You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@nifi.apache.org by "Ganesh, B (Nokia - IN/Bangalore)" <b....@nokia.com> on 2020/06/12 05:35:17 UTC
secure Nifi with ingress configuration
Hi ,
I am trying to configure secured nifi with ingress , I have not succeed could you please help me to correct the configuration please .
Installed citm-ingress and then flowed procedure
Created the secret by using .pem file generated by below procedure and created k8s secret
• openssl pkcs12 -in CN=admin_OU=NIFI.p12 -passin pass:uva1qK6Rlgw3wSM8dP344oMr5DzjET9Sjpj6TSkcpTU -out test.pem
• openssl x509 -in test.pem -out test.crt
• openssl rsa -in test.pem -out test.key
• kubectl create secret generic ingress-tls-certificate --from-file=tls.crt=test.crt --from-file=tls.key=test.key
ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "{{ template "nifi.fullname" . }}-gui-ingress"
annotations:
nginx.ingress.kubernetes.io/proxy-redirect: "default"
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "false"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
ingress.citm.nokia.com/sticky-route-services: "$cookie_JSESSIONID|JSESSIONID ip_cookie"
nginx.ingress.kubernetes.io/configuration-snippet: "set_cookie_flag * secure;"
nginx.ingress.kubernetes.io/proxy-body-size: "1m"
labels:
chart: {{ .Chart.Name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
rules:
- http:
paths:
- backend:
serviceName: {{ template "nifi.fullname" . }}-gui-ingress
servicePort: 9443
path: /test(/|$)(.*)
tls:
- secretName: ingress-tls-certificate
Thanks & Regards,
Ganesh.B
Re: secure Nifi with ingress configuration
Posted by Andy LoPresto <al...@apache.org>.
Please describe the error you are encountering and what you expect to happen.
Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
He/Him
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69
> On Jun 14, 2020, at 9:59 PM, Ganesh, B (Nokia - IN/Bangalore) <b....@nokia.com> wrote:
>
> Hi ,
>
> Could you please help me to unblock .
>
> Thanks & Regards,
> Ganesh.B
>
> -----Original Message-----
> From: Ganesh, B (Nokia - IN/Bangalore)
> Sent: Friday, June 12, 2020 11:05 AM
> To: dev@nifi.apache.org
> Subject: secure Nifi with ingress configuration
>
> Hi ,
>
> I am trying to configure secured nifi with ingress , I have not succeed could you please help me to correct the configuration please .
>
> Installed citm-ingress and then flowed procedure
>
> Created the secret by using .pem file generated by below procedure and created k8s secret
>
> • openssl pkcs12 -in CN=admin_OU=NIFI.p12 -passin pass:uva1qK6Rlgw3wSM8dP344oMr5DzjET9Sjpj6TSkcpTU -out test.pem
>
> • openssl x509 -in test.pem -out test.crt
>
> • openssl rsa -in test.pem -out test.key
>
> • kubectl create secret generic ingress-tls-certificate --from-file=tls.crt=test.crt --from-file=tls.key=test.key
>
> ingress.yaml
>
> apiVersion: extensions/v1beta1
> kind: Ingress
> metadata:
> name: "{{ template "nifi.fullname" . }}-gui-ingress"
> annotations:
> nginx.ingress.kubernetes.io/proxy-redirect: "default"
> nginx.ingress.kubernetes.io/rewrite-target: /$2
> nginx.ingress.kubernetes.io/secure-backends: "true"
> nginx.ingress.kubernetes.io/ssl-passthrough: "false"
> nginx.ingress.kubernetes.io/ssl-redirect: "true"
> ingress.citm.nokia.com/sticky-route-services: "$cookie_JSESSIONID|JSESSIONID ip_cookie"
> nginx.ingress.kubernetes.io/configuration-snippet: "set_cookie_flag * secure;"
> nginx.ingress.kubernetes.io/proxy-body-size: "1m"
> labels:
> chart: {{ .Chart.Name }}
> release: {{ .Release.Name }}
> heritage: {{ .Release.Service }}
> spec:
> rules:
> - http:
> paths:
> - backend:
> serviceName: {{ template "nifi.fullname" . }}-gui-ingress
> servicePort: 9443
> path: /test(/|$)(.*)
> tls:
> - secretName: ingress-tls-certificate
>
> Thanks & Regards,
> Ganesh.B
>
RE: secure Nifi with ingress configuration
Posted by "Ganesh, B (Nokia - IN/Bangalore)" <b....@nokia.com>.
Hi ,
Could you please help me to unblock .
Thanks & Regards,
Ganesh.B
-----Original Message-----
From: Ganesh, B (Nokia - IN/Bangalore)
Sent: Friday, June 12, 2020 11:05 AM
To: dev@nifi.apache.org
Subject: secure Nifi with ingress configuration
Hi ,
I am trying to configure secured nifi with ingress , I have not succeed could you please help me to correct the configuration please .
Installed citm-ingress and then flowed procedure
Created the secret by using .pem file generated by below procedure and created k8s secret
• openssl pkcs12 -in CN=admin_OU=NIFI.p12 -passin pass:uva1qK6Rlgw3wSM8dP344oMr5DzjET9Sjpj6TSkcpTU -out test.pem
• openssl x509 -in test.pem -out test.crt
• openssl rsa -in test.pem -out test.key
• kubectl create secret generic ingress-tls-certificate --from-file=tls.crt=test.crt --from-file=tls.key=test.key
ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "{{ template "nifi.fullname" . }}-gui-ingress"
annotations:
nginx.ingress.kubernetes.io/proxy-redirect: "default"
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "false"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
ingress.citm.nokia.com/sticky-route-services: "$cookie_JSESSIONID|JSESSIONID ip_cookie"
nginx.ingress.kubernetes.io/configuration-snippet: "set_cookie_flag * secure;"
nginx.ingress.kubernetes.io/proxy-body-size: "1m"
labels:
chart: {{ .Chart.Name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
rules:
- http:
paths:
- backend:
serviceName: {{ template "nifi.fullname" . }}-gui-ingress
servicePort: 9443
path: /test(/|$)(.*)
tls:
- secretName: ingress-tls-certificate
Thanks & Regards,
Ganesh.B