Expose the Management Console

petejturner commented 6 months ago

Hello All,

Loving this project. Locally with minikube I am able to access the Management Console from localhost by defining a service.

We're debugging some issues in a deployed EKS cluster, and I would love to have access to the Management Console even for a short amount of time. However, there are issues with CORS and it is unusable.

https://medium.com/@hasnat.saeed/setup-activemq-artemis-on-ubuntu-18-04-76bb4975308b

This article describes modifying bootstrap.xml and jolokia-access.xml to allow external access to the Management Console, is there a way to change these settings without deploying my own images?

Thank you very much.

[!TIP] Vote this issue reacting with :+1: or :-1:

brusdev commented 6 months ago

Hi @petejturner, you don't need to change the bootstrap.xml and jolokia-access.xml files, you can use an Ingress resource to expose the management console, i.e.

apiVersion: broker.amq.io/v1beta1
kind: ActiveMQArtemis
metadata:
  name: artemis-broker
spec:
  console:
    expose: true
    exposeMode: ingress
    ingressHost: artemis-broker-console.my-domain.com

petejturner commented 6 months ago

@brusdev thank you so much for your response.

I have applied your suggested changes, created a load balancer, and setup DNS to point to the load balancer.

I do have a password required:

spec:
  adminPassword: "secret_password"
  adminUser: "secret_user"
  deploymentPlan:
    clustered: true
    size: 4
    persistenceEnabled: true
    enableMetricsPlugin: true
    journalType: aio
    messageMigration: true
    requireLogin: true
  console:
    #Set expose equal to true to enable the Artemis Dashboard
    expose: true
    exposeMode: ingress
    ingressHost: secreturl.com

I logged into a pod to see if the CORS settings had changed in jolokia-access.xml:

<cors>
        <!-- Allow cross-origin access from the origins that match the following pattern ... -->
        <allow-origin>*://ex-aao-ss-0.ex-aao-hdls-svc.artemis.svc.cluster.local*</allow-origin>

        <!-- Options from this point on are auto-generated by Create.java from the Artemis CLI -->
        <!-- Check for the proper origin on the server side, too -->

</cors>

Was this supposed to change? I removed and re-deployed everything.

Here are the errors I'm seeing in Chrome:

Thank you for all your help so far

petejturner commented 6 months ago

I just noticed there was a release last week, I'll try upgrading

petejturner commented 6 months ago

It's working!

For anyone trying to get this to work in the future:

You must not use tls
The load balancer must point to the created service ingress, in my case it was called ex-aao-wconsj-0-svc-ing
You must use an Application Load Balancer (if you are using AWS load balancers)

@brusdev you are my hero today

petejturner commented 6 months ago

Closing

brusdev commented 6 months ago

@petejturner thanks for sharing your findings on EKS. I have never tried but you should be able to use tls setting up end-to-end TLS encryption and adding custom annotations.

basitraza1122 commented 1 week ago

I'm facing the issue, Below is my broker yaml attached. I'm trying to expose the console and trying to access via kubectl port-forward to the created service but I'm unable to connect to console.

brusdev commented 1 week ago

@basitraza1122 I don't see your broker yaml attached.

artemiscloud / activemq-artemis-operator

Expose the Management Console #904