Deploying a NiFi Registry instance in an air-gapped environment

Learn about deploying a NiFi Registry cluster using Cloudera Flow Management - Kubernetes Operator. Complete these steps if your Kubernetes cluster does not have internet access, or if you want to install it from a self-hosted registry.

You can deploy a NiFi Registry cluster by creating a NiFi Registry custom resource (CR) and deploying on Kubernetes.

  • Ensure the Cloudera Flow Management - Kubernetes Operator has been installed and is running.

  • A self-hosted Docker registry is required. Your registry must be accessible by your Kubernetes cluster.

  • A machine with Internet connectivity is required. While the Kubernetes cluster does not need internet access, you will need a machine to pull the images from the Cloudera Docker registry.

  • Access to docker or equivalent utility that you can use to pull and push images is required. The following steps use docker. Replace commands where necessary.

  • Ensure that you have access to your Cloudera credentials (username and password). Credentials are required to access the Cloudera Archive and Cloudera Docker registry where installation artifacts are hosted.

  • Ensure that you have access to a valid Cloudera license.

  • Review the Helm chart reference before installation.

    The Helm chart accepts various configuration properties that you can set during installation. Using these properties you can customize your installation.

  • You have created a NiFi Registry custom resource (CR) YAML file that complies with the documentation provided by Cloudera.

  1. Create a Kubernetes secret containing your Cloudera credentials.
    kubectl create secret docker-registry [***SECRET NAME***] \
      --namespace [***REGISTRY CLUSTER NAMESPACE***] \
      --docker-server [***CONTAINER REGISTRY***] \
      --docker-username [***USERNAME***] \
      --docker-password [***PASSWORD***]
    

    Replace:

    • [***SECRET NAME***] with the desired Kubernetes secret name.
    • [***USERNAME***] and [***PASSWORD***] with your internal registry credentials.

    • [***REGISTRY CLUSTER NAMESPACE***] with the Cloudera Flow Management - Kubernetes Operator installation namespace.

    • [***CONTAINER REGISTRY***] with your internal registry URL.

  2. Move the installation artifacts to a local registry using the docker pull, docker tag, and docker push commands.
    docker pull container.repository.cloudera.com/cloudera/cfm-nifiregistry-k8s:[***NIFI REGISTRY VERSION***] \
    docker tag container.repository.cloudera.com/cloudera/cfm-nifiregistry-k8s:[***NIFI REGISTRY VERSION***] [***PRIVATE REGISTRY[:PORT]/PATH/TAG:NIFI REGISTRY VERSION***] \
    docker push [***PATH TO SELF-HOSTED REGISTRY***]/cfm-nifiregistry-k8s:[***NIFI REGISTRY VERSION***]
    
    For example:
    docker pull container.repository.cloudera.com/cloudera/cfm-nifiregistry-k8s:2.9.0-b96-nifi_1.27.0.2.3.14.0-14 \
    docker tag container.repository.cloudera.com/cloudera/cfm-nifiregistry-k8s:2.9.0-b96-nifi_1.27.0.2.3.14.0-14 us-central1-docker.pkg.dev/nifi-testing/cfm-k8s/cfm-nifiregistry-k8s:2.9.0-b96-nifi_1.27.0.2.3.14.0-14 \
    docker push us-central1-docker.pkg.dev/nifi-testing/cfm-k8s/cfm-nifiregistry-k8s:2.9.0-b96-nifi_1.27.0.2.3.14.0-14
    For more information on pulling, pushing, and tagging Docker images, see the Docker documentation.
  3. Create a namespace for the NiFi Registry if it does not already exist.
    kubectl create namespace [***REGISTRY CLUSTER NAMESPACE***]
    Replace [***REGISTRY CLUSTER NAMESPACE***] with the desired namespace for NiFi Registry.
    $ kubectl create namespace my-nifi-registry
  4. Deploy NiFi Registry to the Kubernetes cluster.
    kubectl apply -f [***CR YAML PATH***] --namespace [***REGISTRY CLUSTER NAMESPACE***]

    Replace:

    • [***CR YAML PATH***] with the absolute or relative path to the CR YAML file you created for NiFi Registry.

    • [***REGISTRY CLUSTER NAMESPACE***] with the namespace. you created to deploy NiFi Registry.