Adding docs on how to authenticate with prometheus to nifi 2.x.x metrics

[Maleware]

Description

Please add a description here. This will become the commit message of the merge request later.

Definition of Done Checklist

• Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
• Please make sure all these things are done and tick the boxes

# Author
- [ ] Changes are OpenShift compatible
- [ ] CRD changes approved
- [ ] CRD documentation for all fields, following the [style guide](https://docs.stackable.tech/home/nightly/contributor/docs/style-guide).
- [ ] Helm chart can be installed and deployed operator works
- [ ] Integration tests passed (for non trivial changes)
- [ ] Changes need to be "offline" compatible

# Reviewer
- [ ] Code contains useful comments
- [ ] Code contains useful logging statements
- [ ] (Integration-)Test cases added
- [ ] Documentation added or updated. Follows the [style guide](https://docs.stackable.tech/home/nightly/contributor/docs/style-guide).
- [ ] Changelog updated
- [ ] Cargo.toml only contains references to git tags (not specific commits or branches)

# Acceptance
- [ ] Feature Tracker has been updated
- [ ] Proper release label has been added
- [ ] [Roadmap](https://github.com/orgs/stackabletech/projects/25/views/1) has been updated

[soenkeliebau]

Is this ready for review @Maleware ? I don't think you requested one yet..

[Maleware]

Yes and no.

It's the only working solution, but it will break stuff. I'd talk about it today to see if we want to make the efforts to fix it or leave as is. Depending on this, we can merge it or document a better way.

[Maleware]

needs to wait for https://github.com/stackabletech/decisions/issues/54 as this changes the regex expression

[Maleware]

after talking to @adwk67 we are not waiting on the decision of the service name. We will merge with the current implementation ( It's already with listener ) and rework if needed.

Moving to ready for review.

[razvan]

I would move this to the beginning of the authentication paragraph and update a little like this

Suggested change

	==== Known Limitations
	NiFi only allows authentication with JWT on pod level. Therefore you will need one endpoint per NiFi pod and a valid bearer token for each. This is a consequence of NiFi
	moving their metrics endpoint behind a strong authentication mechanism.
	[IMPORTANT]
	====
	The NiFi metrics endpoints are behind a strong authentication mechanism which require credentials for each individual pod.
	====

[razvan]

I think it's more important to explain why -k is needed than what it does.

[razvan]

Suggested change

	You then can use the bearer token to authenticate with Prometheus replacing `basic_auth` with
	The following example shows how to configure the Prometheus scraper to use the bearer token to authenticate against a NiFi pod.

[razvan]

Suggested change

	# basic_auth:
	# username: <user>
	# password: <password>
	authorization:
	type: Bearer
	credentials: "<Bearer Token>"
	tls_config:
	insecure_skip_verify: true
	static_configs:
	- targets:
	- '<pod>.<statefulset>.svc.cluster.local:8443' <1>
	authorization: <1>
	type: Bearer
	credentials: "<Bearer Token>" <2>
	tls_config:
	insecure_skip_verify: true
	static_configs:
	- targets:
	- '<pod>.<statefulset>.svc.cluster.local:8443' <3>

[razvan]

Suggested change

	<1> Static targets only scrapes one pod.
	<1> Use the `authentication` property instead if the `basic_auth`.
	<2> Add the previously obtained token here.
	<3> Static targets only scrapes one pod.