dvirlabs/dev-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dev-tools/charts/nifi/values.yaml
dvirlabs aa51c3f9ca Add nifi
2026-06-04 11:46:59 +03:00

390 lines
11 KiB
YAML
Raw Permalink Blame History

# Default values for nifi.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
busybox:
repository: public.ecr.aws/docker/library/busybox:stable
nifi:
nodeCount: 1 # Default to 1 node since basic auth (default) doesn't support clustering
serviceAccount:
# Name of the existing service account to use. If not defined, one is created.
name: ""
# Annotations to add to the service account
annotations: { }
tls:
certificate:
duration: 8760h # 365 days
renewBefore: 168h # 7 days
keystorePasswordSecretRef:
# Use default auto-generated secret, or specify existing secret name
name: "certificate-keystore-password"
key: password
encryption:
sensitivePropertiesKey:
# Use default auto-generated secret, or specify existing secret name
secretRef:
name: "encryption-sensitive-key"
key: "sensitivekey"
# Authentication is automatically determined by priority:
# 1. OIDC (if enabled) - highest priority
# 2. LDAP (if OIDC disabled and LDAP enabled) - second priority
# 3. Basic Auth (if both OIDC and LDAP disabled) - default fallback
# Single User Authentication (default fallback)
# Uses NiFi's built-in Single User Authentication
# Note: Basic auth is automatically disabled when OIDC or LDAP is enabled
# IMPORTANT: Basic auth only supports single-node deployment (nodeCount: 1)
basic:
admin_username: "admin"
admin_password: "your32characterpasswordhere123" # Must be at least 12 characters
# LDAP Authentication
ldap:
enabled: false
url: "" # ldaps://dc-1.example.com:636,ldaps://dc-2.example.com:636
tlsProtocol: TLSv1.2
authenticationStrategy: LDAPS # ANONYMOUS|SIMPLE|LDAPS|START_TLS
identityStrategy: USE_USERNAME # USE_DN|USE_USERNAME
initialAdminIdentity: "" # CN=Administrator,DC=example,DC=com
manager:
distinguishedName: "" # CN=Administrator,DC=example,DC=com
passwordSecretRef:
name: ""
key: ""
userSearchBase: "" # DC=example,DC=com
userSearchFilter: sAMAccountName={0}
# OpenID Connect (OIDC) Authentication
oidc:
enabled: false
oidc_url: ""
client_id: ""
client_secret: ""
client_secretFrom: ""
claim_identifying_user: "preferred_username"
initial_admin_identity: ""
image:
repository: apache/nifi
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
# Set to `true` to pause at startup before loading the application
debugStartup: false
# Number of seconds to wait for tasks to complete on shutdown, before forcefully terminating them
shutdown:
gracefulShutdownSeconds: 20 # Consider whether there are any long-running processors defined in the flow
podTerminationGracePeriodSeconds: 30 # Should be longer than `gracefulShutdownSeconds`
ui:
refreshInterval: 10 sec
timeZone: "Asia/Calcutta" # IANA timezone identifier. Time is displayed using this timezone in the UI.
maxThreads: "" # Maximum number of Jetty threads to use for UI and HTTP site-to-site connections
# Cluster Communication Configuration
cluster:
# Maximum number of threads for inter-node communication
# Used for both ZooKeeper and Kubernetes state management strategies
nodeProtocol:
maxThreads: 100
tls:
# Additional subject alternative names included in the certificate issued to cluster nodes
subjectAltNames: [ ]
# - nifi.internal
encryption:
# Used to encrypt all repositories
repository:
enabled: false
keyId: 1
secretRef:
name: ""
key: repository.p12 # File extension must be either .p12 or .bcfks
logging:
# Override log verbosity settings in conf/logback.xml
levels:
# org.apache.nifi.web.security: ERROR
org.apache.nifi.processors: WARN
org.apache.nifi.processors.standard.LogAttribute: WARN
org.apache.nifi.processors.standard.LogMessage: WARN
totalSizeCap:
APP_FILE: 5GB
USER_FILE: 2GB
persistence:
takeOwnershipOnStartup: true
config:
files:
authorizations: authorizations.xml
users: users.xml
flowJson: flow.json.gz
volumeMount:
name: config # Name of the volume mount to use
state:
volumeMount:
name: state
logs:
volumeMount:
# Specify a custom mount to persist log data in a separate volume (recommended)
name: ""
subPath: ""
repo:
# By default, repositories are mapped to a single PVC.
# If multiple PVCs are desired (for instance, having separate content and provenance repos), override the relevant section.
