# Default values for nifi. # This is a YAML-formatted file. # Declare variables to be passed into your templates. global: busybox: repository: public.ecr.aws/docker/library/busybox:stable nifi: nodeCount: 1 # Default to 1 node since basic auth (default) doesn't support clustering serviceAccount: # Name of the existing service account to use. If not defined, one is created. name: "" # Annotations to add to the service account annotations: { } tls: certificate: duration: 8760h # 365 days renewBefore: 168h # 7 days keystorePasswordSecretRef: # Use default auto-generated secret, or specify existing secret name name: "certificate-keystore-password" key: password encryption: sensitivePropertiesKey: # Use default auto-generated secret, or specify existing secret name secretRef: name: "encryption-sensitive-key" key: "sensitivekey" # Authentication is automatically determined by priority: # 1. OIDC (if enabled) - highest priority # 2. LDAP (if OIDC disabled and LDAP enabled) - second priority # 3. Basic Auth (if both OIDC and LDAP disabled) - default fallback # Single User Authentication (default fallback) # Uses NiFi's built-in Single User Authentication # Note: Basic auth is automatically disabled when OIDC or LDAP is enabled # IMPORTANT: Basic auth only supports single-node deployment (nodeCount: 1) basic: admin_username: "admin" admin_password: "your32characterpasswordhere123" # Must be at least 12 characters # LDAP Authentication ldap: enabled: false url: "" # ldaps://dc-1.example.com:636,ldaps://dc-2.example.com:636 tlsProtocol: TLSv1.2 authenticationStrategy: LDAPS # ANONYMOUS|SIMPLE|LDAPS|START_TLS identityStrategy: USE_USERNAME # USE_DN|USE_USERNAME initialAdminIdentity: "" # CN=Administrator,DC=example,DC=com manager: distinguishedName: "" # CN=Administrator,DC=example,DC=com passwordSecretRef: name: "" key: "" userSearchBase: "" # DC=example,DC=com userSearchFilter: sAMAccountName={0} # OpenID Connect (OIDC) Authentication oidc: enabled: false oidc_url: "" client_id: "" client_secret: "" client_secretFrom: "" claim_identifying_user: "preferred_username" initial_admin_identity: "" image: repository: apache/nifi pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" # Set to `true` to pause at startup before loading the application debugStartup: false # Number of seconds to wait for tasks to complete on shutdown, before forcefully terminating them shutdown: gracefulShutdownSeconds: 20 # Consider whether there are any long-running processors defined in the flow podTerminationGracePeriodSeconds: 30 # Should be longer than `gracefulShutdownSeconds` ui: refreshInterval: 10 sec timeZone: "Asia/Calcutta" # IANA timezone identifier. Time is displayed using this timezone in the UI. maxThreads: "" # Maximum number of Jetty threads to use for UI and HTTP site-to-site connections # Cluster Communication Configuration cluster: # Maximum number of threads for inter-node communication # Used for both ZooKeeper and Kubernetes state management strategies nodeProtocol: maxThreads: 100 tls: # Additional subject alternative names included in the certificate issued to cluster nodes subjectAltNames: [ ] # - nifi.internal encryption: # Used to encrypt all repositories repository: enabled: false keyId: 1 secretRef: name: "" key: repository.p12 # File extension must be either .p12 or .bcfks logging: # Override log verbosity settings in conf/logback.xml levels: # org.apache.nifi.web.security: ERROR org.apache.nifi.processors: WARN org.apache.nifi.processors.standard.LogAttribute: WARN org.apache.nifi.processors.standard.LogMessage: WARN totalSizeCap: APP_FILE: 5GB USER_FILE: 2GB persistence: takeOwnershipOnStartup: true config: files: authorizations: authorizations.xml users: users.xml flowJson: flow.json.gz volumeMount: name: config # Name of the volume mount to use state: volumeMount: name: state logs: volumeMount: # Specify a custom mount to persist log data in a separate volume (recommended) name: "" subPath: "" repo: # By default, repositories are mapped to a single PVC. # If multiple PVCs are desired (for instance, having separate content and provenance repos), override the relevant section. flowfile: mountDir: flowfile_repo # Relative directory within the container (i.e. /opt/nifi/nifi-current/flowfile_repository) volumeName: flowfile # Name of the volume to mount content: - name: default mountDir: content_repo volumeName: content provenance: - name: default mountDir: provenance_repo volumeName: provenance ports: https: 8443 cluster: 11443 remoteinput: 10443 loadbalance: 6342 metrics: 9092 service: external: annotations: { } type: LoadBalancer # NodePort | LoadBalancer externalTrafficPolicy: Cluster # Cluster | Local ## ========================================== ## STATE MANAGEMENT CONFIGURATION ## ========================================== ## NiFi supports two state management approaches: ## 1. ZooKeeper (NiFi < 2.0 and backward compatibility) ## 