Skip to content
This repository has been archived by the owner on Feb 12, 2024. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: cetic/helm-nifi
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 0.7.8
Choose a base ref
...
head repository: cetic/helm-nifi
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
Loading
Showing with 2,981 additions and 716 deletions.
  1. +1 −1 .circleci/config.yml
  2. +2 −50 .github/ISSUE_TEMPLATE/bug_report.md
  3. +2 −19 .github/ISSUE_TEMPLATE/feature_request.md
  4. +2 −39 .github/PULL_REQUEST_TEMPLATE.md
  5. +57 −0 .github/workflows/test-ldap.yml
  6. +116 −0 .github/workflows/test-oidc.yml
  7. +146 −0 .github/workflows/test-persistence.yml
  8. +54 −0 .github/workflows/test-safetyvalve.yml
  9. +57 −0 .github/workflows/test-singleuser.yml
  10. +115 −0 .github/workflows/test-site-to-site.yml
  11. +35 −0 .github/workflows/test-startup-probe.yml
  12. +26 −11 .github/workflows/test.yml
  13. +3 −0 .helmignore
  14. +11 −4 Chart.yaml
  15. +79 −32 README.md
  16. +0 −257 configs/authorizers-empty.xml
  17. +6 −6 configs/authorizers.xml
  18. +9 −0 configs/bootstrap.conf
  19. +3 −18 configs/{login-identity-providers.xml → login-identity-providers-ldap.xml}
  20. +47 −39 configs/nifi.properties
  21. +1 −1 configs/state-management.xml
  22. +17 −0 doc/FAQ.md
  23. +47 −0 doc/INSTALLATION.md
  24. +109 −0 doc/KEYCLOAK.md
  25. +6 −0 doc/README.md
  26. +122 −0 doc/USERMANAGEMENT.md
  27. BIN doc/images/installation/add-realm.png
  28. BIN doc/images/installation/add-user.png
  29. BIN doc/images/installation/change-pass.png
  30. BIN doc/images/installation/client-nifi-created.PNG
  31. BIN doc/images/installation/client-nifi.png
  32. BIN doc/images/installation/devops-realm.png
  33. BIN doc/images/installation/grafana-keycloak-auth.png
  34. BIN doc/images/installation/john-doe.png
  35. BIN doc/images/installation/keycloak-clients.png
  36. BIN doc/images/installation/keycloak-first-screen.png
  37. BIN doc/images/installation/keycloak-realms.png
  38. BIN doc/images/installation/keycloak-ui.png
  39. BIN doc/images/installation/nifi-credentials.PNG
  40. BIN doc/images/installation/users-page.png
  41. BIN doc/images/logos/cetic.png
  42. BIN doc/images/logos/helm.png
  43. BIN doc/images/logos/keycloak-logo.png
  44. BIN doc/images/logos/nifi.png
  45. +4 −6 templates/NOTES.txt
  46. +2 −2 templates/_helpers.tpl
  47. +157 −0 templates/cert-manager.yaml
  48. +11 −19 templates/ingress.yaml
  49. +0 −4 templates/route.yaml
  50. +8 −11 templates/service.yaml
  51. +4 −1 templates/servicemonitor.yaml
  52. +444 −169 templates/statefulset.yaml
  53. +3 −0 tests/01-safetyValve-values.yaml
  54. +8 −0 tests/02-persistence-disabled-values.yaml
  55. +2 −0 tests/02-persistence-enabled-values.yaml
  56. +14 −0 tests/03-ldap-values.yaml
  57. +45 −0 tests/03-ldap/deployment.yaml
  58. +8 −0 tests/03-ldap/secret.yaml
  59. +14 −0 tests/03-ldap/service.yaml
  60. +87 −0 tests/04-oidc-keycloak-setup.bash
  61. +84 −0 tests/04-oidc-login-test.js
  62. +14 −0 tests/04-oidc-test-framework/browserless-service.yaml
  63. +31 −0 tests/04-oidc-test-framework/browserless-statefulset.yaml
  64. +6 −0 tests/04-oidc-test-framework/keycloak-secret.yaml
  65. +14 −0 tests/04-oidc-test-framework/keycloak-service.yaml
  66. +45 −0 tests/04-oidc-test-framework/keycloak-statefulset.yaml
  67. +43 −0 tests/04-oidc-test-framework/socks5.yaml
  68. +21 −0 tests/04-oidc-values.yaml
  69. +17 −0 tests/05-install-cert-manager.bash
  70. +14 −0 tests/05-secure-cluster-values.yaml
  71. +255 −0 tests/06-alpha.flow.xml
  72. +192 −0 tests/06-bravo.flow.xml
  73. +59 −0 tests/06-site-to-site.bash
  74. +17 −0 tests/07-increase-webhook-timeout.yaml
  75. +114 −0 tests/07-oidc-cluster-login-test.js
  76. +40 −0 tests/07-oidc-cluster-values.yaml
  77. +131 −27 values.yaml
2 changes: 1 addition & 1 deletion .circleci/config.yml
Original file line number Diff line number Diff line change
@@ -10,5 +10,5 @@ jobs:
environment:
- GITHUB_PAGES_REPO: cetic/helm-charts
- HELM_CHART: nifi
- HELM_VERSION: 3.1.2
- HELM_VERSION: 3.9.0
command: wget -O - https://raw.githubusercontent.com/cetic/helm-chart-publisher/master/publish.sh | sh
52 changes: 2 additions & 50 deletions .github/ISSUE_TEMPLATE/bug_report.md
Original file line number Diff line number Diff line change
@@ -7,54 +7,6 @@ assignees: ''