flowfile:
mountDir: flowfile_repo # Relative directory within the container (i.e. /opt/nifi/nifi-current/flowfile_repository)
volumeName: flowfile # Name of the volume to mount
content:
- name: default
mountDir: content_repo
volumeName: content
provenance:
- name: default
mountDir: provenance_repo
volumeName: provenance
ports:
https: 8443
cluster: 11443
remoteinput: 10443
loadbalance: 6342
metrics: 9092
service:
external:
annotations: { }
type: LoadBalancer # NodePort | LoadBalancer
externalTrafficPolicy: Cluster # Cluster | Local
## ==========================================
## STATE MANAGEMENT CONFIGURATION
## ==========================================
## NiFi supports two state management approaches:
## 1. ZooKeeper (NiFi < 2.0 and backward compatibility)
## 2. Kubernetes Native (NiFi 2.0+, recommended)
## State Management Strategy (auto-detected based on NiFi version)
## - For NiFi 2.0+: Kubernetes state management is used by default
## - For NiFi < 2.0: ZooKeeper is used by default
## - Manual override available via stateManagement.strategy
stateManagement:
# Strategy: "auto" | "zookeeper" | "kubernetes"
# - auto: Automatically choose based on NiFi version (recommended)
# - zookeeper: Force ZooKeeper for all versions
# - kubernetes: Force Kubernetes for all versions (requires NiFi 2.0+)
strategy: "auto"
# Kubernetes State Management (NiFi 2.0+)
kubernetes:
# Prefix for Kubernetes lease resources (for leader election)
leasePrefix: "nifi-lease"
# Prefix for Kubernetes ConfigMap resources (for cluster state)
statePrefix: "nifi-state"
# Note: Always uses release namespace for security and simplicity
## ZooKeeper Configuration (for backward compatibility and NiFi < 2.0)
zookeeper:
## Enable ZooKeeper deployment
## Automatically disabled when Kubernetes state management is used
enabled: true
## External ZooKeeper Configuration
## If enabled=false, provide external ZooKeeper connection details
external:
# External ZooKeeper connection string (comma-separated)
url: "" # e.g., "zk1.example.com:2181,zk2.example.com:2181"
port: 2181
rootNode: "/nifi"
## Embedded ZooKeeper Configuration (when enabled=true)
## ref: https://github.com/bitnami/charts/blob/master/bitnami/zookeeper/values.yaml
replicaCount: 3
rootNode: "/nifi"
metrics:
enabled: true
## Set container resources according to one common
## preset allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.
## This is ignored if resources is set
resourcesPreset: small
metrics:
# Expose metrics for each node via Ingress
ingress:
enabled: false
https: false
basePath: /metrics # Metrics are available externally via Ingress for each pod at: /metrics/<pod name>
requireClientCertificate: false
# Create a ServiceMonitor to enable Prometheus to scrape metrics from each pod
serviceMonitor:
enabled: false
interval: 10s
nifiMonitor:
## Monitor NiFi cluster health using NiFi API calls, scrape these call response using prometheus or VM cluster
enabled: false
image:
repository: ghcr.io/sakkiii/nifi_exporter
tag: latest
replicas: 1
resources:
limits:
memory: "128Mi"
cpu: "20m"
requests:
memory: "64Mi"
cpu: "2m"
tolerations: []
affinity: {}
nodeSelector: {}
# Optionally deploy a filebeat sidecar to ship NiFi logs to a receiver
filebeat:
enabled: false
image:
repository: docker.elastic.co/beats/filebeat
tag: ""
resources:
requests:
cpu: 100m
memory: 128Mi
securityContext: { }
volumeMounts: [ ]
# - mountPath: /opt/secrets
# name: secret
tags:
- nifi
labels: { }
# instance: production
processors: [ ]
# - drop_event:
# when:
# regexp:
# message: "drop_event.*"
queue:
flushTimeout: 5s
output:
type: "" # kafka
parameters: { }
# hosts: ["kafka-1:9092"]
# topic: nifi
# Additional ports and Ingress rules to configure for each node
extraPorts: { }
# datafeed:
# containerPort: 9443
# protocol: TCP
# nodePort: 30443 # Set if NodePort is required
# loadBalancerPort: 9443
# ingress: # Omit if ingress is not required
# path: /datafeed
# pathType: Exact
# Extra nar library directory
customLibPath: ""
# Extra config properties to set at runtime
extraConfig:
nifiProperties: { }
# nifi.cluster.node.connection.timeout: 5 secs
extraEnv: [ ]
# - name: MY_VAR
# value: "some value"
extraVolumes: [ ]
# - name: my-volume
# nfs:
# server: fs.example.com
# path: /my-volume
extraVolumeMounts: [ ]
# - mountPath: /data/vol-1
# name: my-volume
# Additional directories to take ownership of (chown) during startup. Useful where `extraVolumeMounts` are provided.
# Chown is applied to the specified directory only (shallow), not recursively.
extraTakeOwnershipPaths: [ ]
# - /data/vol-1
ingress:
enabled: true
ingressClassName: alb
hostName: example.com # nifi.example.com
siteToSite:
subDomain: s2s # Subdomain for site-to-site traffic (e.g. s2s.example.com)
annotations: { }
jvmHeap:
min: 512m
max: 1g
resources:
requests:
cpu: 500m
memory: 2Gi
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
# Set a custom umask for the `nifi` user
umask: "" # "0002"
volumeClaims:
config:
storageClass: "gp3"
size: "5Gi"
state:
storageClass: "gp3"
size: "10Gi"
logs:
storageClass: "gp3"
size: "2Gi"
flowfile:
storageClass: "gp3"
size: "10Gi"
content:
storageClass: "gp3"
size: "15Gi"
provenance:
storageClass: "gp3"
size: "10Gi"
probeTimings:
startup:
initialDelaySeconds: 15
timeoutSeconds: 1
periodSeconds: 5
failureThreshold: 10
readiness:
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 10
failureThreshold: 3
liveness:
initialDelaySeconds: 30
timeoutSeconds: 3
periodSeconds: 10
failureThreshold: 3
nodeSelector: { }
tolerations: [ ]
affinity: { }
topologySpreadConstraints: []
pdb:
enabled: true # Set to false if you want to disable PDB
maxUnavailable: 1 # Maximum unavailable pods during disruptions
Reference in New Issue View Git Blame Copy Permalink