NifiSecuritySpec contains the security configuration for the custom resource.

initialAdminIdentity string (Optional)

initialAdminIdentity specifies the initial admin user which has full access.

ingressCertGen IngressCertSpec (Optional)

ingressCertGen specifies ingress certificate generation related information.

s2sCertGen S2SCertSpec (Optional)

s2sCertGen specifies ingress certificate generation related information.

nodeCertGen NodeCertSpec (Optional)

nodeCertGen specifies node and proxy certificate generation related information.

additionalCABundles AdditionalCACertSpec (Optional)

additionalCABundles contains additional CA certificates to be used.

userCertAuth UserCertSpec (Optional)

userCertAuth specifies user certificate authentication related configurations.

samlSingleSignOnAuth SamlSingleSignOnAuthSpec (Optional)

samlSingleSignOnAuth specifies SAML-based single sign-on authentication related configurations. SAML authentication is enabled if SamlAuth is specified.

ldap LdapSpec (Optional)

ldap specifies the various LDAP authentication related configurations.

kerberos NifiKerberosSpec (Optional)

kerberos specifies configs related to user authentication through Kerberos.

krb5confSecret Kubernetes core/v1.LocalObjectReference (Optional)

krb5confSecret specifies the location of a Kerberos configuration file which will be added to the file. It does not enable Kerberos based authentication, but it can be used to integrate a NiFi cluster with services using Kerberos. The specified secret has to have a field with key “krb5.conf” and the value has to be the base64 encoded contents of the configuration file.

openIDAuth OpenIDSpec (Optional)

openIDAuth specifies OpenID authentication related configurations.

customAuthorizer CustomAuthorizerSpec (Optional)

customAuthorizer specifies a custom UserGroupProvider. The authorizer has to be present in the NiFi image being used, as this property only sets the authorizers.xml file accordingly. If not set, a default provider is used, which provides users for NiFi nodes and proxy.