Integrations — NiFi
Integration overview
Apache NiFi can be integrated with Apache Ranger for centralized access control over flows and components. This integration is configured through the tdp-ranger chart (not tdp-nifi): Ranger installs a plugin in NiFi and becomes the authority for all access decisions.
Integration with Apache Ranger
How it works
The Ranger plugin for NiFi intercepts access requests to NiFi components (ProcessGroups, Processors, input/output ports) and validates them against the policies defined in Ranger Admin. Default policies are automatically created by the configJob of the tdp-ranger chart when the integration is enabled.
Enabling the integration
The configuration is done in the tdp-ranger chart, not in tdp-nifi. The Ranger chart must be installed with rangerIntegrations.nifi.enabled=true and must know where NiFi is running:
rangerIntegrations:
configJob:
enabled: true
nifi:
enabled: true
serviceName: "<nifi-service-name>"
serviceDisplayName: "NiFi TDP"
connection:
nifiUrl: "http://<nifi-service>.<namespace>.svc.cluster.local:8080"
authenticationType: "none"
credentials:
username: "<admin-username>"
password: "<admin-password>"
NiFi must be deployed and accessible from the Ranger namespace before enabling this integration. The configJob waits for Ranger to be ready, but NiFi must be running when the job executes the registration.
Installation or upgrade with the integration
helm upgrade --install <ranger-release> \
oci://registry.tecnisys.com.br/tdp/charts/tdp-ranger \
-n <namespace> \
-f values-ranger.yaml \
-f values-ranger-integration-nifi.yaml
Or via --set:
helm upgrade --install <ranger-release> \
oci://registry.tecnisys.com.br/tdp/charts/tdp-ranger \
-n <namespace> \
--set rangerIntegrations.nifi.enabled=true \
--set rangerIntegrations.nifi.connection.nifiUrl=http://<nifi-service>.<namespace>.svc.cluster.local:8080
Verification
After the integration, verify in Ranger Admin that the NiFi service appears in Service Manager:
kubectl -n <namespace> get jobs
kubectl -n <namespace> logs job/<ranger-release>-config-job
In Ranger Admin, go to NiFi → Policies to view the automatically created policies.
Main parameters
| Parameter | Description |
|---|---|
rangerIntegrations.nifi.enabled | Enable the NiFi integration in Ranger |
rangerIntegrations.nifi.serviceName | Service name in Ranger |
rangerIntegrations.nifi.connection.nifiUrl | NiFi URL accessible from the cluster |
rangerIntegrations.nifi.connection.authenticationType | Authentication type (none for credential-free access) |
rangerIntegrations.nifi.credentials.username | NiFi admin username |
rangerIntegrations.nifi.credentials.password | NiFi admin password |
Run helm show values oci://registry.tecnisys.com.br/tdp/charts/tdp-ranger for the full list of NiFi integration parameters.