multiple app nodes how to expose jmx in kubernetes?
kubernetesI can expose services with
service. This is fine.
- Lets say I have 1 web instance and 10 java server instances.
- I have a windows gateway I’m used to access those 10 java servers instances via the jconsole installed on it.
- Obviously I do not expose all apps jmx port via kubernetes service.
What are my options here? how should I allow this external to kubernetes cluster windows gateway access to those 10 servers jmx ports? Any practices here?
3 Solutions collect form web for “multiple app nodes how to expose jmx in kubernetes?”
Another option is to forward JMX port from K8 pod to your local PC with kubectl port-forward.
I do it like this:
1). Add following JVM options to your app:
-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.port=1099 -Dcom.sun.management.jmxremote.rmi.port=1099 -Djava.rmi.server.hostname=127.0.0.1
The critical part here is that:
The same port should be used as ‘jmxremote.port’ and ‘jmxremote.rmi.port’. This is needed to forward one port only.
127.0.0.1 should be passed as rmi server hostname. This is needed for JMX connection to work via port-forwarding.
2). Forward the JMX port (1099) to your looptionscal PC via kubectl:
kubectl port-forward <your-app-pod> 1099
3). Open jconsole connection to your local port 1099:
This way because makes it possible to debug any Java pod via JMX without having to publicly expose JMX via K8 service (which is better from security perspective).
We did it in following way
- Add a unique label for each pod. ex: podid=asdw23443
- Create a new service with selector of podid=asdw23443. Make sure in the service you expose jmx ports on pod through nodeport or loadbalancer.
If you are selecting nodeport in service, because you a doing a NAT operation you may have to give following JVM argument for each jvm you need to connect through jconsole
I think one way is to add a label to your pod with a unique string \ id for example pod_name and use the expose command to create a new service with the selector of this unique id\string.
kubectl label pods <podname> podname=<podname> kubectl expose pod <podname> --port=9010 --name=<podname>_jmx