888653 +0000 UTC m=+64.097564227
I0327 18:10:12.499043 1 controller.go:161] cert-manager/certificates-key-manager "msg"="re-queuing item due to optimistic locking on resource" "key"="nifi/tlsnifi-controller" "error"="Operation cannot be fulfilled on certificates.cert-manager.io \"tlsnifi-controller\": the object has been modified; please apply your changes to the latest version and try again"
I0327 18:10:12.591206 1 conditions.go:261] Setting lastTransitionTime for CertificateRequest "tlsnifi-controller-hjpcs" condition "Approved" to 2022-03-27 18:10:12.591190353 +0000 UTC m=+72.925865914
I0327 18:10:12.670590 1 conditions.go:261] Setting lastTransitionTime for CertificateRequest "tlsnifi-controller-hjpcs" condition "Ready" to 2022-03-27 18:10:12.670574343 +0000 UTC m=+73.005249913
E0327 18:10:13.819600 1 sync.go:270] cert-manager/orders "msg"="failed to create Order resource due to bad request, marking Order as failed" "error"="400 urn:ietf:params:acme:error:rejectedIdentifier: Error creating new order :: Cannot issue for \"tlsnifi-controller\": Domain name needs at least one dot" "resource_kind"="Order" "resource_name"="tlsnifi-controller-hjpcs-2838947340" "resource_namespace"="nifi" "resource_version"="v1"
I0327 18:10:13.938765 1 conditions.go:190] Found status change for Certificate "tlsnifi-controller" condition "Issuing": "True" -> "False"; setting lastTransitionTime to 2022-03-27 18:10:13.938746383 +0000 UTC m=+74.273421949
I0327 18:10:13.965550 1 trigger_controller.go:160] cert-manager/certificates-trigger "msg"="Not re-issuing certificate as an attempt has been made in the last hour" "key"="nifi/tlsnifi-controller" "retry_delay"=3599034548569
I0327 18:10:14.023466 1 trigger_controller.go:160] cert-manager/certificates-trigger "msg"="Not re-issuing certificate as an attempt has been made in the last hour" "key"="nifi/tlsnifi-controller" "retry_delay"=3598976585445
apiVersion: cert-manager.io/v1
kind: CertificateRequest
metadata:
annotations:
cert-manager.io/certificate-name: tlsnifi-controller
cert-manager.io/certificate-revision: "1"
cert-manager.io/private-key-secret-name: tlsnifi-controller-s5j8v
creationTimestamp: "2022-03-27T18:10:12Z"
generateName: tlsnifi-controller-
generation: 1
name: tlsnifi-controller-hjpcs
namespace: nifi
ownerReferences:
- apiVersion: cert-manager.io/v1
blockOwnerDeletion: true
controller: true
kind: Certificate
name: tlsnifi-controller
uid: 83fecd4e-6f95-45f8-9d9c-612186ce9eb1
resourceVersion: "23860749"
uid: c7100e70-6c6e-404a-a9b6-3839d5227795
spec:
extra:
authentication.kubernetes.io/pod-name:
- cert-manager-786b9c87f8-nsb8z
authentication.kubernetes.io/pod-uid:
- 035536c1-97a2-49c3-84a8-f64e76c23e98
groups:
- system:serviceaccounts
- system:serviceaccounts:cert-manager
- system:authenticated
issuerRef:
group: cert-manager.io
kind: ClusterIssuer
name: letsencrypt-staging