---

<!-- Thanks for filing an issue! Before hitting the button, please answer these questions. It's helpful to search the existing GitHub issues first. It's likely that another user has already reported the issue you're facing, or it's a known issue that we're already aware of
$${\color{red}This \space project \space is \space not \space maintained \space anymore.}$$

Fill in as much of the template below as you can. If you leave out information, we can't help you as well.
Be ready for followup questions, and please respond in a timely manner. If we can't reproduce a bug or think a feature already exists, we might close your issue. If we're wrong, PLEASE feel free to reopen it and explain why.
-->

**Describe the bug**
A clear and concise description of what the bug is.

**Version of Helm and Kubernetes**:


**What happened**:


**What you expected to happen**:


**How to reproduce it** (as minimally and precisely as possible):


**Anything else we need to know**:

Here are some information that help troubleshooting:

* if relevant, provide your `values.yaml` (after removing sensitive information)
* the output of the folowing commands:

Check if a pod is in error:
```bash
kubectl get pod
NAME READY STATUS RESTARTS AGE
myrelease-nifi-0 3/4 Failed 1 56m
myrelease-nifi-registry-0 1/1 Running 0 56m
myrelease-nifi-zookeeper-0 1/1 Running 0 56m
myrelease-nifi-zookeeper-1 1/1 Running 0 56m
myrelease-nifi-zookeeper-2 1/1 Running 0 56m
```

Inspect the pod, check the "Events" section at the end for anything suspicious.

```bash
kubectl describe pod myrelease-nifi-0
```

Get logs on a failed container inside the pod (here the `server` one):

```bash
kubectl logs myrelease-nifi-0 server
```
If you are interested in maintaining a fork of this project, please chime in in the [dedicated issue](https://github.com/cetic/helm-nifi/issues/330).
21 changes: 2 additions & 19 deletions .github/ISSUE_TEMPLATE/feature_request.md
Original file line number Diff line number Diff line change
@@ -6,23 +6,6 @@ labels: ''
assignees: ''

---
$${\color{red}This \space project \space is \space not \space maintained \space anymore.}$$

<!-- Thanks for filing an issue! Before hitting the button, please answer these questions. It's helpful to search the existing GitHub issues first. It's likely that another user has already reported the issue you're facing, or it's a known issue that we're already aware of.
Describe *in detail* the feature/behavior/change you'd like to see.
Be ready for followup questions, and please respond in a timely manner. If we can't reproduce a bug or think a feature already exists, we might close your issue. If we're wrong, PLEASE feel free to reopen it and explain why.
-->

