Ingress — NiFi
With Ingress enabled, access to NiFi uses the host configured in ingress.rules[0].host. The UI path is /nifi. The chart default for the host is nifi.local.
Prerequisites
- Ingress Controller installed in the cluster (e.g., NGINX).
- Hostname configured in DNS or an entry in
/etc/hostspointing to the external IP of the Ingress.
For NiFi, you must enable two flags: TDPConfiguration.gateway.ingress.enabled and ingress.enabled. Enabling only one of them is not sufficient.
In addition, TDPConfiguration.gateway.ingress and TDPConfiguration.gateway.gatewayApi are mutually exclusive. Enable only one of them.
Example
TDPConfiguration:
gateway:
ingress:
enabled: true
ingress:
enabled: true
ingressClassName: <ingress-class>
rules:
- host: nifi.local
Replace <ingress-class> with the name of the Ingress Controller in the environment (verify with kubectl get ingressclass).
Access
With Ingress enabled (ingress.enabled: true), the NiFi UI is available at the configured host:
http://nifi.local/nifi
Troubleshooting
| Issue | Solution |
|---|---|
| 502 / no backend | Check the Service name/port and whether the NiFi pods are ready |
| Host does not resolve | DNS or local resolution for the configured hostname |
| Ingress not created | Verify that both flags are true and that ingressClassName matches the Ingress Controller used in the cluster |
When NiFi operates in secure mode (nifiCluster.security.protocol: "https"), the Ingress Controller needs the backend-protocol annotation to proxy correctly. See Ingress with HTTPS on the NiFi Security page.
Controller-specific annotations (e.g., rewrite-target) depend on the Ingress you use; configure them according to your cluster's documentation.