[jira] [Commented] (NIFI-12590) Add an option to add a prefix on Kubernetes resources

Wed, 17 Jan 2024 09:44:05 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-12590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17807830#comment-17807830
 ] 

ASF subversion and git services commented on NIFI-12590:
--------------------------------------------------------

Commit 787c45dd61f6bec51fb11beef4eb3b71acb2cf71 in nifi's branch 
refs/heads/main from Juldrixx
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=787c45dd61 ]

NIFI-12590 Added Prefix Properties for Kubernetes Leases and ConfigMaps

This closes #8240

Signed-off-by: David Handermann <exceptionfact...@apache.org>


> Add an option to add a prefix on Kubernetes resources
> -----------------------------------------------------
>
>                 Key: NIFI-12590
>                 URL: https://issues.apache.org/jira/browse/NIFI-12590
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>    Affects Versions: 2.0.0-M2
>            Reporter: Julien G.
>            Assignee: Julien G.
>            Priority: Major
>          Time Spent: 4h 10m
>  Remaining Estimate: 0h
>
> In case of using Kubernetes as a *Cluster Leader Election* and *State 
> Mangement*, NiFi will create two types of resources: *ConfigMaps* and 
> *Leases*.
> 2 *Leases* for the _Cluster Leader Election_ and multiple *ConfigMaps* 
> depending the number of components which their state to be stored.
> Their names are normalized:
> - *Leases*: {{cluster-coordinator}} and {{primary-node}}.
> - *ConfigMap*: {{nifi-component-%s}} with {{%s}} the component identifier.
> But currently, if someone wants to deploy more than one cluster in one 
> namespace, conflicts will arise. Because the resources will share their 
> names. It has been done this way to prevent security concerns where a cluster 
> will manipulate resources of another cluster.
> But as discussed on Slack, these concerns can't prevented with 100% certainty.
> So users should be able to configure a prefix to add to these resources to 
> prevent conflict and assume the security concerns.
> It can be done by replicating the logic done with ZooKeeper by adding a 
> property in {{nifi.properties}} and a new field in the 
> {{state_management.xml}} file.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to