Created
November 9, 2023 17:27
-
-
Save soenkeliebau/310a1092db3162eed70d16e12dae1dd4 to your computer and use it in GitHub Desktop.
Example of manually provisioning certificates via the secret operator k8ssearch backend
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Secretclass for use by NiFi because we cannot yet rename it there | |
| --- | |
| apiVersion: secrets.stackable.tech/v1alpha1 | |
| kind: SecretClass | |
| metadata: | |
| namespace: nifi-test | |
| name: tls | |
| spec: | |
| backend: | |
| k8sSearch: | |
| searchNamespace: | |
| pod: {} | |
| # Copy of 'tls' secretclass to be used by ZooKeeper | |
| --- | |
| apiVersion: secrets.stackable.tech/v1alpha1 | |
| kind: SecretClass | |
| metadata: | |
| namespace: nifi-test | |
| name: tls-zk | |
| spec: | |
| backend: | |
| autoTls: | |
| ca: | |
| autoGenerate: true | |
| secret: | |
| name: secret-provisioner-tls-ca | |
| namespace: default | |
| maxCertificateLifetime: 15d | |
| # NiFi Cluster | |
| --- | |
| apiVersion: nifi.stackable.tech/v1alpha1 | |
| kind: NifiCluster | |
| metadata: | |
| namespace: nifi-test | |
| name: simple-nifi | |
| spec: | |
| image: | |
| productVersion: 1.21.0 | |
| stackableVersion: "23.7.0" | |
| clusterConfig: | |
| authentication: | |
| - authenticationClass: simple-nifi-users | |
| listenerClass: external-unstable | |
| sensitiveProperties: | |
| keySecret: nifi-sensitive-property-key | |
| autoGenerate: true | |
| zookeeperConfigMapName: simple-nifi-znode | |
| nodes: | |
| roleGroups: | |
| default: | |
| replicas: 2 | |
| ## Secrets for NiFi nodes | |
| --- | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| namespace: nifi-test | |
| name: nifi-1 | |
| labels: | |
| secrets.stackable.tech/class: tls | |
| secrets.stackable.tech/pod: simple-nifi-node-default-1 | |
| secrets.stackable.tech/node: kind-control-plane | |
| secrets.stackable.tech/service: simple-nifi | |
| data: | |
| ca.crt: ... | |
| tls.crt: ... | |
| tls.key: ... | |
| --- | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| namespace: nifi-test | |
| name: nifi-2 | |
| labels: | |
| secrets.stackable.tech/class: tls | |
| secrets.stackable.tech/pod: simple-nifi-node-default-2 | |
| secrets.stackable.tech/node: kind-control-plane | |
| secrets.stackable.tech/service: simple-nifi | |
| data: | |
| ca.crt: ... | |
| tls.crt: ... | |
| tls.key: ... | |
| ## Below here is "plumbing" to set up a working environment for the | |
| ## "interesting" stuff above. | |
| ## NiFi credentials | |
| --- | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: simple-admin-credentials | |
| namespace: nifi-test | |
| stringData: | |
| admin: admin | |
| --- | |
| apiVersion: authentication.stackable.tech/v1alpha1 | |
| kind: AuthenticationClass | |
| metadata: | |
| name: simple-nifi-users | |
| namespace: nifi-test | |
| spec: | |
| provider: | |
| static: | |
| userCredentialsSecret: | |
| name: simple-admin-credentials | |
| # ZNode to request zookeeper connection for NiFi | |
| --- | |
| apiVersion: zookeeper.stackable.tech/v1alpha1 | |
| kind: ZookeeperZnode | |
| metadata: | |
| name: simple-nifi-znode | |
| spec: | |
| clusterRef: | |
| name: simple-zk | |
| # ZooKeeper Cluster - configured to use the non default secretclass 'tls-zk' | |
| --- | |
| apiVersion: zookeeper.stackable.tech/v1alpha1 | |
| kind: ZookeeperCluster | |
| metadata: | |
| name: simple-zk | |
| namespace: nifi-test | |
| spec: | |
| image: | |
| productVersion: 3.8.0 | |
| stackableVersion: "23.7.0" | |
| clusterConfig: | |
| tls: | |
| quorumSecretClass: tls-zk | |
| serverSecretClass: tls-zk | |
| servers: | |
| roleGroups: | |
| default: | |
| replicas: 3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment