多个应用程序节点如何在kubernetes中公开jmx? [英] multiple app nodes how to expose jmx in kubernetes?

问题描述

1. 在kubernetes中，我可以使用service公开服务.很好.
2. 让我们说我有1个Web实例和10个Java服务器实例.
3. 我有一个Windows网关，用于通过安装在其上的jconsole访问这10个Java服务器实例.
4. 很显然，我没有通过kubernetes服务公开所有应用程序的jmx端口.

1. In kubernetes I can expose services with service. This is fine.
2. Lets say I have 1 web instance and 10 java server instances.
3. I have a windows gateway I'm used to access those 10 java servers instances via the jconsole installed on it.
4. Obviously I do not expose all apps jmx port via kubernetes service.

我在这里有什么选择?我应该如何允许kubernetes群集Windows网关的外部访问这10个服务器的jmx端口?这里有任何做法吗?

What are my options here? how should I allow this external to kubernetes cluster windows gateway access to those 10 servers jmx ports? Any practices here?

推荐答案

另一个选择是使用 kubectl port-forward 将JMX端口从K8 pod转发到本地PC.

Another option is to forward JMX port from K8 pod to your local PC with kubectl port-forward.

我这样做是这样的:

1).将以下JVM选项添加到您的应用中:

1). Add following JVM options to your app:

-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.local.only=false
-Dcom.sun.management.jmxremote.port=1099
-Dcom.sun.management.jmxremote.rmi.port=1099
-Djava.rmi.server.hostname=127.0.0.1

这里的关键部分是:

• 应将同一端口用作"jmxremote.port"和"jmxremote.rmi.port".仅需要转发一个端口.

• The same port should be used as 'jmxremote.port' and 'jmxremote.rmi.port'. This is needed to forward one port only.

127.0.0.1应该作为rmi服务器主机名传递. JMX连接需要通过端口转发才能正常工作.

127.0.0.1 should be passed as rmi server hostname. This is needed for JMX connection to work via port-forwarding.

2).通过kubectl将JMX端口(1099)转发到您的本地PC:

2). Forward the JMX port (1099) to your local PC via kubectl:

kubectl port-forward <your-app-pod> 1099

3).打开jconsole连接到本地端口1099:

3). Open jconsole connection to your local port 1099:

jconsole 127.0.0.1:1099

通过这种方式，可以通过JMX调试任何Java Pod，而不必通过K8服务公开公开JMX(从安全角度来看更好).

This way makes it possible to debug any Java pod via JMX without having to publicly expose JMX via K8 service (which is better from security perspective).

另一个可能有用的选择是附加Jolokia( https://jolokia.org/)代理到容器内的Java进程，因此它通过HTTP端口代理JMX，并公开或端口转发此HTTP端口以通过HTTP查询JMX.

Another option that also may be useful is to attach the Jolokia (https://jolokia.org/) agent to the Java process inside the container so it proxies the JMX over HTTP port and expose or port-forward this HTTP port to query JMX over HTTP.

这篇关于多个应用程序节点如何在kubernetes中公开jmx?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！