An Hawtio console that eases the discovery and management of hawtio-enabled applications deployed on OpenShift and Kubernetes.
A hawtio-enabled application is an application that is composed of containers with a configured port named jolokia and that exposes the Jolokia API.
Look at the separate examples project for understanding how you can set up a hawtio-enabled application for Hawtio Online.
There are alternative methods of installation available to directly install Hawtio-Online:
- via Helm Charts
- via Makefile and Kustomize
- via Manual Commands
Each method will require the following:
- specifying the type of cluster targetted for the installation (either OpenShift or Kubernetes), thereby ensuring the correct certificates are generated for secure (SSL) access;
- the namespace targetted for the installation
- the 'mode' of the installation, ie. whether hawtio-online should be able to discover jolokia application cluster-wide (cluster) or only in the installed namespace (namespace);
The Hawtio-Online deployment, pod and service should be installed into the cluster:
$ oc get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
hawtio-online 1/1 1 1 26m
$ oc get pods
NAME READY STATUS RESTARTS AGE
hawtio-online-65dcfdd49c-jfzvj 2/2 Running 0 26m
$ oc get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hawtio-online NodePort 10.217.4.162 <none> 443:31914/TCP 27m
Hawtio Online currently supports two authentication modes: oauth and form, which is configured through HAWTIO_ONLINE_AUTH environment variable on Deployment.
| Mode | Description |
|---|---|
| oauth | Authenticates requests through OpenShift OAuth server. It is available only on OpenShift. |
| form | Authenticates requests with bearer tokens throught the Hawtio login form. |
With the Form authentication mode, any user with a bearer token can be authenticated. See Authenticating for different ways to provide users with bearer tokens.
Here we illustrate how to create a ServiceAccount as a user to log in to the Hawtio console as an example. See Creating a Hawtio user for Form authentication for more details.
To provision the installation for RBAC support, please see RBAC.
You must have the following tools installed:
make buildSee the Makefile for other commands in order to construct the container images.
In order to authenticate and obtain OAuth access tokens for the Hawtio console be authorized to watch for hawtio-enabled 1 applications deployed in your cluster, you have to create an OAuth client that matches localhost development URLs.
oc create -f oauthclient.ymlSee OAuth Clients for more information.
oc create -f serviceaccount.ymlSee Service Accounts as OAuth Clients for more information.
yarn start:onlineThis will start the webpack development server containing a compiled version of the hawtio code. The console is then available at http://localhost:2772/.
Since Hawtio-Online is actually two servers working together, it is possible to run them both separately on the CLI and have them correctly interface with one another in the same manner as when installed in a cluster.
- Create, if not already, a new .env.development file, in
docker/gatewayby copying the example; - Set the environment variable in
docker/gateway.env.developmentto the value
HAWTIO_ONLINE_GATEWAY_WEB_SERVER=http://localhost:2772
- Create, if not already, a new .env file in
packages/online-shellby copying the example; - Set the online shell environment variable in
packages/online-shell/.envto the value
HAWTIO_GATEWAY_SERVER=http://localhost:3000
- Start the gateway server
yarn start:gateway- Start hawtio-online
yarn start:onlineNow the gateway and hawtio-online development servers should correctly interact and simulate the actions on an installed production application.
In order for a local hawtio-online to detect the hawtio-enabled applications, each application container needs to be configured with the following environment variables:
AB_JOLOKIA_AUTH_OPENSHIFT=false
AB_JOLOKIA_PASSWORD_RANDOM=false
AB_JOLOKIA_OPTS=useSslClientAuthentication=false,protocol=httpsThe following script lets you apply the above environment variables to all the deployments with a label provider=fabric8 in a batch:
./scripts/disable-jolokia-auth.sh