Divert Message #1 and minor fixes

Author: eye0fra

README.adoc

@@ -112,7 +112,7 @@ oc label secret/mycluster-amq-broker-all-secret app.kubernetes.io/managed-by=Hel
 `oc extract secret/mycluster-amq-broker-all-secret --keys=client.ts`
 
 . Extract AMQ Endpoint
-
++
 `export AMQ_ENDPOINT=$(oc get route mycluster-amq-broker-all-0-svc-rte --no-headers -o custom-columns=:.spec.host)`
 
 . Launch Artemis Producer Command
@@ -127,12 +127,13 @@ Producer ActiveMQQueue[TEST], thread=0 Started to calculate elapsed time ...
 Producer ActiveMQQueue[TEST], thread=0 Produced: 10 messages
 Producer ActiveMQQueue[TEST], thread=0 Elapsed time in second : 0 s
 Producer ActiveMQQueue[TEST], thread=0 Elapsed time in milli second : 79 milli seconds
+
 -------
 
 . Launch Artemis Consumer Command
 +
 [source,bash]
--------
+-----
 ./artemis consumer --user amq --password amq --message-count 10 --url="tcp://${AMQ_ENDPOINT}:443?sslEnabled=true;trustStorePath=./client.ts;trustStorePassword=password"
 
 Connection brokerURL = tcp://mycluster-amq-broker-all-0-svc-rte-dxc.apps-crc.testing:443?sslEnabled=true;trustStorePath=./client.ts;trustStorePassword=password
@@ -143,12 +144,83 @@ Consumer ActiveMQQueue[TEST], thread=0 Elapsed time in second : 0 s
 Consumer ActiveMQQueue[TEST], thread=0 Elapsed time in milli second : 17 milli seconds
 Consumer ActiveMQQueue[TEST], thread=0 Consumed: 10 messages
 Consumer ActiveMQQueue[TEST], thread=0 Consumer thread finished
--------
+-----
+
+## Bridge Scenario [WIP]
+
+. Create two OpenShift project.
++
+[source,bash]
+-----
+oc new-project brk1
+oc new-project brk2
+-----
+
+. Install AMQ Broker Operator for both the projects.
+
+. Create a NetworkPolicy to allow connection from brk1 to brk2.
++
+[source,yaml]
+-----
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: mycluster1-amq-broker-all
+  labels:
+    app.kubernetes.io/name: amq-broker
+    app.kubernetes.io/instance: mycluster2
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: amq-broker
+      app.kubernetes.io/instance: mycluster2
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              app.kubernetes.io/instance: mycluster
+      ports:
+      - port: 61617
+        protocol: TCP
+-----
+
+. Label brk1 namespace with `app.kubernetes.io/instance: mycluster`
++
+`oc label namespace brk1 app.kubernetes.io/instance=mycluster`
+
+. Install AMQ Broker Helm Chart on brk2
++
+`helm upgrade --install mycluster2 amq-broker -n brk2`
+
+. In case of SSL Connector to brk2, create a secret on brk1 to able to connect to brk2.
++
+[source,bash]
+-----
+mkdir brk2-pki
+
+oc extract secret/mycluster2-amq-broker-all-secret --to=brk2-pki -n brk2
+
+oc create secret generic mycluster2-amq-broker-all-brk2-secret --from-file=brk2-pki/ -n brk1
+-----
+
+. Install AMQ Broker Helm Chart on brk1
++
+`helm upgrade --install mycluster amq-broker -n brk1`
+
+. Launch Helm Test to test the bridge connection
++
+`helm test mycluster1 -n brk1`
 
 ## Uninstall it
 
 `helm uninstall mycluster --no-hooks`
 
+## Failed Status
+
+In case of failed installation due to missing role rights, AMQ Broker operator, tests failed or others, please make sure to clean up all the pending resources.
+
+`oc delete all -lapp.kubernetes.io/name=amq-broker`
+
 ## Progress
 
 .Progress

amq-broker/templates/_helpers.tpl

@@ -105,4 +105,24 @@ tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;useEpoll=true;amqpCredits
 {{- end }}
 {{- end }}
 
