apache · kenliao94 · Nov 24, 2025 · Nov 25, 2025 · Nov 25, 2025 · Nov 26, 2025
diff --git a/activemq-helm-chart/Chart.yaml b/activemq-helm-chart/Chart.yaml
@@ -0,0 +1,15 @@
+apiVersion: v2
+name: activemq
+description: A Helm chart for Apache ActiveMQ
+type: application
+version: 1.0.0
+appVersion: "latest"
+keywords:
+  - activemq
+  - message queue
+  - messaging
+home: https://activemq.apache.org
+sources:
+  - https://github.com/apache/activemq
+maintainers:
+  - name: activemq
diff --git a/activemq-helm-chart/README.md b/activemq-helm-chart/README.md
@@ -0,0 +1,138 @@
+# ActiveMQ Helm Chart
+
+A Helm chart for deploying Apache ActiveMQ on Kubernetes.
+
+## Introduction
+
+This chart bootstraps an ActiveMQ deployment on a Kubernetes cluster using the Helm package manager.
+
+## Prerequisites
+
+- Kubernetes 1.19+
+- Helm 3.0+
+- PV provisioner support in the underlying infrastructure (if persistence is enabled)
+
+## Installing the Chart
+
+To install the chart with the release name `my-activemq`:
+
+```bash
+helm install my-activemq .
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-activemq` deployment:
+
+```bash
+helm uninstall my-activemq
+```
+
+## Configuration
+
+The following table lists the configurable parameters of the ActiveMQ chart and their default values.
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `replicaCount` | Number of replicas | `1` |
+| `image.repository` | ActiveMQ image repository | `apache/activemq-classic` |
+| `image.tag` | ActiveMQ image tag | `latest` |
+| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
+| `auth.username` | ActiveMQ admin username | `admin` |
+| `auth.password` | ActiveMQ admin password | `changeme` |
+| `service.type` | Kubernetes service type | `ClusterIP` |
+| `service.port` | OpenWire service port | `61616` |
+| `service.webConsolePort` | Web Console port | `8161` |
+| `persistence.enabled` | Enable persistence using PVC | `false` |
+| `persistence.storageClass` | PVC Storage Class | `""` |
+| `persistence.accessMode` | PVC Access Mode | `ReadWriteOnce` |
+| `persistence.size` | PVC Storage Request | `8Gi` |
+| `resources.limits.cpu` | CPU limit | `1000m` |
+| `resources.limits.memory` | Memory limit | `2Gi` |
+| `resources.requests.cpu` | CPU request | `500m` |
+| `resources.requests.memory` | Memory request | `1Gi` |
+| `livenessProbe.enabled` | Enable liveness probe | `true` |
+| `readinessProbe.enabled` | Enable readiness probe | `true` |
+| `ingress.enabled` | Enable ingress | `false` |
+| `config.activemqXmlPath` | Path to custom activemq.xml file | `""` |
+| `config.jettyXmlPath` | Path to custom jetty.xml file | `""` |
+| `tls.enabled` | Enable TLS/SSL | `false` |
+| `tls.keystoreSecret` | Kubernetes secret containing broker.ks | `""` |
+| `tls.truststoreSecret` | Kubernetes secret containing broker.ts | `""` |
+| `tls.sslPort` | OpenWire SSL port | `61617` |
+| `tls.webConsoleSslPort` | Web Console SSL port | `8162` |
+
+## Accessing ActiveMQ
+
+### Web Console
+
+The ActiveMQ Web Console is accessible on port 8161. To access it locally:
+
+```bash
+kubectl port-forward svc/my-activemq 8161:8161
+```
+
+Then open http://localhost:8161 in your browser and login with the configured credentials.
+
+### OpenWire Connection
+
+Applications can connect to ActiveMQ on port 61616 using the service name:
+
+```
+tcp://my-activemq:61616
+```
+
+## Custom Configuration
+
+To use custom configuration files, place your files in the chart directory and specify the paths:
+
+```yaml
+config:
+  activemqXmlPath: "my-activemq.xml"
+  jettyXmlPath: "my-jetty.xml"
+```
+
+## Persistence
+
+The ActiveMQ image stores data at the `/opt/apache-activemq/data` path of the container.
