- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Float this Question for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Accessing NIFI Metrics endpoint for Prometheus without Authentication
- Labels:
-
Apache NiFi
Created 01-06-2025 10:21 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
We are currently in the process of upgrading our NIFI version to 2.0.0. But as per the below NIFI jira task PrometheusReportingTask has been completely removed from version 2.0.0 and added as a NIFI rest api endpoint.
https://issues.apache.org/jira/browse/NIFI-13507
The issue we are currently facing is that with old version 2.0.0-M2 metrics was exposed through PrometheusReportingTask which can be accessed without the need for any authentication and we were able to scrape the metrics to Prometheus.
But with the latest versions from 2.0.0 we have to provide the Bearer Token(Using OIDC) to access the metrics as it is a Rest API endpoint which is causing difficulties to integrate with Prometheus as we need to add an extra layer to get the token.
So my question here is, If there is any way to access the nifi-api/flow/metrics/prometheus without the need to provide any authentication which will solve our issue.
Any Suggestions are appreciated.
Created 01-07-2025 05:57 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ravi_tadepally
A secured NiFi is always going to require successful authentication and authorization.
I assume you are fetching a token because you have configured your secured NiFi to use OIDC based user authentication. But keep in mind that a secured NiFi will always support Mutual TLS based authentication no matter what additional authentication methods have been configured. For Rest-api interactions it is often easier to generate a clientAuth certificate that is trusted by your NiFi's truststore and use that instead for authentication. With mutual TLS based authentication there is no need to fetch any token. You simply include the clientAuth certificate in every rest-api call.
You could even handle this task via a NiFi dataflow that utilizes the invokeHTTP processor (configured with a SSL Context Service. Could even just use NiFi's keystore and truststore) to make the rest-api call to fetch Prometheus data and then through that dataflow send it to the desired endpoint.
Please help our community thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.
Thank you,
Matt
Created 01-07-2025 05:57 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ravi_tadepally
A secured NiFi is always going to require successful authentication and authorization.
I assume you are fetching a token because you have configured your secured NiFi to use OIDC based user authentication. But keep in mind that a secured NiFi will always support Mutual TLS based authentication no matter what additional authentication methods have been configured. For Rest-api interactions it is often easier to generate a clientAuth certificate that is trusted by your NiFi's truststore and use that instead for authentication. With mutual TLS based authentication there is no need to fetch any token. You simply include the clientAuth certificate in every rest-api call.
You could even handle this task via a NiFi dataflow that utilizes the invokeHTTP processor (configured with a SSL Context Service. Could even just use NiFi's keystore and truststore) to make the rest-api call to fetch Prometheus data and then through that dataflow send it to the desired endpoint.
Please help our community thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.
Thank you,
Matt
Created 02-21-2025 06:06 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Matt,
Thank you this solution saved my day..
I am looking for Accept as Solution button but couldn't find that in this page.
Created 02-21-2025 07:13 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The original poster of the thread has the ability to mark the solution @sujith18.
@ravi_tadepally has @MattWho 's response helped you overcome your issue? If so, please mark his reply as the solution.
Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