+{{/*
+Generate connectors broker.xml
+TODO: Read the connector ssl secret automatically
+*/}}
+{{- define "amq-broker.connectors" -}}
+{{- $fullName := ( include "amq-broker.fullname" . ) -}}
+{{ range .Values.connectors }}
+{{- $connector := . -}}
+{{- with $ }}
+<connector name="{{ $connector.name }}">{{ $connector.type }}://{{ $connector.host }}:{{ $connector.port }}
+{{- if $connector.sslEnabled -}}
+;sslEnabled=true;keyStorePath=/etc/{{ $connector.sslSecret }}-volume/broker.ks;keyStorePassword={{ .Values.pki.keyStorePassword }};trustStorePath=/etc/{{ $connector.sslSecret }}-volume/client.ts;trustStorePassword={{ .Values.pki.trustStorePassword }}
+{{- else -}}
+;
+{{- end -}}
+</connector>
+{{- end -}}
+{{- end }}
+{{- end }}
+
 

amq-broker/templates/activemqartemisaddress.yaml

@@ -1,6 +1,7 @@
 {{- range .Values.addresses }}
 {{- $address := . -}}
 {{- with $ }}
+---
 apiVersion: broker.amq.io/v2alpha2
 kind: ActiveMQArtemisAddress
 metadata:

amq-broker/templates/configmap.yaml

@@ -46,6 +46,8 @@ data:
             <connectors>
                 <!-- Connector used to be announced through cluster connections and notifications -->
                 <connector name="artemis">tcp://${BROKER_IP}:61616</connector>
+
+                {{- include "amq-broker.connectors" . | nindent 16 }}
             </connectors>
 
             <acceptors>
@@ -188,16 +190,28 @@ data:
             <diverts>
                 {{- range .Values.diverts }}
                     <divert name="{{ .name }}">
+                        <routing-name>{{ .name }}</routing-name>
                         <address>{{ .address }}</address>
                         <forwarding-address>{{ .forwardingAddress }}</forwarding-address>
                         <exclusive>{{ .exclusive }}</exclusive>
+                        {{- if .filter }}
+                        <filter>{{ .filter }}</filter>
+                        {{- end }}
                     </divert>
                 {{- end }}
             </diverts>
 
             <bridges>
                 {{- range .Values.bridges }}
-                
+                <bridge name="{{ .name }}">
+                    <queue-name>{{ .queueName }}</queue-name>
+                    <forwarding-address>{{ .forwardingAddress }}</forwarding-address>
+                    <user>{{ .user }}</user>
+                    <password>{{ .password }}</password>
+                    <static-connectors>
+                        <connector-ref>{{ .connectorRef }}</connector-ref>
+                    </static-connectors>
+                </bridge>
                 {{- end}}
             </bridges>
         </core>

amq-broker/templates/tests/artemis-divert-consumer.yaml

@@ -0,0 +1,61 @@
+{{- range $index, $acceptor := .Values.acceptors }}
+{{- with $ }}
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ include "amq-broker.fullname" . }}-{{ $acceptor.name }}-divert-consumer
+  labels:
+    {{- include "amq-broker.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+    "helm.sh/hook-delete-policy": hook-succeeded
+    "helm.sh/hook-weight": "{{ $index }}"
+spec:
+  containers:
+  - name: artemis-consumer
+    image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+    imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+    env:
+      - name: ARTEMIS_USER
+        value: {{ default "" .Values.adminUser | quote }}
+      - name: ARTEMIS_PASSWORD
+        value: {{ default "" .Values.adminPassword | quote }}
+      {{- if $acceptor.expose }}
+      - name: ARTEMIS_HOST
+        value: {{ include "amq-broker.fullname" . }}-{{ $acceptor.name }}-0-svc
+      {{ else }}
+      - name: ARTEMIS_HOST
+        value: {{ include "amq-broker.fullname" . }}-hdls-svc 
+      {{- end }}
+      {{- if eq $acceptor.protocols "all" }}
+      - name: ARTEMIS_PROTOCOL
+        value: "core"
+      {{ else }}
+      - name: ARTEMIS_PROTOCOL
+        value: {{ $acceptor.protocols }}   
+      {{- end }}     
+    command:
+        - /bin/bash
+        - '-c'
+        - |
+          #!/bin/bash
+          
+          /opt/amq/bin/artemis consumer --user ${ARTEMIS_USER} --password ${ARTEMIS_PASSWORD} --message-count 10 --protocol=${ARTEMIS_PROTOCOL} --destination={{ ( index .Values.diverts 0 ).forwardingAddress }} --url="tcp://${ARTEMIS_HOST}:{{ $acceptor.port }}
+          {{- if $acceptor.sslEnabled -}}
+          ?sslEnabled=true;trustStorePath=/opt/pki/{{ .name }}/client.ts;trustStorePassword={{ .Values.pki.trustStorePassword }}"
+          {{- else -}}
+          "
+          {{ end }}
+  {{- if $acceptor.sslEnabled }}
+    volumeMounts:
+    - name: {{ $acceptor.name }}
+      mountPath: /opt/pki/{{ .name }} 
+  volumes:
+  - name: {{ $acceptor.name }}
+    secret:
+      secretName: {{ include "amq-broker.fullname" . }}-{{ $acceptor.name }}-secret
+  {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}