request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRStEQ0NBdUFDQVFBd0hURWJNQmtHQTFVRUF4TVNkR3h6Ym1sbWFTMWpiMjUwY205c2JHVnlNSUlDSWpBTgpCZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUF2bWlXLzZvVTNSMmVUK080M25HdmkwT3BoYUdICldHSUNreU5hT0UxNVEwV3dsSmF4dXFpMVZXcG9RTGVBL2liQUpqaEpJWlFMSGErUkpnN3piWWdYUFB2cnkzcG0KRmhjcC94NG95WVBNSFhIdytseFdzYlMvb2l0a2g5OWJMWFA1aWNFRTlGMW9nQWpTNTFCWXpUdDZNWDFYQmdSYwpkZ0RRMUVTdFFaS3p3WTF6UERqSHUwTW90eUh4RXg4bVlmNlUwY1pQa0owYkpDUkdob1dZVUZ5alFMMmROK1QxClY1dDdBdG9zSUhRYW1sTHIxWXZmZy9OYVljRHNOWjNIaWVUTTZNM1NsWWZ3TlE5eTFzMTRWVks2Nzl4bEJJUFcKd0xHYWo5SmVmZWZsa0V0MXQ3a2xqK2kvRUZGb05xcERQOXVFajhFTVJsNjA5S2xRYzkzUC9vaTdqUi9TdXFZdwp1Q1NWeVJBVElSMjd5eSsvU0VSUnRuYnc0Y3NHbkJ0SFA4czVlMTdxVGdkak02QjZLblFTWSs4NEhtUFh1cGRGCjBuZDhWUXFsZTl6a2hYVzh1VTN2K1k3RXZUdytUTVVLTDFjZTBsdDNxaG45ZkpsYUsweE8yT2w3UFk2N2xjcGMKdG9KdlBDSXhBV2doMXEwQkE4ZzJyV0gzRGV3VzhuZDYvMmNyN241ZXA3ZUl5aUlLSHFBb3VkUDBENDJ3UlRSUwpsaFYyUlV1VnZ4aUplUmdtbWp2VCtXWi9PWnRUa2ZNUkJCVjNtYUs4VUNOYzBUejhReWhzdWpnejIzcU5vakt4CjBZNHgvWFlhYVE1MitZY1ZUUE9IWHdCdmwwWUVzb0h4M08ydDBuaWI4Tk5BelRVbzIwWHgweXhDOC9yZ3gzSEcKVDdsaHRpcExpUUFBc3JVQ0F3RUFBYUNCbFRDQmtnWUpLb1pJaHZjTkFRa09NWUdFTUlHQk1GTUdBMVVkRVFSTQpNRXFDRW5Sc2MyNXBabWt0WTI5dWRISnZiR3hsY29ZMGMzQnBabVpsT2k4dmRHeHpibWxtYVM5dWN5OXVhV1pwCkwyNXBabWwxYzJWeUwzUnNjMjVwWm1rdFkyOXVkSEp2Ykd4bGNqQUxCZ05WSFE4RUJBTUNBQUF3SFFZRFZSMGwKQkJZd0ZBWUlLd1lCQlFVSEF3SUdDQ3NHQVFVRkJ3TUJNQTBHQ1NxR1NJYjNEUUVCRFFVQUE0SUNBUUNxUGxBTApNaGRSZzBRaVFtNzQwKy9GQXJicjRqUjVoSWZXelhXN1pON0xqbXBmMkJSZlpnbUNHOFdRQVMzWWtQeXFicVdOCitubTcwYWRZdVAweHNFTHEwRi9aL096R05kU0J0OEdVSHJ2di9NalYzVUl4bjVKUDgyYTBVcXpibXU5VVhOMHgKMXFnOElQcDVuMTBoSUJmWDViK1Jabm9pYnowcmtjcVNqMjUyTnZZd3lkNmt6cTV2ejRnQ2hjVW9CZEhOeXBkMgphL0dxQWkrYm1RUSswanJyejJ6dUppNC9JUlF5eTNCT1FSRW5tVDJCMlh5YVhtQnJtZ1hmZytTbGdzVWN0NEFhClE2MXBFQUVKT3F3aWtVbmZXbndqcnh5Y0xoYkR0aGo0R0drZUgzdmplbWtkbENBMWdxSTJGVmU5WWJpWkt6KzIKNlg4bGxRNlAzaDhyY1pNbVRUcUl1eldIMFEzZVBUWTdtZGt1YW1hR1h2TisvM3hkTlNiaFZuckwycHNyTFFXUwpxM096aXB1WFM5UFAySDk2cVplSy8wWlpDWFhpNXc4czlPZW1RdUtFcXF3RkJIYXdSckY1SE5UTWk1ekVuTjZpCm1xZ2trNmdZZmk0L2RFRFdSeEJ6enFxMHdPOThRUkxsUUkxOVQ5R1JzMk1WaXpBM0pNUUNlcHRnVlR3R3lDUnkKN3pqNkQwUEZ5Z0gvMmt5RGlsZ0NGcUVSYkd1K2R3RmhmejhFNUIwVElmVC9DSXlhYWtmMFA4N3VQVnp4N0hEVwpCaDZEckxmbWRlRDNjR1htL2tPT09NT21OaWkyZ0FFVzh3RTBkQWdRam9BbkFSUE1VMDNIcE5QeFJhQXVmZXFTCmJ4cm5CdmZtSHhrVnlwd01abjJDYTJQVEZvbmxOREozZk1hYmtBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==
uid: 62f7108a-f2ba-4b63-b558-e52ec01a78aa
usages:
- client auth
- server auth
username: system:serviceaccount:cert-manager:cert-manager
status:
conditions:
- lastTransitionTime: "2022-03-27T18:10:12Z"
message: Certificate request has been approved by cert-manager.io
reason: cert-manager.io
status: "True"
type: Approved
- lastTransitionTime: "2022-03-27T18:10:12Z"
message: 'Failed to wait for order resource "tlsnifi-controller-hjpcs-2838947340"
to become ready: order is in "errored" state: Failed to create Order: 400 urn:ietf:params:acme:error:rejectedIdentifier:
Error creating new order :: Cannot issue for "tlsnifi-controller": Domain name
needs at least one dot'
reason: Failed
status: "False"
type: Ready
failureTime: "2022-03-27T18:10:13Z"
Client Version: version.Info{Major:"1", Minor:"22", GitVersion:"v1.22.2", GitCommit:"8b5a19147530eaac9476b0ab82980b4088bbc1b2", GitTreeState:"clean", BuildDate:"2021-09-15T21:38:50Z", GoVersion:"go1.16.8", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.1", GitCommit:"86ec240af8cbd1b60bcc4c03c20da9b98005b92e", GitTreeState:"clean", BuildDate:"2021-12-16T11:34:54Z", GoVersion:"go1.17.5", Compiler:"gc", Platform:"linux/amd64"}