Cloudera Docs

Additional CA Bundles

Add custom certificates to the NiFi truststore to allow NiFi to trust third party services.

There are two methods for adding certificates to NiFi’s truststore: in-line in the custom resource or via Secret/ConfigMap. For multiple certificates, it is recommended to provide them via Secret/ConfigMap to maintain readability of the NiFi custom resource.

In-line

spec:
  security:
    additionalCABundles: [***BASE64 ENCODED CERT CHAIN***]

Secret/ConfigMap

First create a Secret with the needed Certificates. The referenced files may have multiple certificates in them.

kubectl create secret generic nifi-additional-cas --from-file=cert1.crt=[***A CERTIFICATE FILE***] --from-file=cert2.crt=[***ANOTHER CERTIFICATE FILE***]

Then supply the Secret/ConfigMap name to the following spec:

spec:
  security:
    additionalCABundlesRef:
      name: nifi-additional-cas
      kind: Secret