2. Kubernetes Native (NiFi 2.0+, recommended) ## State Management Strategy (auto-detected based on NiFi version) ## - For NiFi 2.0+: Kubernetes state management is used by default ## - For NiFi < 2.0: ZooKeeper is used by default ## - Manual override available via stateManagement.strategy stateManagement: # Strategy: "auto" | "zookeeper" | "kubernetes" # - auto: Automatically choose based on NiFi version (recommended) # - zookeeper: Force ZooKeeper for all versions # - kubernetes: Force Kubernetes for all versions (requires NiFi 2.0+) strategy: "auto" # Kubernetes State Management (NiFi 2.0+) kubernetes: # Prefix for Kubernetes lease resources (for leader election) leasePrefix: "nifi-lease" # Prefix for Kubernetes ConfigMap resources (for cluster state) statePrefix: "nifi-state" # Note: Always uses release namespace for security and simplicity ## ZooKeeper Configuration (for backward compatibility and NiFi < 2.0) zookeeper: ## Enable ZooKeeper deployment ## Automatically disabled when Kubernetes state management is used enabled: true ## External ZooKeeper Configuration ## If enabled=false, provide external ZooKeeper connection details external: # External ZooKeeper connection string (comma-separated) url: "" # e.g., "zk1.example.com:2181,zk2.example.com:2181" port: 2181 rootNode: "/nifi" ## Embedded ZooKeeper Configuration (when enabled=true) ## ref: https://github.com/bitnami/charts/blob/master/bitnami/zookeeper/values.yaml replicaCount: 3 rootNode: "/nifi" metrics: enabled: true ## Set container resources according to one common ## preset allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge. ## This is ignored if resources is set resourcesPreset: small metrics: # Expose metrics for each node via Ingress ingress: enabled: false https: false basePath: /metrics # Metrics are available externally via Ingress for each pod at: /metrics/ requireClientCertificate: false # Create a ServiceMonitor to enable Prometheus to scrape metrics from each pod serviceMonitor: enabled: false interval: 10s nifiMonitor: ## Monitor NiFi cluster health using NiFi API calls, scrape these call response using prometheus or VM cluster enabled: false image: repository: ghcr.io/sakkiii/nifi_exporter tag: latest replicas: 1 resources: limits: memory: "128Mi" cpu: "20m" requests: memory: "64Mi" cpu: "2m" tolerations: [] affinity: {} nodeSelector: {} # Optionally deploy a filebeat sidecar to ship NiFi logs to a receiver filebeat: enabled: false image: repository: docker.elastic.co/beats/filebeat tag: "" resources: requests: cpu: 100m memory: 128Mi securityContext: { } volumeMounts: [ ] # - mountPath: /opt/secrets # name: secret tags: - nifi labels: { } # instance: production processors: [ ] # - drop_event: # when: # regexp: # message: "drop_event.*" queue: flushTimeout: 5s output: type: "" # kafka parameters: { } # hosts: ["kafka-1:9092"] # topic: nifi # Additional ports and Ingress rules to configure for each node extraPorts: { } # datafeed: # containerPort: 9443 # protocol: TCP # nodePort: 30443 # Set if NodePort is required # loadBalancerPort: 9443 # ingress: # Omit if ingress is not required # path: /datafeed # pathType: Exact # Extra nar library directory customLibPath: "" # Extra config properties to set at runtime extraConfig: nifiProperties: { } # nifi.cluster.node.connection.timeout: 5 secs extraEnv: [ ] # - name: MY_VAR # value: "some value" extraVolumes: [ ] # - name: my-volume # nfs: # server: fs.example.com # path: /my-volume extraVolumeMounts: [ ] # - mountPath: /data/vol-1 # name: my-volume # Additional directories to take ownership of (chown) during startup. Useful where `extraVolumeMounts` are provided. # Chown is applied to the specified directory only (shallow), not recursively. extraTakeOwnershipPaths: [ ] # - /data/vol-1 ingress: enabled: true ingressClassName: alb hostName: example.com # nifi.example.com siteToSite: subDomain: s2s # Subdomain for site-to-site traffic (e.g. s2s.example.com) annotations: { } jvmHeap: min: 512m max: 1g resources: requests: cpu: 500m memory: 2Gi securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true # Set a custom umask for the `nifi` user umask: "" # "0002" volumeClaims: config: storageClass: "gp3" size: "5Gi" state: storageClass: "gp3" size: "10Gi" logs: storageClass: "gp3" size: "2Gi" flowfile: storageClass: "gp3" size: "10Gi" content: storageClass: "gp3" size: "15Gi" provenance: storageClass: "gp3" size: "10Gi" probeTimings: startup: initialDelaySeconds: 15 timeoutSeconds: 1 periodSeconds: 5 failureThreshold: 10 readiness: initialDelaySeconds: 5 timeoutSeconds: 1 periodSeconds: 10 failureThreshold: 3 liveness: initialDelaySeconds: 30 timeoutSeconds: 3 periodSeconds: 10 failureThreshold: 3 nodeSelector: { } tolerations: [ ] affinity: { } topologySpreadConstraints: [] pdb: enabled: true # Set to false if you want to disable PDB maxUnavailable: 1 # Maximum unavailable pods during disruptions