我正在尝试在 k8s 上部署 Nifi 作为部署并使用入口向公众公开 URL。
在入口处卸载 TLS 证书并尝试在 Nginx 级别终止。
上传模板时出现 CORS 错误。
错误:-
Invalid CORS request
部署.yml:
kind: Deployment
apiVersion: apps/v1
metadata:
name: nifi
namespace: default
labels:
app.service: nifi
spec:
replicas: 1
selector:
matchLabels:
app.service: nifi
template:
metadata:
creationTimestamp: null
labels:
app.service: nifi
spec:
containers:
- name: nifi
image: apache/nifi:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
protocol: TCP
env:
- name: NIFI_WEB_HTTP_PORT
value: '8080'b
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
---
kind: Service
apiVersion: v1
metadata:
name: nifi
namespace: default
labels:
app.service: nifi
spec:
ports:
- name: '8080'
protocol: TCP
port: 8080
targetPort: 8080
selector:
app.service: nifi
type: ClusterIP
入口.yml:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-passthrough: "false"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "on"
namespace: default
spec:
tls:
- hosts:
- nifi.example.com
secretName: nifi-tls-certs
rules:
- host: nifi.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nifi
port:
number: 8080
也试过NIFI_WEB_PROXY_HOST=nifi.example.com:443了,但没有用。
入口日志错误:-
2021/09/21 14:23:14 [warn] 1348#1348: *847786 a client request body is buffered to a temporary file /tmp/client-body/0000000012, client: 43.225.23.99, server: nifi.example.com, request: "POST /nifi-api/process-groups/08bbe91d-017c-1000-dec3-0d02076b6539/templates/upload HTTP/2.0", host: "nifi.example.com", referrer: "https://nifi.example.com/nifi/"
Nifi日志错误:-
2021-09-22 02:31:18,347 DEBUG [NiFi Web Server-19] o.s.web.cors.DefaultCorsProcessor Reject: 'https://nifi.example.com' origin is not allowed
2021-09-22 02:31:18,350 DEBUG [NiFi Web Server-19] org.eclipse.jetty.server.HttpOutput write(array HeapByteBuffer@6ff9f1ff[p=0,l=20,c=20,r=20]={<<<Invalid CORS request>>>})
2021-09-22 02:31:18,350 DEBUG [NiFi Web Server-19] org.eclipse.jetty.server.HttpOutput write(array) s=OPEN,api=BLOCKING,sc=false,e=null aggregated !flush HeapByteBuffer@6ef19f58[p=0,l=20,c=32768,r=20]={<<<Invalid CORS request>>>ray","new...newClas}
2021-09-22 02:31:18,350 DEBUG [NiFi Web Server-19] o.e.j.s.h.gzip.GzipHttpOutputInterceptor org.eclipse.jetty.server.handler.gzip.GzipHttpOutputInterceptor@3eb5c802 exclude by status 403
2021-09-22 02:31:18,350 DEBUG [NiFi Web Server-19] org.eclipse.jetty.server.HttpChannel sendResponse info=null content=HeapByteBuffer@6ef19f58[p=0,l=20,c=32768,r=20]={<<<Invalid CORS request>>>ray","new...newClas} complete=false committing=true callback=Blocker@1ef6baee{null}
2021-09-22 02:31:18,351 DEBUG [NiFi Web Server-19] org.eclipse.jetty.server.HttpChannel COMMIT for /nifi-api/process-groups/0b45181a-017c-1000-9ca3-332ebefb0500/templates/upload on HttpChannelOverHttp@5907776f{s=HttpChannelState@362f276b{s=HANDLING rs=BLOCKING os=COMMITTED is=IDLE awp=false se=false i=true al=0},r=13,c=false/false,a=HANDLING,uri=//nifi.example.com/nifi-api/process-groups/0b45181a-017c-1000-9ca3-332ebefb0500/templates/upload,age=73}
Date: Wed, 22 Sep 2021 02:31:18 GMT
2021-09-22 02:31:18,351 DEBUG [NiFi Web Server-19] org.eclipse.jetty.server.HttpConnection generate: NEED_HEADER for SendCallback@43ebff93[PROCESSING][i=HTTP/1.1{s=403,h=8,cl=-1},cb=org.eclipse.jetty.server.HttpChannel$SendCallback@27de40f2] (null,[p=0,l=20,c=32768,r=20],false)@START