javakubernetesactivemq-artemis

ActiveMQ Artemis does not display console when runs in K8S


I deployed apache/activemq-artemis:2.40.0-alpine in k8s cluster. First run goes well, but when I open console I'm unable to view literally everything but white list: enter image description here enter image description here

Log:

│ 2025-04-08 18:01:11,109 INFO  [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-amqp-protocol]. Adding protocol support for: AMQP                                                                       │
│ 2025-04-08 18:01:11,109 INFO  [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-hornetq-protocol]. Adding protocol support for: HORNETQ                                                                 │
│ 2025-04-08 18:01:11,110 INFO  [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-mqtt-protocol]. Adding protocol support for: MQTT                                                                       │
│ 2025-04-08 18:01:11,110 INFO  [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-openwire-protocol]. Adding protocol support for: OPENWIRE                                                               │
│ 2025-04-08 18:01:11,110 INFO  [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-stomp-protocol]. Adding protocol support for: STOMP                                                                     │
│ 2025-04-08 18:01:11,298 INFO  [org.apache.activemq.artemis.core.server] AMQ221034: Waiting indefinitely to obtain primary lock                                                                                                             │
│ 2025-04-08 18:01:11,299 INFO  [org.apache.activemq.artemis.core.server] AMQ221035: Primary Server Obtained primary lock                                                                                                                    │
│ 2025-04-08 18:01:11,510 INFO  [org.apache.activemq.artemis.core.server] AMQ221080: Deploying address DLQ supporting [ANYCAST]                                                                                                              │
│ 2025-04-08 18:01:11,594 INFO  [org.apache.activemq.artemis.core.server] AMQ221003: Deploying ANYCAST queue DLQ on address DLQ                                                                                                              │
│ 2025-04-08 18:01:11,804 INFO  [org.apache.activemq.artemis.core.server] AMQ221080: Deploying address ExpiryQueue supporting [ANYCAST]                                                                                                      │
│ 2025-04-08 18:01:11,805 INFO  [org.apache.activemq.artemis.core.server] AMQ221003: Deploying ANYCAST queue ExpiryQueue on address ExpiryQueue                                                                                              │
│ 2025-04-08 18:01:12,699 INFO  [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:61616 for protocols [CORE,MQTT,AMQP,STOMP,HORNETQ,OPENWIRE]                                                           │
│ 2025-04-08 18:01:12,700 INFO  [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:5445 for protocols [HORNETQ,STOMP]                                                                                    │
│ 2025-04-08 18:01:12,702 INFO  [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:5672 for protocols [AMQP]                                                                                             │
│ 2025-04-08 18:01:12,703 INFO  [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:1883 for protocols [MQTT]                                                                                             │
│ 2025-04-08 18:01:12,704 INFO  [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:61613 for protocols [STOMP]                                                                                           │
│ 2025-04-08 18:01:12,706 INFO  [org.apache.activemq.artemis.core.server] AMQ221007: Server is now active                                                                                                                                    │
│ 2025-04-08 18:01:12,706 INFO  [org.apache.activemq.artemis.core.server] AMQ221001: Apache ActiveMQ Artemis Message Broker version 2.40.0 [0.0.0.0, nodeID=7401e03f-14a3-11f0-ac6e-02d91668a613]                                            │
│ 2025-04-08 18:01:12,713 INFO  [org.apache.activemq.artemis] AMQ241003: Starting embedded web server                                                                                                                                        │
│ 2025-04-08 18:01:14,205 INFO  [io.hawt.HawtioContextListener] Initialising Hawtio services                                                                                                                                                 │
│ 2025-04-08 18:01:14,210 INFO  [io.hawt.jmx.JmxTreeWatcher] Welcome to Hawtio 4.2.0                                                                                                                                                         │
│ 2025-04-08 18:01:14,292 INFO  [io.hawt.web.auth.AuthenticationConfiguration] Authentication throttling is enabled                                                                                                                          │
│ 2025-04-08 18:01:14,390 INFO  [io.hawt.web.auth.AuthenticationConfiguration] Starting Hawtio authentication filter, JAAS realm: "activemq" authorized role(s): "amq" role principal classes: "org.apache.activemq.artemis.spi.core.securit │
│ 2025-04-08 18:01:14,390 INFO  [io.hawt.web.auth.AuthenticationConfiguration] Looking for OIDC configuration file in: /var/lib/artemis-instance/etc/hawtio-oidc.properties                                                                  │
│ 2025-04-08 18:01:14,505 INFO  [io.hawt.web.auth.ClientRouteRedirectFilter] Hawtio ClientRouteRedirectFilter is using 1800 sec. HttpSession timeout                                                                                         │
│ 2025-04-08 18:01:14,611 INFO  [org.apache.activemq.artemis] AMQ241001: HTTP Server started at http://0.0.0.0:8161                                                                                                                          │
│ 2025-04-08 18:01:14,611 INFO  [org.apache.activemq.artemis] AMQ241002: Artemis Jolokia REST API available at http://0.0.0.0:8161/console/jolokia                                                                                           │
│ 2025-04-08 18:01:14,611 INFO  [org.apache.activemq.artemis] AMQ241004: Artemis Console available at http://0.0.0.0:8161/console                                                                                                            │
│ 2025-04-08 18:01:28,287 INFO  [io.hawt.web.auth.keycloak.KeycloakServlet] Keycloak integration is disabled                                                                                                                                 │
│ 2025-04-08 18:01:34,108 INFO  [io.hawt.web.auth.LoginServlet] Hawtio login is using 1800 sec. HttpSession timeout                                                                                                                          │
│ 2025-04-08 18:01:34,401 INFO  [io.hawt.web.auth.LoginServlet] Logging in user: artemis                                                                                                                                                     │
│ 2025-04-08 18:01:47,631 INFO  [io.hawt.web.servlets.JolokiaConfiguredAgentServlet] Jolokia overridden property: [key=policyLocation, value=file:/var/lib/artemis-instance/./etc/jolokia-access.xml]                                        │
│ 2025-04-08 18:01:47,634 INFO  [io.hawt.web.proxy.ProxyServlet] Proxy servlet is disabled                                                                                                                                                   │
│ 2025-04-08 18:02:47,861 INFO  [io.hawt.web.auth.LoginServlet] Logging in user: artemis                                                                                                                                                     │
│ 2025-04-08 20:16:49,260 INFO  [io.hawt.web.auth.LoginServlet] Logging in user: artemis  

