Deploying a NiFi instance in Kubernetes (air-gap)

With Cloudera Flow Management - Kubernetes Operator you can deploy NiFi clusters to your Kubernetes cluster. Complete these steps if your Kubernetes cluster does not have internet access, or if you want to install it from a self-hosted registry.

You can deploy a NiFi cluster by creating a NiFi custom resource (CR) and deploying it to the Kubernetes cluster.

  • Ensure the Cloudera Flow Management - Kubernetes Operator has been installed and is running.

  • A self-hosted Docker registry is required. Your registry must be accessible by your Kubernetes cluster.

  • A machine with Internet connectivity is required. While the Kubernetes cluster does not need internet access, you will need a machine to pull the images from the Cloudera Docker registry.

  • Access to docker or equivalent utility that you can use to pull and push images is required. The following steps use docker. Replace commands where necessary.

  • Ensure that you have access to your Cloudera credentials (username and password). Credentials are required to access the Cloudera Archive and Cloudera Docker registry where installation artifacts are hosted.

  • Ensure that you have access to a valid Cloudera license.

  • Review the Helm chart reference before installation.

    The Helm chart accepts various configuration properties that you can set during installation. Using these properties you can customize your installation.

  • You have created a NiFi CR YAML file that complies with the documentation provided by Cloudera.

  1. Create a Kubernetes secret containing your Cloudera credentials.
    kubectl create secret docker-registry [***SECRET NAME***] \
      --namespace [***NIFI CLUSTER NAMESPACE***] \
      --docker-server container.repository.cloudera.com \
      --docker-username [***USERNAME***] \
      --docker-password [***PASSWORD***]
    

    Replace:

    • [***SECRET NAME***] with the desired Kubernetes secret name.
    • [***NIFI CLUSTER NAMESPACE***] with the Cloudera Flow Management - Kubernetes Operator installation namespace.

    • [***USERNAME***] and [***PASSWORD***] with your internal registry credentials.

    kubectl create secret docker-registry [***SECRET NAME***] \
      --namespace [***NIFI CLUSTER NAMESPACE***] \
      --docker-server [***CONTAINER REGISTRY***] \
      --docker-username [***USERNAME***] \
      --docker-password [***PASSWORD***]
    

    Replace:

    • [***SECRET NAME***] with the desired Kubernetes secret name.
    • [***USERNAME***] and [***PASSWORD***] with your internal registry credentials.

    • [***NIFI CLUSTER NAMESPACE***] with the Cloudera Flow Management - Kubernetes Operator installation namespace.

    • [***CONTAINER REGISTRY***] with your internal registry URL.

  2. Move the installation artifacts to a local registry using the docker pull, docker tag, and docker push commands.
    docker pull container.repository.cloudera.com/cloudera/cfm-nifi-k8s:[***CFM OPERATOR NIFI VERSION***] \
    docker tag container.repository.cloudera.com/cloudera/cfm-nifi-k8s:[***CFM OPERATOR NIFI VERSION***] [***PRIVATE REGISTRY[:PORT]/PATH/TAG:CFM OPERATOR NIFI VERSION***] \
    docker push [***PATH TO SELF-HOSTED REGISTRY***]/cfm-nifi-k8s:[***CFM OPERATOR NIFI VERSION***]
    
    For example:
    docker pull container.repository.cloudera.com/cloudera/cfm-nifi-k8s:2.9.0-b96-nifi_1.27.0.2.3.14.0-14 \
    docker tag container.repository.cloudera.com/cloudera/cfm-nifi-k8s:2.9.0-b96-nifi_1.27.0.2.3.14.0-14 us-central1-docker.pkg.dev/nifi-testing/cfm-k8s/cfm-nifi-k8s:2.9.0-b96-nifi_1.27.0.2.3.14.0-14 \
    docker push us-central1-docker.pkg.dev/nifi-testing/cfm-k8s/cfm-nifi-k8s:2.9.0-b96-nifi_1.27.0.2.3.14.0-14
    For more information on pulling, pushing, and tagging Docker images, see the Docker documentation.
  3. Create a namespace for the NiFi cluster if it does not already exist.
    kubectl create namespace [***NIFI CLUSTER NAMESPACE***]
    Replace [***NIFI CLUSTER NAMESPACE***] with the desired namespace for NiFi cluster.
    $ kubectl create namespace my-nifi
  4. In [***NIFI CLUSTER NAMESPACE***], create an image pull secret to access the installation artifacts.
    kubectl create secret docker-registry [***SECRET NAME***] \
      --namespace [***NIFI CLUSTER NAMESPACE***] \
      --docker-server container.repository.cloudera.com \
      --docker-username [***USERNAME***] \
      --docker-password [***PASSWORD***]
    

    Replace:

    • [***SECRET NAME***] with the desired Kubernetes secret name.
    • [***NIFI CLUSTER NAMESPACE***] with the namespace you created.

    • [***USERNAME***] and [***PASSWORD***] with your Cloudera credentials.

    For example:
    kubectl create secret docker-registry docker-pull-secret \
      --namespace cfm-operator-system \
      --docker-server container.repository.cloudera.com \
      --docker-username my-username \
      --docker-password my-password
  5. Deploy NiFi cluster to the Kubernetes cluster.
    kubectl apply -f [***CR YAML PATH***] --namespace [***NIFI CLUSTER NAMESPACE***]

    Replace:

    • [***CR YAML PATH***] with the absolute or relative path to the CR YAML file you created for NiFi cluster.

    • [***NIFI CLUSTER NAMESPACE***] with the namespace. you created to deploy NiFi cluster.