fix: Disable 8081 (metrics) for 2xx (#794)

* Adding if clause to deactivate service port metrics if nifi 2.x.x is deployed

* Add container port only if nifi 1xx

* remove mut from container_nifi

* Adding interface.lo to nifi.properties

* Adapting startup and liveness probe

* Removing old bash options

* Removing uneccessary imports

* Adding docs for portforwarding

* Update docs/modules/nifi/pages/troubleshooting/index.adoc

Co-authored-by: Malte Sander <[email protected]>

* Update rust/operator-binary/src/controller.rs

Co-authored-by: Malte Sander <[email protected]>

* Removing property and add documentation

* Apply suggestions from code review

Adding review comments

Co-authored-by: Malte Sander <[email protected]>

* remove docs, not good enough solution

* REmove leftover

* Adding changelog

* removing newline

---------

Co-authored-by: Malte Sander <[email protected]>

Author: Maleware

CHANGELOG.md

@@ -26,6 +26,7 @@ All notable changes to this project will be documented in this file.
 - BREAKING: Inject the vector aggregator address into the vector config using the env var `VECTOR_AGGREGATOR_ADDRESS` instead
     of having the operator write it to the vector config ([#772]).
 - test: Bump to Vector `0.46.1` ([#789]).
+- The ReportingTask metrics ports now is only exposed in NiFi 1.x.x ([#794])
 - BREAKING: Previously this operator would hardcode the UID and GID of the Pods being created to 1000/0, this has changed now ([#801])
   - The `runAsUser` and `runAsGroup` fields will not be set anymore by the operator
   - The defaults from the docker images itself will now apply, which will be different from 1000/0 going forward
@@ -52,6 +53,7 @@ All notable changes to this project will be documented in this file.
 [#787]: https://github.com/stackabletech/nifi-operator/pull/787
 [#789]: https://github.com/stackabletech/nifi-operator/pull/789
 [#793]: https://github.com/stackabletech/nifi-operator/pull/793
+[#794]: https://github.com/stackabletech/nifi-operator/pull/794
 [#799]: https://github.com/stackabletech/nifi-operator/pull/799
 [#801]: https://github.com/stackabletech/nifi-operator/pull/801
 

rust/operator-binary/src/controller.rs

@@ -846,6 +846,23 @@ fn build_node_rolegroup_service(
     resolved_product_image: &ResolvedProductImage,
     rolegroup: &RoleGroupRef<v1alpha1::NifiCluster>,
 ) -> Result<Service> {
+    let mut enabled_ports = vec![ServicePort {
+        name: Some(HTTPS_PORT_NAME.to_string()),
+        port: HTTPS_PORT.into(),
+        protocol: Some("TCP".to_string()),
+        ..ServicePort::default()
+    }];
+
+    // NiFi 2.x.x offers nifi-api/flow/metrics/prometheus at the HTTPS_PORT, therefore METRICS_PORT is only required for NiFi 1.x.x...
+    if resolved_product_image.product_version.starts_with("1.") {
+        enabled_ports.push(ServicePort {
+            name: Some(METRICS_PORT_NAME.to_string()),
+            port: METRICS_PORT.into(),
+            protocol: Some("TCP".to_string()),
+            ..ServicePort::default()
+        })
+    }
+
     Ok(Service {
         metadata: ObjectMetaBuilder::new()
             .name_and_namespace(nifi)
@@ -865,20 +882,7 @@ fn build_node_rolegroup_service(
             // Internal communication does not need to be exposed
             type_: Some("ClusterIP".to_string()),
             cluster_ip: Some("None".to_string()),
-            ports: Some(vec![
-                ServicePort {
-                    name: Some(HTTPS_PORT_NAME.to_string()),
-                    port: HTTPS_PORT.into(),
-                    protocol: Some("TCP".to_string()),
-                    ..ServicePort::default()
-                },
-                ServicePort {
-                    name: Some(METRICS_PORT_NAME.to_string()),
-                    port: METRICS_PORT.into(),
-                    protocol: Some("TCP".to_string()),
-                    ..ServicePort::default()
-                },
-            ]),
+            ports: Some(enabled_ports),
             selector: Some(
                 Labels::role_group_selector(nifi, APP_NAME, &rolegroup.role, &rolegroup.role_group)
                     .context(LabelBuildSnafu)?
@@ -1187,7 +1191,6 @@ async fn build_node_rolegroup_statefulset(
         .add_container_port(HTTPS_PORT_NAME, HTTPS_PORT.into())
         .add_container_port(PROTOCOL_PORT_NAME, PROTOCOL_PORT.into())
         .add_container_port(BALANCE_PORT_NAME, BALANCE_PORT.into())
-        .add_container_port(METRICS_PORT_NAME, METRICS_PORT.into())
         .liveness_probe(Probe {
             initial_delay_seconds: Some(10),
             period_seconds: Some(10),
@@ -1209,6 +1212,11 @@ async fn build_node_rolegroup_statefulset(
         })
         .resources(merged_config.resources.clone().into());
 
+    // NiFi 2.x.x offers nifi-api/flow/metrics/prometheus at the HTTPS_PORT, therefore METRICS_PORT is only required for NiFi 1.x.x.
+    if resolved_product_image.product_version.starts_with("1.") {
+        container_nifi.add_container_port(METRICS_PORT_NAME, METRICS_PORT.into());
+    }
+
     let mut pod_builder = PodBuilder::new();
     add_graceful_shutdown_config(merged_config, &mut pod_builder).context(GracefulShutdownSnafu)?;