K
Q

Not able to start apache-nifi in aks

7/22/2019

Hi all I am working on Nifi and I am trying to install it in AKS (Azure kubernetes service). Using nifi 1.9.2 version. While installing it in AKS gives me an error

replacing target file  /opt/nifi/nifi-current/conf/nifi.properties
sed: preserving permissions for/opt/nifi/nifi-current/conf/sedSFiVwC’: Operation not permitted
replacing target file  /opt/nifi/nifi-current/conf/nifi.properties
sed: preserving permissions for/opt/nifi/nifi-current/conf/sedK3S1JJ’: Operation not permitted
replacing target file  /opt/nifi/nifi-current/conf/nifi.properties
sed: preserving permissions for/opt/nifi/nifi-current/conf/sedbcm91T’: Operation not permitted
replacing target file  /opt/nifi/nifi-current/conf/nifi.properties
sed: preserving permissions for/opt/nifi/nifi-current/conf/sedIuYSe1’: Operation not permitted
NiFi running with PID 28.
The specified run.as user nifi
 does not exist. Exiting.
Received trapped signal, beginning shutdown...

Below is my nifi.yml file

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nifi-core
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nifi-core
  template:
    metadata:
      labels:
        app: nifi-core
    spec:
      containers:
        - name: nifi-core
          image: my-azurecr.io/nifi-core-prod:1.9.2
          env:
            - name: NIFI_WEB_HTTP_PORT
              value: "8080"
            - name: NIFI_VARIABLE_REGISTRY_PROPERTIES
              value: "./conf/custom.properties"
          resources:
            requests:
              cpu: "6"
              memory: 12Gi
            limits:
              cpu: "6"
              memory: 12Gi
          ports:
            - containerPort: 8080
          volumeMounts:
            - name: my-nifi-core-conf
              mountPath: /opt/nifi/nifi-current/conf
      volumes:
        - name: my-nifi-core-conf
          azureFile:
            shareName: my-file-nifi-core/nifi/conf
            secretName: my-nifi-secret
            readOnly: false

I have some customization in nifi Dockerfile, which copies some config files related to my configuration. When I ran my-azurecr.io/nifi-core-prod:1.9.2 docker image on my local it works as expected But when I try to run it on AKS its giving above error. since its related to permissions I have tried with both user nifi and root in Dockerfile.

All the required configuration files are provided in volume my-nifi-core-conf running in same resourse group. Since I am starting nifi with docker my exception is, it will behave same regardless of environment. Either on my local or in AKS. But error also say user nifi does not exist. The official nifi-image setup the user requirement.

Can anyone help, I cant event start container in interaction mode as pods in not in running mode. Thanks in advance.

-- Hitesh Ghuge
apache-nifi
azure-aks
azure-kubernetes
sed

Similar Questions

Hyperledger Fabric in Kubernetes: Not able to instantiate chaincode
A list type label in kubernetes
calling the deployment yaml through client go examples
kubernetes timescaledb statefulset: Changes lost on pod recreation

1 Answer

7/22/2019

I think your missing the Security Context definition for your Kubernetes Pod. The user that Nifi runs under within a Docker has a specific UID and GID, and with the error message you getting, I would suspect that because that user is not defined in the Pod's security context it's not launching as expected.

Have a look at section on the Kubernetes documentation about security contexts, and that should be enough get you started.

I would also have a look at using something like Minikube when testing Kubernetes deployments as Kubernetes adds a large number of controls around a container engine like Docker.

Security Contexts Docs: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ Minikube: https://kubernetes.io/docs/setup/learning-environment/minikube/

-- Bicker x 2
Source: StackOverflow