moreover, in browser console i see the following error: enter image description here

My current ingress configuration:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  labels:
    app.kubernetes.io/component: Ingress
  name: amq-artemis
  annotations:
    external-dns.alpha.kubernetes.io/hostname: hidden
    external-dns.alpha.kubernetes.io/ingress-hostname-source: annotation-only
    cert-manager.io/cluster-issuer: hidden
    cert-manager.io/duration: 2160h
    cert-manager.io/renew-before: 720h
    nginx.ingress.kubernetes.io/keepalive_timeout: "1200"
    nginx.ingress.kubernetes.io/proxy-body-size: "250m"
    nginx.ingress.kubernetes.io/proxy-buffers-number: "4 256k"
    nginx.ingress.kubernetes.io/proxy-buffering: 'on'
    nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
    nginx.ingress.kubernetes.io/backend-protocol: HTTP
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/affinity: "cookie"
    nginx.ingress.kubernetes.io/session-cookie-name: "amq-artemis"
    nginx.ingress.kubernetes.io/session-cookie-samesite: "None"
    nginx.ingress.kubernetes.io/session-cookie-secure: "true"
    nginx.ingress.kubernetes.io/session-cookie-path: "/; Secure"
    nginx.ingress.kubernetes.io/app-root: /console/artemis
    nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
    nginx.ingress.kubernetes.io/cors-allow-origin: "*"
    nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_busy_buffers_size   256k;
      client_body_buffer_size   10m;
      send_timeout              300;
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - hidden
      secretName: artemis-fqdn-cert
  rules:
    - host: hidden
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: amq-artemis
              port:
                number: 8161
        - path: /jolokia
          pathType: Prefix
          backend:
            service:
              name: amq-artemis
              port:
                number: 8161
        - path: /hawtio
          pathType: Prefix
          backend:
            service:
              name: amq-artemis
              port:
                number: 8161
        - path: /console
          pathType: Prefix
          backend:
            service:
              name: amq-artemis
              port:
                number: 8161

I run broker with the following parameters: --relax-jolokia --name art --http-host 0.0.0.0

I have tried with various of ingress rules and annotations, but futile. Any idea what it could be?


Solution

  • ActiveMQ Artemis 2.40.0 introduced a new web console based on a new version of Hawtio and Jolokia. Due to this change any request with an origin header using the https scheme which is ultimately received by Jolokia via HTTP is now discarded by default since it is deemed insecure. If you use a TLS proxy that transforms secure requests to insecure requests (e.g. in a Kubernetes environment) then consider changing the proxy to preserve HTTPS and switching the embedded web server to HTTPS. If that isn’t feasible then you can accept the risk by adding <ignore-scheme/> to etc/jolokia-access.xml. See the Jolokia documentation for more details.