I am trying to deploy Nifi on k8s as deployment and using ingress to expose URL to the public.
Offloaded TLS certs at ingress and trying to terminate at Nginx level.
Getting CORS error while uploading the template.
Error:-
Invalid CORS request
deployment.yml:
kind: Deployment
apiVersion: apps/v1
metadata:
name: nifi
namespace: default
labels:
app.service: nifi
spec:
replicas: 1
selector:
matchLabels:
app.service: nifi
template:
metadata:
creationTimestamp: null
labels:
app.service: nifi
spec:
containers:
- name: nifi
image: apache/nifi:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
protocol: TCP
env:
- name: NIFI_WEB_HTTP_PORT
value: '8080'b
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
---
kind: Service
apiVersion: v1
metadata:
name: nifi
namespace: default
labels:
app.service: nifi
spec:
ports:
- name: '8080'
protocol: TCP
port: 8080
targetPort: 8080
selector:
app.service: nifi
type: ClusterIP
ingress.yml:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-passthrough: "false"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "on"
namespace: default
spec:
tls:
- hosts:
- nifi.example.com
secretName: nifi-tls-certs
rules:
- host: nifi.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nifi
port:
number: 8080
Tried NIFI_WEB_PROXY_HOST=nifi.example.com:443 too but no use.
Ingress log Error:-
2021/09/21 14:23:14 [warn] 1348#1348: *847786 a client request body is buffered to a temporary file /tmp/client-body/0000000012, client: 43.225.23.99, server: nifi.example.com, request: "POST /nifi-api/process-groups/08bbe91d-017c-1000-dec3-0d02076b6539/templates/upload HTTP/2.0", host: "nifi.example.com", referrer: "https://nifi.example.com/nifi/"
Nifi log Error:-
2021-09-22 02:31:18,347 DEBUG [NiFi Web Server-19] o.s.web.cors.DefaultCorsProcessor Reject: 'https://nifi.example.com' origin is not allowed
2021-09-22 02:31:18,350 DEBUG [NiFi Web Server-19] org.eclipse.jetty.server.HttpOutput write(array HeapByteBuffer@6ff9f1ff[p=0,l=20,c=20,r=20]={<<<Invalid CORS request>>>})
2021-09-22 02:31:18,350 DEBUG [NiFi Web Server-19] org.eclipse.jetty.server.HttpOutput write(array) s=OPEN,api=BLOCKING,sc=false,e=null aggregated !flush HeapByteBuffer@6ef19f58[p=0,l=20,c=32768,r=20]={<<<Invalid CORS request>>>ray","new...newClas}
2021-09-22 02:31:18,350 DEBUG [NiFi Web Server-19] o.e.j.s.h.gzip.GzipHttpOutputInterceptor org.eclipse.jetty.server.handler.gzip.GzipHttpOutputInterceptor@3eb5c802 exclude by status 403
2021-09-22 02:31:18,350 DEBUG [NiFi Web Server-19] org.eclipse.jetty.server.HttpChannel sendResponse info=null content=HeapByteBuffer@6ef19f58[p=0,l=20,c=32768,r=20]={<<<Invalid CORS request>>>ray","new...newClas} complete=false committing=true callback=Blocker@1ef6baee{null}
2021-09-22 02:31:18,351 DEBUG [NiFi Web Server-19] org.eclipse.jetty.server.HttpChannel COMMIT for /nifi-api/process-groups/0b45181a-017c-1000-9ca3-332ebefb0500/templates/upload on HttpChannelOverHttp@5907776f{s=HttpChannelState@362f276b{s=HANDLING rs=BLOCKING os=COMMITTED is=IDLE awp=false se=false i=true al=0},r=13,c=false/false,a=HANDLING,uri=//nifi.example.com/nifi-api/process-groups/0b45181a-017c-1000-9ca3-332ebefb0500/templates/upload,age=73}
Date: Wed, 22 Sep 2021 02:31:18 GMT
2021-09-22 02:31:18,351 DEBUG [NiFi Web Server-19] org.eclipse.jetty.server.HttpConnection generate: NEED_HEADER for SendCallback@43ebff93[PROCESSING][i=HTTP/1.1{s=403,h=8,cl=-1},cb=org.eclipse.jetty.server.HttpChannel$SendCallback@27de40f2] (null,[p=0,l=20,c=32768,r=20],false)@START
