Skip to content

Files

Latest commit

cunningtcunningt
Upgrade to spring-boot 3.4.7 (#222)
Jun 19, 2025
fa99a68 · Jun 19, 2025

History

History
This branch is 348 commits ahead of, 240 commits behind apache/camel-spring-boot-examples:main.

amq-cert-manager

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
src/main
src/main
Feb 17, 2025
README.adoc
README.adoc
Feb 17, 2025
pom.xml
pom.xml
Jun 19, 2025

README.adoc

AMQ broker operator with cert-manager operator - Spring Boot example

Abstract

This example shows how to work with a simple Apache Camel application using Spring Boot and Red Hat AMQ operator together with Red Hat cert-manager operator, the Camel application is deployed using openshift-maven-plugin

Introduction

The application uses Camel JMS component to connect the AMQ broker using 2-ways SSL, so the application and the broker trust each other before establishing the connection.

Requirements

Install cert-manager operator and AMQ broker operator (namespaced mode is enough)

How to run the example

First of all it is necessary to generate the SSL certificates; the cert-manager operator will generate those certificates and it will save the results on the proper secrets, then the AMQ broker operator and the application will use the secrets to configure the SSL context.

Create namespace

oc new-project amq-cert-manager

then install the AMQ operator in the namespace

Generate certificates

install the cert-manager operator then create cluster issuer, in the example we are going to use self-signed issuer but there are others supported issuer providers

cat <<EOF | oc apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: selfsigned-cluster-issuer
spec:
  selfSigned: {}
EOF

generate CA

cat <<EOF | oc apply -f -
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: amq-selfsigned-ca
  namespace: amq-cert-manager
spec:
  isCA: true
  commonName: amq-selfsigned-ca
  secretName: root-ca-secret
  privateKey:
    algorithm: ECDSA
    size: 256
  issuerRef:
    name: selfsigned-cluster-issuer
    kind: ClusterIssuer
    group: cert-manager.io
EOF

create issuer using the CA, this issuer will use to generate application and AMQ certificates

cat <<EOF | oc apply -f -
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: amq-ca-issuer
  namespace: amq-cert-manager
spec:
  ca:
    secretName: root-ca-secret
EOF

create AMQ keystore password

oc create secret generic amq-keystore-secret -n amq-cert-manager --from-literal=password=supersecret

generate AMQ certificate, note that the commonName and dnsNames depends on the service generated by the AMQ broker operator

cat <<EOF | oc apply -f -
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: amq-ssl
  namespace: amq-cert-manager
spec:
  secretName: amq-ssl-tls
  duration: 2160h
  renewBefore: 360h
  commonName: amq-broker-hdls-svc
  dnsNames:
  - amq-broker-hdls-svc
  - amq-broker-hdls-svc.amq-cert-manager.svc.cluster.local
  issuerRef:
    name: amq-ca-issuer
    kind: Issuer
    group: cert-manager.io
  keystores:
    jks:
      create: true
      passwordSecretRef:
        key: password
        name: amq-keystore-secret
EOF

create app keystore password

oc create secret generic app-keystore-secret -n amq-cert-manager --from-literal=password=anothersecret

generate application certificate

cat <<EOF | oc apply -f -
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: app-ssl
  namespace: amq-cert-manager
spec:
  secretName: app-ssl-tls
  duration: 2160h
  renewBefore: 360h
  commonName: camel-example-spring-boot-amq-cert-manager
  dnsNames:
  - camel-example-spring-boot-amq-cert-manager
  - camel-example-spring-boot-amq-cert-manager.amq-cert-manager.svc.cluster.local
  issuerRef:
    name: amq-ca-issuer
    kind: Issuer
    group: cert-manager.io
  keystores:
    jks:
      create: true
      passwordSecretRef:
        key: password
        name: app-keystore-secret
EOF

Deploy AMQ broker

deploy the instance managed by the operator, configuring 2-way SSL using the previously generated certificates

cat <<EOF | oc apply -f -
apiVersion: broker.amq.io/v1beta1
kind: ActiveMQArtemis
metadata:
  name: amq-broker
  namespace: amq-cert-manager
spec:
  acceptors:
    - name: artemis
      port: 61616
      sslEnabled: true
      sslSecret: amq-ssl-tls
      needClientAuth: true
  brokerProperties:
    - acceptorConfigurations.artemis.params.trustStorePath=/etc/amq-ssl-tls-volume/truststore.jks
  console:
    expose: true
  deploymentPlan:
    image: placeholder
    jolokiaAgentEnabled: false
    journalType: nio
    managementRBACEnabled: true
    messageMigration: false
    persistenceEnabled: false
    requireLogin: true
    size: 1
EOF

Deploy the application

the application is deployed using openshift-maven-plugin, configuring the custom deployment to retrieve values from the secrets

mvn clean install -P openshift

to test the application, the rest endpoint can be called so that a text message will be added in the queue and then consumed by the Camel JMS component

curl -X POST "http://$(oc get route -n amq-cert-manager camel-example-spring-boot-amq-cert-manager -o go-template --template='{{.spec.host}}')/jms" -d "hello world" -H "Content-Type: text/plain"

to verify the message has been sent and consumed there should be a log message like this one:

oc logs -n amq-cert-manager -l app=camel-example-spring-boot-amq-cert-manager | grep -P '(?=.*jms-receive-message.*)(?=.*Body.*)'
2025-02-14T14:47:27.464Z  INFO 1 --- [nsumer[example]] jms-receive-message                      : Exchange[ExchangePattern: InOut, BodyType: byte[], Body: hello world]

Using Camel components

Apache Camel provides 200+ components which you can use to integrate and route messages between many systems and data formats. To use any of these Camel components, add the component as a dependency to your project.

Help and contributions

If you hit any problem using Camel or have some feedback, then please let us know.

We also love contributors, so get involved :-)

The Camel riders!