**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

**Describe the solution you'd like**
A clear and concise description of what you want to happen.

**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.

**Additional context**
Add any other context or screenshots about the feature request here.

If you are interested in maintaining a fork of this project, please chime in in the [dedicated issue](https://github.com/cetic/helm-nifi/issues/330).
41 changes: 2 additions & 39 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -1,40 +1,3 @@
<!--
Thank you for contributing to this repository. Before you submit this PR we'd like to
make sure you are aware of our technical requirements and best practices:
$${\color{red}This \space project \space is \space not \space maintained \space anymore.}$$

* https://github.com/helm/charts/blob/master/CONTRIBUTING.md#technical-requirements
* https://github.com/helm/helm/tree/master/docs/chart_best_practices
For a quick overview across what we will look at reviewing your PR, please read
the review guidelines form the Helm repository:
* https://github.com/helm/charts/blob/master/REVIEW_GUIDELINES.md
Following our best practices right from the start will accelerate the review process and
help get your PR merged quicker.
When updates to your PR are requested, please add new commits and do not squash the
history. This will make it easier to identify new changes. The PR will be squashed
anyways when it is merged. Thanks.
For fast feedback, please @-mention maintainers that are listed in the Chart.yaml file.
Please make sure you test your changes before you push them. Once pushed, a CircleCI
will run across your changes and do some initial checks and linting. These checks run
very quickly. Please check the results. We would like these checks to pass before we
even continue reviewing your changes.
-->

#### What this PR does / why we need it:

#### Which issue this PR fixes
*(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*
- fixes #

#### Special notes for your reviewer:

#### Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]
- [ ] [DCO](https://github.com/helm/charts/blob/master/CONTRIBUTING.md#sign-your-work) signed
- [ ] Chart Version bumped
- [ ] Variables are documented in the README.md
If you are interested in maintaining a fork of this project, please chime in in the [dedicated issue](https://github.com/cetic/helm-nifi/issues/330).
57 changes: 57 additions & 0 deletions .github/workflows/test-ldap.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
name: Test-LDAP

on:
push:
pull_request:

jobs:
test-ldap:
name: Test NiFi Helm Chart LDAP
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Minikube
uses: manusa/actions-setup-minikube@v2.7.2
with:
minikube version: 'v1.28.0'
kubernetes version: 'v1.25.4'
github token: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout code
uses: actions/checkout@v3
- name: Install dependencies
run: |
sudo apt-get install -y jq
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add dysnix https://dysnix.github.io/charts/
helm repo update
helm dep up
- name: Install openldap
run: |
kubectl apply -f tests/03-ldap
kubectl rollout status --watch deployment/openldap --timeout=5m
- name: Install Nifi
run: helm install nifi . -f tests/03-ldap-values.yaml
- name: Check deployment status
run: |
kubectl rollout status --watch statefulset/nifi --timeout=5m
- name: Wait for NiFi web server to start
run: |
for n in [ 0 1 2 3 4 5 6 7 8 9 ]
do
if kubectl logs pod/nifi-0 -c app-log | grep 'JettyServer NiFi has started'
then
exit 0
fi
sleep 30
done
echo NiFi did not start for 300 seconds!
exit 1
- name: Check that LDAP login works
run: |
kubectl exec nifi-0 -c server -- curl -d username=user1 -d password=password1 -sk https://localhost:8443/nifi-api/access/token | \
grep -v 'The supplied username and password are not valid.'
- name: Check that LDAP incorrect password fails
run: |
kubectl exec nifi-0 -c server -- curl -d username=user1 -d password=password2 -sk https://localhost:8443/nifi-api/access/token | \
grep 'The supplied username and password are not valid.'
116 changes: 116 additions & 0 deletions .github/workflows/test-oidc.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
name: OIDC Logins

on:
push:
pull_request:

