You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Nadeem (Jira)" <ji...@apache.org> on 2021/06/28 14:19:00 UTC
[jira] [Commented] (NIFI-8743) Support for Kubernetes Highly
available cluster and ease of use integration
[ https://issues.apache.org/jira/browse/NIFI-8743?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17370615#comment-17370615 ]
Nadeem commented on NIFI-8743:
------------------------------
[~emgage_manim] NiFi does support Kubernetes. To answer following your questions.
We are encountering major setbacks in achieving the following:
* Highly available nifi cluster
*Answer:* When you use RollingUpdate strategy of Statefulset, you can certainly achieve high availability when you are doing patches or updates to NiFi while still running your dataflows on nodes which are yet to be patched.
* Wildcard TLS to support multitenant system
*Answer:* Wildcard TLS are highly not recommended (You can follow administrative guide to find why). Also, we use
* Connecting with AWS Cognito for authentication or other identity providers.
*Answer*: I haven't actually used Cognito and note sure if there is plugin to support but however other popular identity providers like ldap, saml, openid, knox are available.
* Multi-tenant configuration with isolation for resources (data, storage and compute)
*Answer:* You need to employ subscription based modelling to segregate data, storage and compute (i.e each NiFi cluster per subscription). Other than multi-tenant authorization, you can't really do multi-tenant configuration the way NiFi is designed
> Support for Kubernetes Highly available cluster and ease of use integration
> ---------------------------------------------------------------------------
>
> Key: NIFI-8743
> URL: https://issues.apache.org/jira/browse/NIFI-8743
> Project: Apache NiFi
> Issue Type: Improvement
> Components: NiFi Registry, NiFi Stateless
> Environment: Kubernetes
> Reporter: Mani M
> Priority: Major
> Labels: Nifi, nifi
>
> Currently, Nifi doesn't support Kubernetes. Looks like we need to set up a cluster in a bare metal server. Even though there are 3rd party helm charts it is still difficult to set up a production-grade system.
>
> We are encountering major setbacks in achieving the following:
> * Highly available nifi cluster
> * Wildcard TLS to support multitenant system
> * Connecting with AWS Cognito for authentication or other identity providers.
> * Multi-tenant configuration with isolation for resources (data, storage and compute)
>
> Are there plans to resolve these or were they already resolved?
> If addressed already, Any help in guiding us to resolve the above roadblocks would help us.
> If not addressed, Any plan or Items Work in Progress to address them?
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)