[bitnami/rabbitmq] Not able to connect to web-stomp web socket on port 15674

[alexsam75]

Name and Version

bitnami/rabbitmq:14.0.2

What architecture are you using?

amd64

What steps will reproduce the bug?

I followed the suggestions provided in this thread

#6427

in order to enable web-stomp plugin, add extra container ports, add extra service ports.
Everything is ok because If I do a port-forward from my laptop to the service on port 15674, I can connect to the web socket like a charm using the url: 127.0.0.1:15674/ws/

kubectl port-forward --namespace rabbitmq svc/opbg-rabbitmq 15674:15674 --kubeconfig=/Users/alexsam/mywork/opbg/opbg-sviluppo.yaml
Forwarding from 127.0.0.1:15674 -> 15674
Forwarding from [::1]:15674 -> 15674
Handling connection for 15674

To make the rabbitmq web socket available to clients outside of the cluster, I created an ingress in which I simply proxy the requests on the path /ws/ to the service on web-stomp port 15674.

spec:
  rules:
    - host: rabbitmq-dev.subdomain.it
      http:
        paths:
          - backend:
              service:
                name: opbg-rabbitmq
                port:
                  number: 15674
            path: /ws/
            pathType: Prefix

But I am not able to connect to the web socket anymore. The url I am trying is: rabbitmq-dev.subdomain.it/ws/

Consider that the ootb ingress created by helm, the one that I can use to access the management rabbitmq console, works fine.

I even used the suggestion at the bottom of the same thread 6427, and added an extra rule property to the helm values of the chart. In this case, the ingress created by Helm was:

spec:
  rules:
    - host: rabbitmq-dev.subdomain.it
      http:
        paths:
          - backend:
              service:
                name: opbg-rabbitmq
                port:
                  name: http-stats
            path: /
            pathType: ImplementationSpecific
    - host: stomp-rabbitmq-dev.subdomain.it
      http:
        paths:
          - backend:
              service:
                name: opbg-rabbitmq
                port:
                  name: stomp-ws
            path: /ws/
            pathType: ImplementationSpecific

But it's not working. In this case, I even created another entry in the DNS in order to have two different hostnames, resolved with the same IP.
At this point, I was thinking that there was something that it's not working or maybe I was missing something in the Ingress configuration.
So I made the last try, creating a service of type NodePort:

  ports:
    - name: webstomp-np
      nodePort: 30674
      port: 15674
      protocol: TCP
      targetPort: 15674

But it doesn't work like that either, trying to connect to the node on which the rabbitmq pod has been scheduled to start.

I am struggling with this from days.
Could you please tell me something more on this?

Thanks

Are you using any custom parameters or values?

1. added extra plugin

extraPlugins: rabbitmq_auth_backend_ldap rabbitmq_web_stomp

2. added extra container port:

extraContainerPorts:
      - containerPort: 15674
        name: stomp-ws

3. added extra port to the service

    service:
      extraPorts:
        - name: stomp-ws
          port: 15674
          protocol: TCP
          targetPort: stomp-ws

4. even added extra rules to the ingress

  extraRules:
    - host: stomp-rabbitmq-dev.subdomain.it
      http:
        paths:
          - backend:
              service:
                name: opbg-rabbitmq
                port:
                  name: stomp-ws
            path: /ws/
            pathType: ImplementationSpecific

What is the expected behavior?

To be able to connect to web socket exposed by RabbitMQ web-stomp plugin on port 15674, using an ingress.

Just to be precise, my K8s cluster is based on RKE2 distribution (k8s version is v1.27.10 +rke2r1).

What do you see instead?

When I try to connect to the web stomp service, I obtain a 504 Gateway timeout, in my opinion the ingress is not able to communicate with the service on that port.

Additional information

No response

[javsalgar]

Hi!

I believe that the issue lies in the network policy.

In the ingress section of the networkpolicy.yaml file, the ports should look like this:

  ingress:
    # Allow inbound connections to RabbitMQ
    - ports:
        - port: {{ .Values.containerPorts.epmd }}
        - port: {{ .Values.containerPorts.amqp }}
        - port: {{ .Values.containerPorts.amqpTls }}
        - port: {{ .Values.containerPorts.dist }}
        - port: {{ .Values.containerPorts.manager }}
        {{- range .Values.extraContainerPorts }}
        - port: {{ . }}
        {{- end }}
        {{- if .Values.metrics.enabled }}
        - port: {{ .Values.containerPorts.metrics }}
        {{- end }}

As you detected the issue, would you like to submit a PR adding that missing range?

[alexsam75]

Dear Javier,
thanks for your support. After having modified the network policy, I was then able to open the communication between the clients and the web-stomp socket on port 15674.

[ChrisRitchie]

@javsalgar I see this is still an issue so have created a PR with the changes you identified above.

[javsalgar]

Hi! Thank you so much!