amq-broker/templates/tests/artemis-divert-producer.yaml

@@ -0,0 +1,61 @@
+{{- range $index, $acceptor := .Values.acceptors }}
+{{- with $ }}
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ include "amq-broker.fullname" . }}-{{ $acceptor.name }}-divert-producer
+  labels:
+    {{- include "amq-broker.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+    "helm.sh/hook-delete-policy": hook-succeeded
+    "helm.sh/hook-weight": "{{ sub $index 1 }}"
+spec:
+  containers:
+  - name: artemis-producer
+    image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+    imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+    env:
+      - name: ARTEMIS_USER
+        value: {{ default "" .Values.adminUser | quote }}
+      - name: ARTEMIS_PASSWORD
+        value: {{ default "" .Values.adminPassword | quote }}
+      {{- if $acceptor.expose }}
+      - name: ARTEMIS_HOST
+        value: {{ include "amq-broker.fullname" . }}-{{ $acceptor.name }}-0-svc
+      {{ else }}
+      - name: ARTEMIS_HOST
+        value: {{ include "amq-broker.fullname" . }}-hdls-svc  
+      {{- end }}
+      {{- if eq $acceptor.protocols "all" }}
+      - name: ARTEMIS_PROTOCOL
+        value: "core"
+      {{ else }}
+      - name: ARTEMIS_PROTOCOL
+        value: {{ $acceptor.protocols }}   
+      {{- end }}     
+    command:
+        - /bin/bash
+        - '-c'
+        - |
+          #!/bin/bash
+          
+          /opt/amq/bin/artemis producer --user ${ARTEMIS_USER} --password ${ARTEMIS_PASSWORD} --message-count 10 --protocol=${ARTEMIS_PROTOCOL} --destination={{ ( index .Values.diverts 0 ).address }} --url="tcp://${ARTEMIS_HOST}:{{ $acceptor.port }}
+          {{- if $acceptor.sslEnabled -}}
+          ?sslEnabled=true;trustStorePath=/opt/pki/{{ .name }}/client.ts;trustStorePassword={{ .Values.pki.trustStorePassword }}"
+          {{- else -}}
+          "
+          {{ end }}
+  {{- if $acceptor.sslEnabled }}
+    volumeMounts:
+    - name: {{ $acceptor.name }}
+      mountPath: /opt/pki/{{ .name }} 
+  volumes:
+  - name: {{ $acceptor.name }}
+    secret:
+      secretName: {{ include "amq-broker.fullname" . }}-{{ $acceptor.name }}-secret
+  {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}

amq-broker/values.yaml

@@ -66,7 +66,15 @@ acceptors:
   protocols: amqp
   port: 5672
 
-connectors: []
+connectors:
+- port: 61617
+  host: mycluster2-amq-broker-all-0-svc.brk2.svc.cluster.local
+  needClientAuth: false
+  name: bridge
+  type: tcp
+# Requires secret created in Advanced.
+  sslEnabled: true
+  sslSecret: mycluster2-amq-broker-all-brk2-secret
 
 addressSettings:
   addressSetting:
@@ -83,14 +91,21 @@ addresses:
 - addressName: com.my.queue
   queueName: com.my.queue
   routingType: anycast
+- addressName: divert.test.address
+  queueName: divert.test.address
+  routingType: anycast
+- addressName: divert.test.forwarding
+  queueName: divert.test.forwarding
+  routingType: anycast
+
 
 securitySettings:
  users:
  - name: test
    password: test
    role: guest
  securitySetting:
- - match: 'ch.rtc.igt.#'
+ - match: 'com.my.queue.#'
    createNonDurableQueue: admin
    deleteNonDurableQueue: admin
    createDurableQueue: admin
@@ -104,7 +119,11 @@ securitySettings:
 
 bridges: []
 
-diverts: []
+diverts:
+- name: divert.test
+  address: divert.test.address
+  forwardingAddress: divert.test.forwarding
+  exclusive: true
 
 clusterDomain: apps.dev.openlab.red