search

artemiscloud / activemq-artemis-operator

Apache License 2.0
64 stars 62 forks source link

Get HTTP 503 when exposing the Management Console with Istio Gateway #929

Closed win5923 closed 4 months ago

win5923 commented 4 months ago

Describe the bug When connecting to https://test1.cloudapp.azure.com/activemq/ or https://test1.cloudapp.azure.com/activemq/console , browser got Failed to load resource: the server responded with a status of 503 ().

The mqtt protocol can connect.

Pod log:

2024-05-17 08:31:21,168 INFO  [org.apache.activemq.artemis] AMQ241001: HTTP Server started at http://artemis-broker-ss-0.artemis-broker-hdls-svc.activemq-artemis-operator.svc.cluster.local:8161
2024-05-17 08:31:21,168 INFO  [org.apache.activemq.artemis] AMQ241002: Artemis Jolokia REST API available at http://artemis-broker-ss-0.artemis-broker-hdls-svc.activemq-artemis-operator.svc.cluster.local:8161/console/jolokia
2024-05-17 08:31:21,168 INFO  [org.apache.activemq.artemis] AMQ241004: Artemis Console available at http://artemis-broker-ss-0.artemis-broker-hdls-svc.activemq-artemis-operator.svc.cluster.local:8161/console

ActiveMQArtemis:

apiVersion: broker.amq.io/v1beta1
kind: ActiveMQArtemis
metadata:
  name: artemis-broker
  namespace: activemq-artemis-operator
spec:
  acceptors:
    - name: activemq-mqtt
      expose: false
      port: 5672
      protocols: mqtt
      sslEnabled: true
      sslSecret: amq-ssl-secret

  deploymentPlan:
    size: 1
    image: quay.io/artemiscloud/activemq-artemis-broker-kubernetes:artemis.2.33.0
    enableMetricsPlugin: true

istio-gateway.yml:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: istio-gateway
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway
  servers:
    - hosts:
        - test1.cloudapp.azure.com
      port:
        name: http
        number: 80
        protocol: HTTP
      tls:
        httpsRedirect: true
    - hosts:
        - test1.cloudapp.azure.com
      port:
        name: https
        number: 443
        protocol: HTTPS
      tls:
        cipherSuites:
          - ECDHE-ECDSA-AES128-GCM-SHA256
          - ECDHE-RSA-AES128-GCM-SHA256
          - ECDHE-ECDSA-AES128-SHA
          - AES128-GCM-SHA256
          - AES128-SHA
          - ECDHE-ECDSA-AES256-GCM-SHA384
          - ECDHE-RSA-AES256-GCM-SHA384
          - ECDHE-ECDSA-AES256-SHA
          - AES256-GCM-SHA384
          - AES256-SHA
        credentialName: istio-cert-prod
        maxProtocolVersion: TLSV1_3
        minProtocolVersion: TLSV1_2
        mode: SIMPLE

VirtualService.yml:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: activemq-web-virtualservice
  namespace: activemq-artemis-operator
spec:
  gateways:
    - istio-system/istio-gateway
  hosts:
    - test1.cloudapp.azure.com
  http:
  - match:
    - uri:
        prefix: /activemq/
    rewrite:
      uri: /
    route:
      - destination:
          host: artemis-broker-ss-0.artemis-broker-hdls-svc.activemq-artemis-operator.svc.cluster.local
          port:
            number: 8161
$ k get pod             
NAME                                                   READY   STATUS    RESTARTS   AGE
activemq-artemis-controller-manager-55645cc79f-rdzw6   1/1     Running   0          6h6m
artemis-broker-ss-0                                    1/1     Running   0          104s

$ k get svc                 
NAME                                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                       AGE
artemis-broker-activemq-mqtt-0-svc   ClusterIP   10.0.237.184   <none>        5672/TCP                      110s
artemis-broker-hdls-svc              ClusterIP   None           <none>        7800/TCP,8161/TCP,61616/TCP   110s
artemis-broker-ping-svc              ClusterIP   None           <none>        8888/TCP

console reponse in pod:

$ kubectl run tmp-shell --rm -i --tty --image nicolaka/netshoot 
 tmp-shell  ~  curl http://artemis-broker-hdls-svc.activemq-artemis-operator:8161/console

 tmp-shell  ~  curl http://artemis-broker-ss-0.artemis-broker-hdls-svc.activemq-artemis-operator.svc.cluster.local:8161/console/jolokia

 tmp-shell  ~  curl http://artemis-broker-ss-0.artemis-broker-hdls-svc.activemq-artemis-operator.svc.cluster.local:8161

[!TIP] Vote this issue reacting with :+1: or :-1:

win5923 commented 4 months ago

I change my gateway and virtual service to below, now I can see the Artemis console on browser:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: activemq-gateway
  namespace: activemq-artemis-operator
spec:
  selector:
    istio: ingressgateway
  servers:
    - port:
        number: 80
        name: http
        protocol: HTTP
      hosts:
      - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: activemq-web-virtualservice
  namespace: activemq-artemis-operator
spec:
  gateways:
    # - istio-system/istio-gateway
    - activemq-gateway
  hosts:
    - "*"
  http:
  - match:
    - uri:
        prefix: /
    route:
      - destination:
          host: artemis-broker-hdls-svc.activemq-artemis-operator.svc.cluster.local
          port:
            number: 8161

But got so many error: image

The Artemis navigation tab is missing: ![Uploading image.png…]()