NifiSecuritySpec
NifiSecuritySpec contains the security configuration for the custom resource.
initialAdminIdentity string
(Optional)
-
initialAdminIdentity specifies the initial admin user which has full access.
ingressCertGen IngressCertSpec
(Optional)
-
ingressCertGen specifies ingress certificate generation related information.
s2sCertGen S2SCertSpec
(Optional)
-
s2sCertGen specifies ingress certificate generation related information.
nodeCertGen NodeCertSpec
(Optional)
-
nodeCertGen specifies node and proxy certificate generation related information.
additionalCABundles AdditionalCACertSpec
(Optional)
-
additionalCABundles contains additional CA certificates to be used.
userCertAuth UserCertSpec
(Optional)
-
userCertAuth specifies user certificate authentication related configurations.
samlSingleSignOnAuth SamlSingleSignOnAuthSpec
(Optional)
-
samlSingleSignOnAuth specifies SAML-based single sign-on authentication related configurations. SAML authentication is enabled if SamlAuth is specified.
ldap LdapSpec
(Optional)
-
ldap specifies the various LDAP authentication related configurations.
kerberos NifiKerberosSpec
(Optional)
-
kerberos specifies configs related to user authentication through Kerberos.
krb5confSecret Kubernetes core/v1.LocalObjectReference
(Optional)
-
krb5confSecret specifies the location of a Kerberos configuration file which will be added to the nifi.properties file. It does not enable Kerberos based authentication, but it can be used to integrate a NiFi cluster with services using Kerberos. The specified secret has to have a field with key “
krb5.conf
” and the value has to be the base64 encoded contents of the configuration file. openIDAuth OpenIDSpec
(Optional)
-
openIDAuth specifies OpenID authentication related configurations.
customAuthorizer CustomAuthorizerSpec
(Optional)
-
customAuthorizer specifies a custom UserGroupProvider. The authorizer has to be present in the NiFi image being used, as this property only sets the authorizers.xml file accordingly. If not set, a default provider is used, which provides users for NiFi nodes and proxy.