-
Notifications
You must be signed in to change notification settings - Fork 230
Breaks site-to-site test, when upgrade app version from 1.16.3 to 1.19.0 #281
Comments
This is most likely due to NiFi 1.19.0 docker base image changed to eclipse-temurin:jre-11 from openjdk:8-jre. This changed the cacerts location from |
Maybe you are right. What we can to do with this problem? |
Yes, but with cert-manager enabled the chart overrides that default by setting the We are also interested in upgrading to NiFi 1.18 or 1.19 for other reasons, so I'll get to work replicating the problem. |
Confirmed that the certificate rotation broke between 1.16.3 and 1.17.0. Suspicious of this commit: apache/nifi@4b655ec |
same for 1.20, see #294 |
@wknickless @dtrdnk #294 fixes the issue and bumps NiFi to 1.20. I'm happy to merge the PR but I would be more at ease with more eyes on the changes. |
Good news! I wiil wait merge of PR 294. And then I will merge all commits from master into my PR |
@dtrdnk is one of those issues describing the problem or do we need to create a new one? |
Thank you! This issue NIFI-10425 looks like our problem. I make research by the Jetty problem, and get some facts:
I think we should just wait for the NIFI-11518 task to be released. |
Hi @dtrdnk, |
Describe the bug
Current app version 1.16.3 works fine, but if you upgrade to 1.19.0, then the automatic rotation of certificates breaks.
This breaks also breaks the test-site-to-site
Version of Helm, Kubernetes and the Nifi chart:
Helm : v3.10.2
Kubernetes: v1.25.3
NiFi chart: 1.1.3
What happened:
NiFi server is still working with the old certificate, even if new cert exist in the store
What you expected to happen:
NiFi server must use a new certificate on the fly without restart
How to reproduce it (as minimally and precisely as possible):
Just upgrade image tag from 1.16.3 to 1.19.0 or 1.18.0
Anything else we need to know:
Here are some information that help troubleshooting:
NiFi has autoreload function, but I don't know how to invoke it. By default autoreload set to false. Even if I set manualy autoreload to true, this is doesn't help.
values.yaml
or the changes made to the default one (after removing sensitive information)Check if a pod is in error:
There is no a pod error
The text was updated successfully, but these errors were encountered: