i want to integrate the vault on my java micro-service, it has been already integrated for other services in the project . i want to know what are the actions that i have to perform for integrationg it .. currently the steps that i thought for integration are..
1. add the dependency on pom.xml
2. add the key on vault server (dashboard)
3. add this on application.yml
spring.cloud.vault:
host: localhost
port: 8200
scheme: https
uri: https://localhost:8200
connection-timeout: 5000
read-timeout: 15000
config:
spring.config.import: vault://
i want to know these were the only steps for integration or somethings more i have to do
Related
I created a microservices infrastructure on Kubernetes (version: 1.20.9-gke.1001) on Google Cloud Platform using the Spring Cloud.
First I created the following deployments: Eureka (service discovery), Zuul (API Gateway), Zipkin (Distributed tracing system), User Service and Auth Service.
Then I created the following services: eureka-service with “Cluster IP” type which allows other pods to connect to Eureka, zipkin-service with “Cluster IP” type which allows other pods to connect to Zipkin and loadbalancer-service with “External load balancer” type which is connected to the Zuul.
Finally I tried to create an Ingress using the attached yaml file but at every request I tried to execute, I received the following error: “response 404 (backend NotFound), service rules for the path non-existent”. While if I try to invoke the APIs using the external IP of the loadbalancer-service the backend works correctly.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: project-ingress
annotations:
kubernetes.io/ingress.class: "gce"
spec:
rules:
- host: project.test.com
http:
paths:
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: loadbalancer-service
port:
number: 8765
Do you have any idea why the Ingress is not working?
Also I would need to expose the services with HTTPS, could you kindly explain to me how to use an existing security certificate in the Ingress?
Thanks, this is my first experience with Kubernetes and of course any advice on how to improve the infrastructure is welcome.
I created a simple micronaut app in my local with 'consul-config' feature. My code can able to connect and get properties from consul key/value store. I have below configuration in my bootstrap.yml
micronaut:
application:
name: user-service
config-client:
enabled: true
consul:
client:
registration:
enabled: true
defaultZone: "${CONSUL_HOST:localhost}:${CONSUL_PORT:8500}"
Everything is fine but I don't want to use consul in my local computer, because since it involves the network activity so startup takes sometime. I want to avoid consul in local but I need it in dev, test and prod environments.
I have below code in my app. #Value annotation will try to load 'db-schema' and if it not founds then uses 'local' as default value. So if consul is disabled then my app should use 'local' else it should load values based on consul configuration.
#Value("${db-schema:local}")
private String dbSchema;
How I can do this with out code changes and only with environment options?
I tried setting VM option '-Dmicronaut.config-client.enabled=false' but still it loads bootstrap.yml and trying to connect consul.
There are a number of ways you can do it. One is to create a file like src/main/resources/application-local.yml which contains the following:
consul:
client:
registration:
enabled: false
And in your local environment export MICRONAUT_ENVIRONMENTS=local.
I deployed a Spring Boot app on AWS Elastic Beanstalk. I am facing a 502 Bad Gateway error. I cannot find anything useful from the logs
/var/log/nginx/error.log
2019/02/10 02:12:54 [error] 3257#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: ...., server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:5000/", host: "...."
I do not have any html files for front-end. I just want to upload deploy the api to share the documentation from swagger ui.
It's because server is listening to 5000, Adding "server.port=5000" to application.properties fixed the issue.
This happens because the application load balancer by default points to the Port 80 of the nginx server in EC2 instance. The nginx is configured to forward requests to Port 5000 by default, whereas out application server runs on Port 8080.
Default Nginx Configuration
Expected Nginx Configuration
This can be fixed using an environment property named PORT and pointing it to 8080
Go to configuration > Environment Properties and add the property
Refer AWS Document: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/java-se-nginx.html
Another option to fix this is to point application load balancer to the application server port(8080) directly instead of the nginx(80.
You can configure 8080 as the process port.
Another way to fix this would be to set port to 5000 in the spring boot application by using server.port property.
My issue was my Java version didn't match the platform I'm running with Elastic Beanstalk, even tho my server.port was on 5000. My Java version was 11, and my platform was only Java 8 for Amazon Linux. So changing it to 8 in my base pom.xml fixed it.
Basic question so just want to ensure I understand it all correctly.
I have created a discovery server:
#SpringBootApplication
#EnableEurekaServer
public class DisocveryServiceApplication {
public static void main(String[] args) {
SpringApplication.run(DisocveryServiceApplication.class, args);
}
and registered microservices with it successfully; If I hit localhost:8761 I can see my discovery service has found the microservices. The microservices run fine if i hit them on their designated port. For example, I have one called creds and if i hit localhost:9000 it returns. However, My understanding is I should now be able to hit localhost:8761/creds and it will show the same output but this isnt working.
Am I misunderstanding? Any suggestions on what I should try?
creds bootstrap.yml:
spring:
application:
name: creds
creds application.yml
server:
port: 9000
eureka:
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka/
discover application.yml
server:
port: ${PORT:8761}
eureka:
client:
registerWithEureka: false
fetchRegistry: false
server:
waitTimeInMsWhenSyncEmpty: 0
Another #EnableEurekaClient annotated Spring boot webservice can access your creds webservice by using an injected RestTemplate with http://creds/..., where creds is the spring.application.name registered with Eureka.
If you want to access the creds webservice from the outside of your web application, then what you want is a proxy like Zuul http://github.com/Netflix/zuul.
Just registering micro service to Eureka server wont make sure that you can access the microservice under a gateway. Eureka Server is not a gateway server , its just a service registry. You can think Eureka as just one more service that holds information about all the other services in the cluster. It doesnt do anything extra other than getting information to the Clients registered.
You may need a Gateway service for routing your request under the Eureka Server. Zuul Proxy routes a request coming to it to the under lying microservices using its service id or the URL configured.
Add this dependency in your classpath.
dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-zuul</artifactId>
<version>1.0.4.RELEASE</version>
</dependency>
Add this config in your properties filezuul:
routes:
serv1:
path: /serv1/**
serviceId: http://localhost:8080/serv1
serv2:
path: /serv2/**
serviceId: serv2
This will create a dynamic router that routes your request to appropriate service instances. This also provides a server end load balancer for your services
I'm trying to use Port 80 as a non-root user and I've seen the discussions about using IP Tables but I'd like to use the tomcat configuration files to be able to modify these bindings. There is an option for AUTHBIND that allows using ports <1024 but I have no idea where the Spring tomcat files are located... There is no tomcat service running when I start my Spring process so where is the Spring tomcat server actually located? Where can I see the configuration files etc?
I think you have a wrong approach. I don't recommand you to try to use HTTP port 80 directly.
A good practice is to use Apache HTTP Server redirection or alias :
Here's a tutorial
Explaination :
You will start your Tomcat with "classic" port (such as 8080 or 9080 or anything else over 1024). Then, you will configure your Apache server to redirect HTTP request from HTTP port 80 to your Tomcat server.
Do follow steps:
1. Go to your application.properties if it doesn't exist.
2. Create a application.properties inside src/main/resources folder.
example->/src/main/resources/application.properties
3. Simply add this property server.port = 80 or if you want it to be random do server.port = 0