+
+By default, the chart mounts a Persistent Volume at this location. The volume is created using dynamic volume provisioning.
+
+## TLS Configuration
+
+To enable TLS/SSL connections, you need to create Kubernetes secrets containing your keystore and truststore files.
+
+### Generate Test Certificates (for development)
+
+```bash
+# Generate keystore
+keytool -genkey -alias broker -keyalg RSA -keystore broker.ks \
+  -storepass changeit -keypass changeit \
+  -dname "CN=localhost, OU=Test, O=Test, L=Test, ST=Test, C=US"
+
+# Export certificate
+keytool -export -alias broker -keystore broker.ks \
+  -file broker.cert -storepass changeit
+
+# Create truststore
+keytool -import -alias broker -keystore broker.ts \
+  -file broker.cert -storepass changeit
+```
+
+### Create Kubernetes Secrets
+
+```bash
+kubectl create secret generic activemq-keystore --from-file=broker.ks
+kubectl create secret generic activemq-truststore --from-file=broker.ts
+```
+
+### Install with TLS Enabled
+
+```bash
+helm install my-activemq . \
+  --set tls.enabled=true \
+  --set tls.keystoreSecret=activemq-keystore \
+  --set tls.truststoreSecret=activemq-truststore
+```
+
+**Note:** When TLS is enabled, only SSL/TLS ports are exposed. Non-TLS ports are not available.
diff --git a/activemq-helm-chart/activemq_sample.xml b/activemq-helm-chart/activemq_sample.xml
@@ -0,0 +1,130 @@
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<!-- START SNIPPET: example -->
+<beans
+  xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+  http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
+
+    <!-- Allows us to use system properties as variables in this configuration file -->
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+        <property name="locations">
+            <value>file:${activemq.conf}/credentials.properties</value>
+        </property>
+    </bean>
+
+    <!--
+        The <broker> element is used to configure the ActiveMQ broker.
+    -->
+    <broker xmlns="http://activemq.apache.org/schema/core" brokerName="localhost" dataDirectory="${activemq.data}">
+
+        <destinationPolicy>
+            <policyMap>
+              <policyEntries>
+                <policyEntry topic=">" >
+                    <!-- The constantPendingMessageLimitStrategy is used to prevent
+                         slow topic consumers to block producers and affect other consumers
+                         by limiting the number of messages that are retained
+                         For more information, see:
+
+                         http://activemq.apache.org/slow-consumer-handling.html
+
+                    -->
+                  <pendingMessageLimitStrategy>
+                    <constantPendingMessageLimitStrategy limit="1000"/>
+                  </pendingMessageLimitStrategy>
+                </policyEntry>
+              </policyEntries>
+            </policyMap>
+        </destinationPolicy>
+
+
+        <!--
+            The managementContext is used to configure how ActiveMQ is exposed in
+            JMX. By default, ActiveMQ uses the MBean server that is started by
+            the JVM. For more information, see:
+
+            http://activemq.apache.org/jmx.html
+        -->
+        <managementContext>
+            <managementContext createConnector="false"/>
+        </managementContext>
+
+        <!--
+            Configure message persistence for the broker. The default persistence
+            mechanism is the KahaDB store (identified by the kahaDB tag).
