You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@nifi.apache.org by Andy LoPresto <al...@apache.org> on 2020/06/15 17:43:55 UTC

Re: secure Nifi with ingress configuration

Please describe the error you are encountering and what you expect to happen. 

Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
He/Him
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Jun 14, 2020, at 9:59 PM, Ganesh, B (Nokia - IN/Bangalore) <b....@nokia.com> wrote:
> 
> Hi ,
> 
> Could you please help me to unblock .
> 
> Thanks & Regards,
> Ganesh.B
> 
> -----Original Message-----
> From: Ganesh, B (Nokia - IN/Bangalore) 
> Sent: Friday, June 12, 2020 11:05 AM
> To: dev@nifi.apache.org
> Subject: secure Nifi with ingress configuration 
> 
> Hi ,
> 
> I am trying to configure secured nifi with ingress , I have not succeed could you please help me to correct the configuration please .
> 
> Installed citm-ingress and then flowed procedure 
> 
> Created the secret by using .pem file generated by below procedure and created k8s secret 
> 
> •	openssl pkcs12 -in CN=admin_OU=NIFI.p12 -passin pass:uva1qK6Rlgw3wSM8dP344oMr5DzjET9Sjpj6TSkcpTU -out test.pem
> 
> •	openssl x509 -in test.pem -out test.crt
> 
> •	openssl rsa -in test.pem -out test.key
> 
> •	kubectl create secret generic  ingress-tls-certificate --from-file=tls.crt=test.crt --from-file=tls.key=test.key
> 
> ingress.yaml 
> 
> apiVersion: extensions/v1beta1
> kind: Ingress
> metadata:
>  name: "{{ template "nifi.fullname" . }}-gui-ingress"
>  annotations:
>    nginx.ingress.kubernetes.io/proxy-redirect: "default"
>    nginx.ingress.kubernetes.io/rewrite-target: /$2
>    nginx.ingress.kubernetes.io/secure-backends: "true"
>    nginx.ingress.kubernetes.io/ssl-passthrough: "false"
>    nginx.ingress.kubernetes.io/ssl-redirect: "true"
>    ingress.citm.nokia.com/sticky-route-services: "$cookie_JSESSIONID|JSESSIONID ip_cookie"
>    nginx.ingress.kubernetes.io/configuration-snippet: "set_cookie_flag * secure;"
>    nginx.ingress.kubernetes.io/proxy-body-size: "1m"
>  labels:
>    chart: {{ .Chart.Name }}
>    release: {{ .Release.Name }}
>    heritage: {{ .Release.Service }}
> spec:
>  rules:
>  - http:
>      paths:
>      - backend:
>          serviceName: {{ template "nifi.fullname" . }}-gui-ingress
>          servicePort: 9443
>        path: /test(/|$)(.*)
>  tls:
>    - secretName: ingress-tls-certificate
> 
> Thanks & Regards,
> Ganesh.B 
>