Connecting to a Kubernetes Pod for JMX Debugging

From Jwiki
Revision as of 15:39, 5 September 2025 by Gyurci08 (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Connecting to a Kubernetes Pod for JMX Debugging (Rancher Environment)

This guide provides a comprehensive walkthrough for developers to configure access to a Rancher-managed Kubernetes cluster for the first time and connect to a Java application for JMX monitoring.

The process involves three main stages:

  1. Installing the Kubernetes command-line tool, kubectl.
  2. Setting up cluster access using a kubeconfig file from Rancher.
  3. Forwarding a local port to the pod to establish a secure JMX connection.

1. Prerequisite: Install kubectl

kubectl is the command-line tool for interacting with the Kubernetes API. Before proceeding, you must install it on your local machine.

Windows

Open a PowerShell terminal as an Administrator and run one of the following commands. 

# Using Chocolatey package manager
choco install kubernetes-cli

Or, using Scoop package manager: 

scoop install kubectl

macOS

On macOS, use the Homebrew package manager. 

brew install kubectl

Linux (Debian/Ubuntu)

On Debian-based systems, use the native apt package manager. 

sudo apt-get update
sudo apt-get install -y kubectl

After installation, verify that kubectl is available in your path by running: 

kubectl version --client

2. Configure Cluster Access

Since this is your first time connecting, you will set up your local configuration from scratch. The kubeconfig file you get from Rancher is specifically configured for your user and its permissions.

Create the .kube Directory

kubectl expects its configuration to be in a hidden directory in your user's home folder. On Linux or macOS: 

mkdir -p ~/.kube

On Windows (in PowerShell or Command Prompt): 

mkdir %USERPROFILE%\.kube

Place the Kubeconfig File

You will receive a kubeconfig file from your DevOps team or download it directly from the Rancher UI. Rename this file to config and move it into the .kube directory. On Linux or macOS: 

mv /path/to/your/rancher-kubeconfig.yaml ~/.kube/config

On Windows (in PowerShell or Command Prompt): 

move C:\path\to\your\rancher-kubeconfig.yaml %USERPROFILE%\.kube\config

This will now be the default configuration file that kubectl uses for all commands.

Verify Cluster Access

Test that your configuration is working correctly. Your access is restricted to a specific project, so some cluster-wide commands will fail—this is expected. 

# List all available cluster contexts (there should be only one)
kubectl config get-contexts

# This command will likely FAIL. This is NORMAL.
# It fails because your role is scoped to a project, not the whole cluster.
kubectl get pods

The get pods command fails because it tries to list pods in the default namespace, which you may not have access to. Your permissions are tied to the namespaces within your assigned project.

To properly test your connection, you must specify the namespace you have access to. 

# Replace <your-project-namespace> with the actual namespace name provided to you.
kubectl get pods -n <your-project-namespace>

If this command returns a list of pods (or an empty list with no errors), your access is configured correctly.

3. Forward a Port for JMX Connection

With cluster access established, you can now create a secure tunnel from your local machine to the JMX port of the Java application running inside a pod.

Set Your Default Namespace (Optional but Recommended)

To avoid typing -n <your-project-namespace> for every command, you can set it as your default for the current session. 

kubectl config set-context --current --namespace=<your-project-namespace>

Now, all subsequent kubectl commands in this terminal will automatically target your project's namespace.

Find the Target Pod Name

First, identify the exact name of the pod you want to connect to. 

# If you set your default namespace, you can run this:
kubectl get pods

If you did not set a default, you must specify the namespace: 

kubectl get pods -n <your-project-namespace>

Copy the full name of the pod from the output (e.g., your-java-app-pod-name-xyz).

Start the Port Forwarding Session

Use the kubectl port-forward command to create the tunnel. This command maps a port on your local machine to the JMX port on the pod (assuming the JMX service in the pod is configured to run on port 9010). 

# The "-n <namespace>" is not needed if you set your default context
kubectl port-forward your-java-app-pod-name-xyz 9010:9010

Note: This command will block your terminal and must be left running for the entire duration of your JMX session. The output will confirm the connection is active.

Connect with a JMX Client

While the port-forward is running, open your preferred JMX client (such as JConsole or VisualVM).

  1. Select the option to connect to a remote process.
  2. For the connection address or service URL, enter: localhost:9010
  3. Do not specify a username or password unless the JMX service itself is configured to require them.

You should now be connected to the application's JVM, with access to its live performance metrics.

Retrieved from "https://wiki.jandzsogyorgy.hu/index.php?title=Connecting_to_a_Kubernetes_Pod_for_JMX_Debugging&oldid=338"