jobs:
oidc-insecure:
name: OIDC (Insecure)
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Minikube
uses: manusa/actions-setup-minikube@v2.7.2
with:
minikube version: 'v1.28.0'
kubernetes version: 'v1.25.4'
github token: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout code
uses: actions/checkout@v3
- name: Install dependencies
run: |
curl -sL https://deb.nodesource.com/setup_16.x -o nodesource_setup.sh
sudo bash nodesource_setup.sh
sudo apt-get install -y jq yarn
yarn add puppeteer-core --cwd $HOME
yarn add chai --cwd $HOME
yarn add mocha --cwd $HOME
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add dysnix https://dysnix.github.io/charts/
helm repo update
helm dep up
- name: Install test framework components
run: |
kubectl apply -f tests/04-oidc-test-framework
kubectl create configmap 04-oidc-login-test --from-file=tests/04-oidc-login-test.js
kubectl rollout status --watch statefulset/browserless --timeout=5m
kubectl rollout status --watch statefulset/keycloak --timeout=5m
kubectl rollout status --watch statefulset/socks5 --timeout=5m
tests/04-oidc-keycloak-setup.bash
- name: Install Nifi
run: helm install nifi . -f tests/04-oidc-values.yaml
- name: Check deployment status
run: |
kubectl rollout status --watch statefulset/nifi --timeout=20m
- name: Check that OIDC login works
run: |
export K8SNODEIP=$(kubectl get node -o json | jq -r '.items[0].status.addresses[0].address')
export K8SPORT=$(kubectl get svc browserless -o json | jq -r '.spec.ports[0].nodePort')
export NIFIURL='https://nifi.default.svc.cluster.local:8443/nifi/'
cd $HOME
mkdir -p $HOME/screenshots
node_modules/mocha/bin/_mocha $GITHUB_WORKSPACE/tests/04-oidc-login-test.js --timeout 30000
- name: Archive screenshots
if: ${{ success() || failure() || cancelled() }}
uses: actions/upload-artifact@v3
with:
name: screenshots-insecure
path: ~/screenshots/

oidc-cluster-ingress-cert-manager-local-issuer:
name: OIDC (cluster, Ingress, cert-manager local issuer)
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Minikube
uses: manusa/actions-setup-minikube@v2.7.2
with:
minikube version: 'v1.28.0'
kubernetes version: 'v1.25.4'
github token: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout code
uses: actions/checkout@v3
- name: Install dependencies
run: |
curl -sL https://deb.nodesource.com/setup_16.x -o nodesource_setup.sh
sudo bash nodesource_setup.sh
sudo apt-get install -y jq yarn
yarn add puppeteer-core --cwd $HOME
yarn add chai --cwd $HOME
yarn add mocha --cwd $HOME
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add dysnix https://dysnix.github.io/charts/
helm repo update
helm dep up
- name: Install test framework components
run: |
kubectl apply -f tests/04-oidc-test-framework
kubectl create configmap 04-oidc-login-test --from-file=tests/04-oidc-login-test.js
kubectl rollout status --watch statefulset/browserless --timeout=5m
kubectl rollout status --watch statefulset/keycloak --timeout=5m
kubectl rollout status --watch statefulset/socks5 --timeout=5m
tests/04-oidc-keycloak-setup.bash
tests/05-install-cert-manager.bash
minikube addons enable ingress
kubectl apply -f tests/07-increase-webhook-timeout.yaml
- name: Install Nifi and wait for start
run: |
helm install nifi . -f tests/07-oidc-cluster-values.yaml
kubectl rollout status --watch statefulset/nifi --timeout=20m
- name: Check that OIDC login works
run: |
export K8SNODEIP=$(kubectl get node -o json | jq -r '.items[0].status.addresses[0].address')
export K8SPORT=$(kubectl get svc browserless -o json | jq -r '.spec.ports[0].nodePort')
export NIFIURL='https://ingress-nginx-controller.ingress-nginx.svc.cluster.local/nifi/'
cd $HOME
mkdir -p $HOME/screenshots
node_modules/mocha/bin/_mocha $GITHUB_WORKSPACE/tests/07-oidc-cluster-login-test.js --timeout 30000
- name: Archive screenshots
if: ${{ success() || failure() || cancelled () }}
uses: actions/upload-artifact@v3
with:
name: screenshots-certMgr-localIssuer
path: ~/screenshots/
Loading