Skip to content

Commit

Permalink
fix: trust store key type
Browse files Browse the repository at this point in the history
  • Loading branch information
@saidsef
saidsef committed Jan 1, 2025
1 parent 6bc2d0b commit 454f7c5
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 11 deletions.
14 changes: 7 additions & 7 deletions deployment/nifi/configmap-ssl.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,28 +9,28 @@ data:
ORGANISATION_UNIT=${ORGANISATION_UNIT:-'Cloud Services Application'}
ORGANISATION=${ORGANISATION:-'Cloud Services'}
PUBLIC_DNS=${POD_NAME:-'nifi.tld'}
PUBLIC_DNS=${NIFI_CLUSTER_NODE_ADDRESS:-'nifi.tld'}
CITY=${CITY:-'London'}
STATE=${STATE:-'London'}
COUNTRY_CODE=${COUNTRY_CODE:-'GB'}
KEY_PASS=${KEY_PASS:-$KEYSTORE_PASS}
KEYSTORE_PASS=${KEYSTORE_PASS:-$NIFI_SENSITIVE_PROPS_KEY}
KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-$NIFI_SENSITIVE_PROPS_KEY}
KEYSTORE_PATH=${NIFI_HOME}/keytool/keystore.p12
KEYSTORE_TYPE=jks
KEYSTORE_TYPE=pkcs12
TRUSTSTORE_PASS=${TRUSTSTORE_PASS:-$NIFI_SENSITIVE_PROPS_KEY}
TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD:-$NIFI_SENSITIVE_PROPS_KEY}
TRUSTSTORE_PATH=${NIFI_HOME}/keytool/truststore.jks
TRUSTSTORE_PATH=${NIFI_HOME}/keytool/truststore.p12
TRUSTSTORE_TYPE=pkcs12
if [[ ! -f "${NIFI_HOME}/keytool/keystore.p12" ]]
then
echo "Creating keystore"
keytool -genkey -noprompt -alias nifi-keystore \
-dname "CN=${PUBLIC_DNS},OU=${ORGANISATION_UNIT},O=${ORGANISATION},L=${CITY},S=${STATE},C=${COUNTRY_CODE}" \
-dname "CN=${NIFI_CLUSTER_NODE_ADDRESS},OU=${ORGANISATION_UNIT},O=${ORGANISATION},L=${CITY},S=${STATE},C=${COUNTRY_CODE}" \
-keystore ${NIFI_HOME}/keytool/keystore.p12 \
-storepass ${KEYSTORE_PASS:-$NIFI_SENSITIVE_PROPS_KEY} \
-KeySize 2048 \
-keysize 2048 \
-keypass "${KEY_PASS:-$NIFI_SENSITIVE_PROPS_KEY}" \
-keyalg RSA \
-storetype pkcs12
Expand All @@ -43,9 +43,9 @@ data:
-rfc
fi
if [[ ! -f "${NIFI_HOME}/keytool/truststore.jks" ]]
if [[ ! -f "${NIFI_HOME}/keytool/truststore.p12" ]]
then
echo "Creating truststore"
echo "Import truststore"
keytool -import -noprompt -alias nifi-truststore \
-file "${NIFI_HOME}/keytool/nifi-cert.cer" \
-keystore "${TRUSTSTORE_PATH}" \
Expand Down
4 changes: 2 additions & 2 deletions deployment/nifi/configmap.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ kind: ConfigMap
metadata:
name: nifi-cm
data:
JAVA_OPTS: "-XX:UseAVX=0 -Djavax.net.debug=ssl,handshake"
JAVA_OPTS: "-XX:UseAVX=0 -Djavax.net.debug=ssl,handshake,address=8000"
KEYSTORE_PASSWORD: "th1s1s3up34e5r37"
KEYSTORE_PATH: "${NIFI_HOME}/keytool/keystore.p12"
KEYSTORE_TYPE: "PKCS12"
Expand Down Expand Up @@ -34,5 +34,5 @@ data:
NIFI_ZK_CONNECT_STRING: "zookeeper:2181"
NIFI_ZOOKEEPER_CONNECT_STRING: "zookeeper:2181"
TRUSTSTORE_PASSWORD: "th1s1s3up34e5r37"
TRUSTSTORE_PATH: "${NIFI_HOME}/keytool/truststore.jks"
TRUSTSTORE_PATH: "${NIFI_HOME}/keytool/truststore.p12"
TRUSTSTORE_TYPE: "pkcs12"
6 changes: 4 additions & 2 deletions deployment/nifi/nifi.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,9 +101,11 @@ spec:
- name: HOSTNAME
value: $(POD_IP) # Use pod ip as hostname
- name: NIFI_WEB_PROXY_HOST
value: $(POD_NAME).nifi.$(POD_NAMESPACE).svc.cluster.local # Use pod fqdn as proxy host
value: $(POD_NAME).nifi.$(POD_NAMESPACE).svc.cluster.local # Use pod fqdn as input host address
- name: NODE_IDENTITY
value: $(POD_NAME) # Use pod name as identity
- name: NIFI_CLUSTER_NODE_PROTOCOL_ADDRESS
value: $(POD_IP) # Use pod ip as hostname
envFrom:
- configMapRef:
name: nifi-cm
Expand Down Expand Up @@ -139,7 +141,7 @@ spec:
readinessProbe:
tcpSocket:
port: cluster
initialDelaySeconds: 60
initialDelaySeconds: 90
periodSeconds: 30
timeoutSeconds: 20
failureThreshold: 3
Expand Down

0 comments on commit 454f7c5

Please sign in to comment.