Bind to 0.0.0.0 to support port-forwardsΒ #854
Description
If you are running NiFi on a Kubernetes where you don't have access to NodePorts or LoadBalancers you would normally simply port-forward.
However, NiFi does not bind on 0.0.0.0, i.e. does not bind to 127.0.0.1, so the port-forward does not work.
=> You are locked out!
@NickLarsenNZ got creative in the past using a caddy sidecar: https://github.com/stackabletech/nifi-iceberg-bundle/blob/c305d47c3678d16250374e9dc89bc184b8c36892/test/nifi.yaml#L95
On Discord I had a working prototype, but I recall @NickLarsenNZ noticed things break when adding this to his deployments: https://discord.com/channels/796665978481803304/1365008788247150654/1366351467790729236
Nowadays we can finally disable the SNI check, so we don't need to fiddle around with /etc/hosts
As an alternative, I got a port-forward working as well.
The trick is to tell NiFi to also bind to the loopback device:spec: nodes: configOverrides: nifi.properties: nifi.web.https.network.interface.lo: loYou can now port-forward normally.
However, as NiFi is using https and has an SNI check, you can not access it using https://127.0.0.1:8443 or https://localhost:8443.
Instead you need to add "nifi-node-default-0.nifi-node-default.default.svc.cluster.local" (adopt nifi name and namespace) pointing to 127.0.0.1 to your local hosts file.
You should be than able to access NiFi using http://nifi-node-default-0.nifi-node-default.default.svc.cluster.local:8443.