multiple app nodes how to expose jmx in kubernetes?

Question

1. In kubernetes I can expose services with service. This is fine.
2. Lets say I have 1 web instance and 10 java server instances.
3. I have a windows gateway I'm used to access those 10 java servers instances via the jconsole installed on it.
4. Obviously I do not expose all apps jmx port via kubernetes service.

What are my options here? how should I allow this external to kubernetes cluster windows gateway access to those 10 servers jmx ports? Any practices here?

Answer 1

Another option is to forward JMX port from K8 pod to your local PC with kubectl port-forward.

I do it like this:

1). Add following JVM options to your app:

-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.port=1099 -Dcom.sun.management.jmxremote.rmi.port=1099 -Djava.rmi.server.hostname=127.0.0.1 

The critical part here is that:

• The same port should be used as 'jmxremote.port' and 'jmxremote.rmi.port'. This is needed to forward one port only.

• 127.0.0.1 should be passed as rmi server hostname. This is needed for JMX connection to work via port-forwarding.

2). Forward the JMX port (1099) to your local PC via kubectl:

kubectl port-forward <your-app-pod> 1099 

3). Open jconsole connection to your local port 1099:

jconsole 127.0.0.1:1099 

This way makes it possible to debug any Java pod via JMX without having to publicly expose JMX via K8 service (which is better from security perspective).

Another option that also may be useful is to attach the Jolokia (https://jolokia.org/) agent to the Java process inside the container so it proxies the JMX over HTTP port and expose or port-forward this HTTP port to query JMX over HTTP.