feat: upgrade apache nifi to v1.28.1

deployment/nifi/configmap.yml

@@ -9,10 +9,10 @@ data:
   KEYSTORE_TYPE: "PKCS12"
   NIFI_ANALYTICS_PREDICT_ENABLED: "true"
   NIFI_CLUSTER_IS_NODE: "true"
-  NIFI_CLUSTER_LOAD_BALANCE_HOST: "nifi"
+  # NIFI_CLUSTER_LOAD_BALANCE_HOST: "nifi"
   NIFI_CLUSTER_NODE_CONNECTION_TIMEOUT: "5 min"
   NIFI_CLUSTER_NODE_EVENT_HISTORY_SIZE: "25"
-  NIFI_CLUSTER_NODE_LOAD_BALANCE_PORT: "6342"
+  # NIFI_CLUSTER_NODE_LOAD_BALANCE_PORT: "6342"
   NIFI_CLUSTER_NODE_PROTOCOL_MAX_THREADS: "20"
   NIFI_CLUSTER_NODE_PROTOCOL_PORT: "11443"
   NIFI_CLUSTER_NODE_PROTOCOL_THREADS: "10"
@@ -35,4 +35,4 @@ data:
   NIFI_ZOOKEEPER_CONNECT_STRING: "zookeeper:2181"
   TRUSTSTORE_PASSWORD: "th1s1s3up34e5r37"
   TRUSTSTORE_PATH: "${NIFI_HOME}/keytool/truststore.jks"
-  TRUSTSTORE_TYPE: "jks"
+  TRUSTSTORE_TYPE: "pkcs12"

deployment/nifi/nifi.yml

@@ -34,7 +34,7 @@ spec:
           type: RuntimeDefault
       initContainers:
         - name: wait-for-zookeeper
-          image: docker.io/busybox:1.36
+          image: docker.io/busybox:1.37
           command:
           - sh
           - -c
@@ -64,7 +64,7 @@ spec:
                 - ALL
       containers:
       - name: nifi
-        image: docker.io/apache/nifi:1.25.0
+        image: docker.io/apache/nifi:1.28.1
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 8080
@@ -129,17 +129,17 @@ spec:
             command:
               - pgrep
               - java
-          initialDelaySeconds: 60
+          initialDelaySeconds: 120
           periodSeconds: 30
-          timeoutSeconds: 10
+          timeoutSeconds: 20
           failureThreshold: 3
           successThreshold: 1
         readinessProbe:
           tcpSocket:
             port: cluster
-          initialDelaySeconds: 30
+          initialDelaySeconds: 60
           periodSeconds: 30
-          timeoutSeconds: 10
+          timeoutSeconds: 20
           failureThreshold: 3
           successThreshold: 1
         resources:

deployment/nifi/ssl-configmap.yml

@@ -21,31 +21,37 @@ data:
     TRUSTSTORE_PASS=${TRUSTSTORE_PASS:-$NIFI_SENSITIVE_PROPS_KEY}
     TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD:-$NIFI_SENSITIVE_PROPS_KEY}
     TRUSTSTORE_PATH=${NIFI_HOME}/keytool/truststore.jks
-    TRUSTSTORE_TYPE=jks
+    TRUSTSTORE_TYPE=pkcs12
 
     if [[ ! -f "${NIFI_HOME}/keytool/keystore.p12" ]]
     then
       echo "Creating keystore"
       keytool -genkey -noprompt -alias nifi-keystore \
-      -dname "CN=${POD_NAME},OU=${ORGANISATION_UNIT},O=${ORGANISATION},L=${CITY},S=${STATE},C=${COUNTRY_CODE}" \
+      -dname "CN=${PUBLIC_DNS},OU=${ORGANISATION_UNIT},O=${ORGANISATION},L=${CITY},S=${STATE},C=${COUNTRY_CODE}" \
       -keystore ${NIFI_HOME}/keytool/keystore.p12 \
       -storepass ${KEYSTORE_PASS:-$NIFI_SENSITIVE_PROPS_KEY} \
       -KeySize 2048 \
       -keypass "${KEY_PASS:-$NIFI_SENSITIVE_PROPS_KEY}" \
       -keyalg RSA \
       -storetype pkcs12
+
+      echo "Exporting the self-signed certificate from the keystore"
+      keytool -export -alias nifi-keystore \
+      -keystore "${KEYSTORE_PATH}" \
+      -storepass "${KEYSTORE_PASS}" \
+      -file "${NIFI_HOME}/keytool/nifi-cert.cer" \
+      -rfc
     fi
 
     if [[ ! -f "${NIFI_HOME}/keytool/truststore.jks" ]]
     then
       echo "Creating truststore"
-      keytool -genkey -noprompt -alias nifi-truststore \
-      -dname "CN=${POD_NAME},OU=${ORGANISATION_UNIT},O=${ORGANISATION},L=${CITY},S=${STATE},C=${COUNTRY_CODE}" \
-      -keystore ${NIFI_HOME}/keytool/truststore.jks \
-      -storetype jks \
-      -keypass ${KEYSTORE_PASS:-$NIFI_SENSITIVE_PROPS_KEY} \
-      -storepass ${KEY_PASS:-$NIFI_SENSITIVE_PROPS_KEY} \
-      -KeySize 2048
+      keytool -import -noprompt -alias nifi-truststore \
+      -file "${NIFI_HOME}/keytool/nifi-cert.cer" \
+      -keystore "${TRUSTSTORE_PATH}" \
+      -storetype "${TRUSTSTORE_TYPE}" \
+      -storepass "${TRUSTSTORE_PASS}" \
+      -trustcacerts
     fi
 
     #/usr/bin/bash ${NIFI_HOME}/../scripts/secure.sh