The consul server agent will be run in google cloud and the consul client is just some hardware that can start spring boot small app as a consul client. This hardware can be located anywhere and can be under any firewall so from the consul server I can't request hardware for getting health checks instead, I can request to consul server from hardware. So all I have is only one whay from consul client to server.
Related
I have a eureka server running on test server and multiple services registers from test server to this eureka server.
Now problem is sometimes developers also connect their local microservice instance for some service to eureka. Due to this it shows multiple instances for that service on eureka and load balancer starts sending request to local servers as well from feign client. That causes issues in testing as test server is not able to connect local developers machine in feign client calls.
I instructed developers to set eureka.client.register-with-eureka=false from local but still if someone connects how can I stop that. Is there a way that eureka server registers only from specific IP (test server ip)? Or any other solution to prevent this problem?
For the services that you don;t want them to register, remove #EnableDiscoveryClient from the services. #EnableDiscoveryClien lives in spring-cloud-commons and picks the implementation on the classpath. This will stop your services from getting discovered but then you won;t be able to make the Feign calls to other services and take the benefit of load balancing your calls.
We have a Service Mesh with Eureka Server and multiple Services implemented with Eureka Client.
Updated Network Diagram
Show Network Diagram
The service MY-SERVICE is going to be installed in a DMZ (open.net), without direct access to the Servers in the Intranet (closed.net). There is a Relay configured in the firewall to reach an Apache Load Balancer in the Intranet. This Load Balancer has several mod_proxy entries for each Service in the Service Mesh, which can be reached via the URLs https://loadbalancer/
Now I can call any of these Services through the Apache Load Balancer behind the Firewall via https://loadbalancer/SERVICE-EUREKA/eureka/, https://loadbalancer/SERVICE-OAUTH/ and https://loadbalancer/SERVICE-I-NEED (running on server1.closed.net and server2.closed.net)
I can configure my Eureka Client in its application.properties to query the Eureka Service Registry and the OAuth Service just through the Proxy/Load Balancer.
eureka.client.serviceUrl.defaultZone=https://loadbalancer/SERVICE-EUREKA/eureka/
security.oauth2.client.access-token-uri=https://loadbalancer/SERVICE-OAUTH/oauth/token
security.oauth2.client.user-authorization-uri=https://loadbalancer/SERVICE-OAUTH/oauth/authorize
The problem I have is that the Eureka Service Registry response contains server names behind the Load Balancer, which I cannot reach from the Client.
<application>
<name>SERVICE-I-NEED</name>
<instance>
<instanceId>server1.close.net:service-i-need:8765</instanceId>
<hostName>server1.close.net</hostName>
<app>SERVICE-I-NEED</app>
<ipAddr>172.0.0.1</ipAddr>
<status>UP</status>
<overriddenstatus>UNKNOWN</overriddenstatus>
<port enabled="false">8765</port>
<securePort enabled="true">8765</securePort>
<countryId>1</countryId>
<dataCenterInfo class="com.netflix.appinfo.InstanceInfo$DefaultDataCenterInfo">
<name>ClosedNet</name>
</dataCenterInfo>
<leaseInfo>
<renewalIntervalInSecs>30</renewalIntervalInSecs>
<durationInSecs>90</durationInSecs>
<registrationTimestamp>1596457250179</registrationTimestamp>
<lastRenewalTimestamp>1596807396087</lastRenewalTimestamp>
<evictionTimestamp>0</evictionTimestamp>
<serviceUpTimestamp>1596457250179</serviceUpTimestamp>
</leaseInfo>
<metadata>
<management.context-path>/actuator</management.context-path>
<management.port>8765</management.port>
</metadata>
<homePageUrl>http://server1.close.net:8765/</homePageUrl>
<statusPageUrl>http://server1.close.net:8765/actuator/info</statusPageUrl>
<healthCheckUrl>http://server1.close.net:8765/actuator/health</healthCheckUrl>
<secureHealthCheckUrl>https://server1.close.net:8765/actuator/health</secureHealthCheckUrl>
<vipAddress>service-i-need</vipAddress>
<secureVipAddress>service-i-need</secureVipAddress>
<isCoordinatingDiscoveryServer>false</isCoordinatingDiscoveryServer>
<lastUpdatedTimestamp>1596457250179</lastUpdatedTimestamp>
<lastDirtyTimestamp>1596457247478</lastDirtyTimestamp>
<actionType>ADDED</actionType>
...
How do I rewrite the metadata in the Eureka Service Registry response to my Discovery request to be valid for my service MY-SERVICE in the DMZ so that the subsequent Connect to the service SERVICE-I-NEED is also performed via the correct Gateway URL on the loadbalancer ?
How do I configure my Eureka Client to reach the Eureka Service behind the Load Balancer ?
I think that a Zuul Proxy behind the Load Balancer could be a possible solution to reach the SERVICE-I-NEED, but I am not sure how this would be setup.
I am trying to set up a zuul proxy server which will act as a gateway service for other apis in my microservice architecture.
So far all the tutorials that I have come across have the discovery client and zuul proxy set up in different gradle modules while I am trying to set them up in the same gradle module.
I have defined the routes and can see that my services have been successfully registered in the eureka dashboard.
I have also verified that I can ping the services using a discovery client from my gatekeeper service but whenever I try to access the services from the URL, I get
"Load balancer does not have available server for client:xyz"
exception.
Can somebody please help me setting this up?
I'm trying to create a microservices architecture based on consul for discovery and fabio for load balancer.
Basically what I want to do is use consul to discovery some backend and frontend services and a database service.
I already have my services running and health checked so fabio can sees them but I'm trying to interact with them.
The main idea is use the consul DNS to establish a connection between front back and database and then expose the Fabio to balance the instances of each microservice.
In which case I have no idea on how to use consul's DNS to connect my back and database through Fabio so I can Balance my own microservices connection.
I'm attempting to establish a discovery server with spring cloud Eureka which needs to connect to a secured client. I understand how to secure the Eureka sever itself - that isn't the issue. The issue is in the other direction - how to get Eureka to successfully communicate with a client service that itself is secured.
In other words; I have a discovery client that registers itself with Eureka. That client implements http basic authentication. It can and does successfully register itself with the discovery service, however when I attempt to utilize that service with a lookup to the discovery service, I get authentication failures (on the client service itself) which of course makes sense because I haven't specified any credentials anywhere and have no idea how to do so. Any assistance would be greatly appreciated.
Guessing from your tags you are using spring-cloud.
When you use your service (with RestTemplate or Feign or manually looking up and interacting with it), your request has nothing to do with Eureka. Eureka only provides you information about your services whereabouts. Once you (or some undelying logic) obtained the address of the service, you are directly communicating with it.