+            For more information, see:
+
+            http://activemq.apache.org/persistence.html
+        -->
+        <persistenceAdapter>
+            <kahaDB directory="${activemq.data}/kahadb"/>
+        </persistenceAdapter>
+
+
+          <!--
+            The systemUsage controls the maximum amount of space the broker will
+            use before disabling caching and/or slowing down producers. For more information, see:
+            http://activemq.apache.org/producer-flow-control.html
+          -->
+          <systemUsage>
+            <systemUsage>
+                <memoryUsage>
+                    <memoryUsage percentOfJvmHeap="70" />
+                </memoryUsage>
+                <storeUsage>
+                    <storeUsage limit="100 gb"/>
+                </storeUsage>
+                <tempUsage>
+                    <tempUsage limit="50 gb"/>
+                </tempUsage>
+            </systemUsage>
+        </systemUsage>
+
+        <!--
+            The transport connectors expose ActiveMQ over a given protocol to
+            clients and other brokers. For more information, see:
+
+            http://activemq.apache.org/configuring-transports.html
+        -->
+        <transportConnectors>
+            <!-- DOS protection, limit concurrent connections to 1000 and frame size to 100MB -->
+            <transportConnector name="openwire" uri="tcp://0.0.0.0:61616?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
+            <transportConnector name="amqp" uri="amqp://0.0.0.0:5672?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
+            <transportConnector name="stomp" uri="stomp://0.0.0.0:61613?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
+            <transportConnector name="mqtt" uri="mqtt://0.0.0.0:1883?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
+            <transportConnector name="ws" uri="ws://0.0.0.0:61614?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
+        </transportConnectors>
+
+        <!-- destroy the spring context on shutdown to stop jetty -->
+        <shutdownHooks>
+            <bean xmlns="http://www.springframework.org/schema/beans" class="org.apache.activemq.hooks.SpringContextHook" />
+        </shutdownHooks>
+
+    </broker>
+
+    <!--
+        Enable web consoles, REST and Ajax APIs and demos
+        The web consoles requires by default login, you can disable this in the jetty.xml file
+
+        Take a look at ${ACTIVEMQ_HOME}/conf/jetty.xml for more details
+    -->
+    <import resource="jetty.xml"/>
+
+</beans>
+<!-- END SNIPPET: example -->
diff --git a/activemq-helm-chart/templates/NOTES.txt b/activemq-helm-chart/templates/NOTES.txt
@@ -0,0 +1,39 @@
+1. Get the ActiveMQ Web Console URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "activemq.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo {{ if .Values.tls.enabled }}https{{ else }}http{{ end }}://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "activemq.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "activemq.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo {{ if .Values.tls.enabled }}https{{ else }}http{{ end }}://$SERVICE_IP:{{ if .Values.tls.enabled }}{{ .Values.tls.webConsoleSslPort }}{{ else }}{{ .Values.service.webConsolePort }}{{ end }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "activemq.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[1].containerPort}")
+  echo "Visit {{ if .Values.tls.enabled }}https://127.0.0.1:{{ .Values.tls.webConsoleSslPort }}{{ else }}http://127.0.0.1:{{ .Values.service.webConsolePort }}{{ end }} to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME {{ if .Values.tls.enabled }}{{ .Values.tls.webConsoleSslPort }}{{ else }}{{ .Values.service.webConsolePort }}{{ end }}:$CONTAINER_PORT
+{{- end }}
+
+2. Login credentials:
+   Username: {{ .Values.auth.username }}
+   Password: {{ .Values.auth.password }}
+
+3. To connect to ActiveMQ from applications:
+{{- if .Values.tls.enabled }}
+   Connection URL: ssl://{{ include "activemq.fullname" . }}:{{ .Values.tls.sslPort }}
+{{- else }}
+   Connection URL: tcp://{{ include "activemq.fullname" . }}:{{ .Values.service.port }}
+{{- end }}
+
+{{- if .Values.tls.enabled }}
+4. TLS is enabled. Ensure you have created the required secrets:
+   - Keystore secret: {{ .Values.tls.keystoreSecret }}
+   - Truststore secret: {{ .Values.tls.truststoreSecret }}
+{{- end }}
diff --git a/activemq-helm-chart/templates/_helpers.tpl b/activemq-helm-chart/templates/_helpers.tpl
@@ -0,0 +1,49 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "activemq.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+*/}}
+{{- define "activemq.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "activemq.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "activemq.labels" -}}
+helm.sh/chart: {{ include "activemq.chart" . }}
+{{ include "activemq.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "activemq.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "activemq.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}