Troubleshooting

Usage of EmptyDir volume "log" exceeds the limit

This error is caused by Logback only checking every 60 seconds ("checkIncrement") if log rotation should be triggered and causing the log file to become larger than the log Volume attached to NiFi Pods. Starting with SDP 24.11 checkIncrement is set to 5 seconds in the Logback config and size of the log Volume attached to NiFi Pods has been increased from 33 MiB to 500 MiB.

If you still encounter this error in rare cases of very high load on NiFi you can further increase the log Volume size.

spec:
  nodes:
    podOverrides:
      spec:
        volumes:
        - emptyDir:
            sizeLimit: 1Gi
          name: log

HTTP ERROR 400 Invalid SNI

You are very likely accessing a NiFi >= 2.0 stacklet using HTTPS to secure its WebUI and an Ingress in front of it. The URL requested by the ingress-controller (such as nginx) needs to be the FQDN of the nifi service, not only the service name. You can instruct nginx ingress to use the FQDN by setting the following annotation:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
    # We need to use the FQDN, so that NiFi has a cert for the host and does not throw
    # HTTP ERROR 400 Invalid SNI
    nginx.ingress.kubernetes.io/upstream-vhost: "nifi.default.svc.cluster.local"
  name: nifi-ingress
spec:
  ingressClassName: nginx
  rules:
    - host: nifi.my.corp
      http:
        paths:
        - backend:
            service:
              name: nifi
              port:
                number: 8443
          path: /
          pathType: Prefix
# ...

For details please read on this article.

authorization_request_not_found when using multiple NiFi nodes

In case you are using multiple NiFi nodes and OpenID connect as authentication method, it is important that a client (such as your Browser) always accesses the same NiFi instance. Otherwise the authorization_request_not_found error is returned.

If you are using an nginx ingress, you can achieve this with the following annotations:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/affinity: "cookie"
    nginx.ingress.kubernetes.io/session-cookie-name: "route"
    nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"