On 2025/01/14 11:34:29 [email protected] wrote: > Hi, > > i am using Nifi 2.1.0 with Kubernetes in an Openshift Cluster and i am trying > to monitor the application over the Prometheus API Endpoint (`/nifi- > api/flow/metrics/prometheus`). > > Using Nifi in Openshift creates some difficulties (like rootless Nifi), but > now i can't proceed with the last steps. The Prometheus Api is callling Nifi > by its changing internal IP. So we get an SNI Error, because Nifi 2 uses Java > 21 with Jetty Server 12 and the internal IP is not the same as the certificate > shows for the external access. I want to deactivate the Jetty SNI check. > > SNI Problems are common with Kubernetes Workflows, so Nifi should integrate > the ability to disable SNI checks. Is there a workaround? > > I tried to disable the jetty sni check with java args in the bootstrap file, > but i think those confs are overwritten: > > `java.arg.7=-Djetty.ssl.sniRequired=false` > `java.arg.8=-Djetty.ssl.sniHostCheck=false` > > The confs are loaded in the Java Runtime! > > It would be greate, to be able to monitor the Nifi application and to disable > sni checks. > > Thanks for the great work, > > Jakob Janatka > >
Hi, if somebody else is facing this Issue:
We used the relabeling mechanism in Prometheus in Openshift to have a workaround:
```
spec:
endpoints:
- path: /nifi-api/flow/metrics/prometheus
relabelings:
- action: replace
replacement: 'podname.namespace.svc.cluster.local:port'
targetLabel: __address__
endpoints:
- path: /nifi-api/flow/metrics/prometheus
relabelings:
- action: replace
replacement: 'podname.namespace.svc.cluster.local:port'
targetLabel: __address__
```
Good luck.
