From 26cc60534e836b8321966c91a6f97760ff22a835 Mon Sep 17 00:00:00 2001
From: Said Sef <saidsef@gmail.com>
Date: Wed, 1 Jan 2025 09:39:25 +0000
Subject: [PATCH] feat: enable nifi secure script

---
 deployment/nifi/configmap-ssl.yml | 9 +++++----
 deployment/nifi/configmap.yml     | 2 +-
 deployment/nifi/nifi.yml          | 6 ++++--
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/deployment/nifi/configmap-ssl.yml b/deployment/nifi/configmap-ssl.yml
index 391f85d..350b635 100644
--- a/deployment/nifi/configmap-ssl.yml
+++ b/deployment/nifi/configmap-ssl.yml
@@ -13,12 +13,12 @@ data:
     CITY=${CITY:-'London'}
     STATE=${STATE:-'London'}
     COUNTRY_CODE=${COUNTRY_CODE:-'GB'}
-    KEY_PASS=${KEY_PASS:-$KEYSTORE_PASS}
+    KEY_PASS=${NIFI_SENSITIVE_PROPS_KEY:-$KEYSTORE_PASS}
     KEYSTORE_PASS=${KEYSTORE_PASS:-$NIFI_SENSITIVE_PROPS_KEY}
     KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-$NIFI_SENSITIVE_PROPS_KEY}
     KEYSTORE_PATH=${NIFI_HOME}/keytool/keystore.p12
     KEYSTORE_TYPE=pkcs12
-    TRUSTSTORE_PASS=${TRUSTSTORE_PASS:-$NIFI_SENSITIVE_PROPS_KEY}
+    TRUSTSTORE_PASS=${TRUSTSTORE_PASSWORD:-$NIFI_SENSITIVE_PROPS_KEY}
     TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD:-$NIFI_SENSITIVE_PROPS_KEY}
     TRUSTSTORE_PATH=${NIFI_HOME}/keytool/truststore.p12
     TRUSTSTORE_TYPE=pkcs12
@@ -33,6 +33,7 @@ data:
       -keysize 2048 \
       -keypass "${KEY_PASS:-$NIFI_SENSITIVE_PROPS_KEY}" \
       -keyalg RSA \
+      -ext "SAN=dns:localhost,dns:${NIFI_CLUSTER_NODE_ADDRESS},dns:${NIFI_LOAD_BALANCER},dns:${PUBLIC_DNS},ip:${POD_IP},ip:127.0.0.1,dns:${NIFI_WEB_HTTP_HOST},dns:${POD_NAME},dns:${NODE_IDENTITY}" \
       -storetype pkcs12
 
       echo "Exporting the self-signed certificate from the keystore"
@@ -45,7 +46,7 @@ data:
 
     if [[ ! -f "${NIFI_HOME}/keytool/truststore.p12" ]]
     then
-      echo "Import truststore"
+      echo "Importing truststore"
       keytool -import -noprompt -alias nifi-truststore \
       -file "${NIFI_HOME}/keytool/nifi-cert.cer" \
       -keystore "${TRUSTSTORE_PATH}" \
@@ -55,4 +56,4 @@ data:
     fi
 
     #/usr/bin/bash ${NIFI_HOME}/../scripts/secure.sh 
-    #eval ${NIFI_HOME}/../scripts/secure.sh 
+    # eval ${NIFI_HOME}/../scripts/secure.sh
diff --git a/deployment/nifi/configmap.yml b/deployment/nifi/configmap.yml
index ff465f6..009007c 100644
--- a/deployment/nifi/configmap.yml
+++ b/deployment/nifi/configmap.yml
@@ -7,7 +7,7 @@ data:
   KEYSTORE_PASSWORD: "th1s1s3up34e5r37"
   KEYSTORE_TYPE: "PKCS12"
   NIFI_ANALYTICS_PREDICT_ENABLED: "true"
-  NIFI_CLUSTER_IS_NODE: "true"
+  NIFI_CLUSTER_IS_NODE: "false"
   # NIFI_CLUSTER_LOAD_BALANCE_HOST: "nifi"
   NIFI_CLUSTER_NODE_CONNECTION_TIMEOUT: "5 min"
   NIFI_CLUSTER_NODE_EVENT_HISTORY_SIZE: "25"
diff --git a/deployment/nifi/nifi.yml b/deployment/nifi/nifi.yml
index 11d113c..1769116 100644
--- a/deployment/nifi/nifi.yml
+++ b/deployment/nifi/nifi.yml
@@ -88,6 +88,8 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace # Use pod namespace
+          - name: NIFI_LOAD_BALANCER
+            value: "nifi.$(POD_NAMESPACE).svc.cluster.local" # Use nifi service fqdn
           - name: NIFI_HOME
             value: "/opt/nifi/nifi-current"
           - name: NIFI_UI_BANNER_TEXT
@@ -104,8 +106,8 @@ spec:
             value: $(POD_NAME).nifi.$(POD_NAMESPACE).svc.cluster.local # Use pod fqdn as input host address
           - name: HOSTNAME
             value: $(POD_IP) # Use pod ip as hostname
-          - name: NIFI_WEB_PROXY_HOST
-            value: $(POD_NAME).nifi.$(POD_NAMESPACE).svc.cluster.local # Use pod fqdn as input host address
+          # - name: NIFI_WEB_PROXY_HOST
+          #   value: $(POD_NAME).nifi.$(POD_NAMESPACE).svc.cluster.local # Use pod fqdn as input host address
           - name: NODE_IDENTITY
             value: $(POD_NAME) # Use pod name as identity
           - name: NIFI_CLUSTER_NODE_PROTOCOL_ADDRESS