Kong-Ingress: avoid TLS duplication in other ingresses - lets-encrypt

I've followed Kongs Guide for using the cert-manager and it works great out of the box. I've installed the demo server for path '/' of "my.domain.com" with cert-manager annotations and TLS spec. I realized when I add other ingresses, e.g. "/api" within "my.domain.com", I don't need to repeat myself, with ingress annotations, TLS spec, hostname etc. This stopped working, as soon as I removed the demo server from '/'.
Is it possible to specify default annotations / TLS spec for ingresses without having a 'defaultBackend' ?
I'm new to setting up k8s - so I might miss something obvious.

Related

HealthCheck in MassTransit say Not ready: not started

Using AddMassTransitHostedService a healthcheck configuration is added, but it always report unhealth even after I configured the endpoints as in the example. My project is a WebApi where I don't have my consumers in a separated startup.
You're using AddBus, which has been deprecated in favor of UsingRabbitMQ in v7.
When using AddBus, you have to configure the health check manually (it is done automatically when using the new v7 syntax). The previous syntax documentation shows how to configure it, in short:
cfg.UseHealthCheck(context);
Must be added so that the health checks are reported to the hosted service.

When Instrumenting Zuul gateway with Jaeger, all routes marked GET

I am using Zuul as an api-gateway in a spring-cloud micro-service app, so that every access to api-gateway/some-service/a_route is redirected to /a_route in a generic way (the discovery is backed by consul).
I am trying to use Jaeger to instrument this system. And at this point I am using opentracing-spring-web-autoconfigure, because I cannot upgrade my spring boot/cloud version easily (I am using1.4.5.RELEASE Camden.SR7). So I just added the dependency, created the Jaeger tracer and redirect it to the docker all in one collector.
I have begin by instrumenting the gateway and It somewhat works => It generate span on the gateway, but all the route are marked :
apigateway-service: GET
and there is no information concerning the forwarded route at this level, the full route itself is store in a tag : http.url
"http://localhost:8080/collection-service/collections/projects/"
To be useful I would prefer to have span named :
apigateway-service: GET collection-service/collections/projects/
Can this be configured somewhere ?
No, it cannot, but it wouldn't hurt to open an issue there with this suggestion.

Linux: Hostname to Spring Cloud Web Application not recognized

I have a development environment in windows where I can access the spring build in both IP Address and Hostname(PC-Name) for my Eureka Config Server / Client. When I move it to the RedHat environment it does not recognize the URL if it is a hostname.
My main goal is to change the eureka client status page to point to the hysterix monitor for the eureka client's hysterix stream. The value of ${spring.cloud.client.hostname} resolves to the hostname. I was wondering what is the way to make it the current IP of the eureka client?
To be exact here is an example of what I want am trying to do.
eureka:
instance:
preferIPAddress: true
statusPageUrlPath: http://${spring.cloud.client.hostname}:${eureka.cloud.config.port}/hystrix/monitor?stream=http%3A%2F%2F${spring.cloud.client.hostname}%3A${server.port}%2Factuator%2Fhystrix.stream
It just so happen that the client and the server are both in the same machine so I am contented in using the client hostname for both the Eureka Config Server path and the Eureka Client hystrix stream.
Note that I already set the preferIPAddress to true but the generated hostname is still the value of "/etc/hostname". I saw some solution that explicitly specifies the IP Address in the Eureka Client Instance. But I prefer to make it dynamic so that the same code can run smoothly on either Development and Deploy environment.
What can I do so that the hostname can also be recognized the same as the ip address?
The answer has dawn upon me just now. I just changed the following to this.
${spring.cloud.client.hostname}
↓↓↓↓↓↓↓↓↓↓↓↓
${spring.cloud.client.ip-address}
I was thrown to a wrong conclusion because other sites would tell me to use this configuration ${spring.cloud.client.ipAddress} which does not work.
Probably there was a change in Finchley / Spring boot 2.0 version. If anyone can give me a link to a documentation or discussion describing the configuration change, it would be helpful.

Wildfly Swarm Consul

I am trying to register a Wildfly Swarm REST service to a running Consule agent, but it's not working correctly.
I am able to register a service (I can see it in the Consul ui), but somehow the health checks are not working.
The Swarm Server keeps frequently telling me, that "sending the check" failed due to "HTTP 405 Method not allowed". I can see simular logs in the Consule console, that GET method is not allowed.
I am at a dead end: My application is not working, nor does the Wildfly Swarm example (same exception). I also configured a CORS filter on both sides just to be sure, but thats not working either.
I am using Wildfly Swarm 2017.10.1 and Consul 1.0.0.
I hope you guys can help.
Best regards
I figured it out myself. Obviously, it wasn't that hard ^^
I checked the version of the Consul Client API which is used for my Wildfly Swarm version: It's 0.9.16. I've downloaded all Consul versions and checked which one are compatible. I can verify that all versions up to 0.9.3 are working.
Consul 1.0.0 has some very critical breaking changes and I really don't understand why they were not implemented in a HTTP API v2, but thats not the point here.
I highly recommend to upgrade the Consul Client API used by the topology-consul fraction to a newer version like 0.16.5 or 0.17.0.
At least, please add a note in the README for the ribbon-consul example what Consul versions can be used.

How do I configure SSL, username and password for Spring Boot Artemis on application.properties?

I'm using Spring Boot 1.3.1 and I can auto-configure my JMS components through application.properties.
As I'm using Artemis as my message broker, I'm using spring-boot-starter-artemis, and as states the documentation in this link, all I have to do is replace the spring.hornetq.* properties and place spring.artemis.* instead.
The problem is that it doesn't show how to configure the username, password and SSL configuration for HornetQ/Artemis. I configured Artemis to use SSL and user/pass authentication like it's shown in here.
Does anyone know what properties can I state to add SSL and user/pass?
Thanks!
Okay, currently the Artemis Spring Boot starter is very basic, it really doesn't support clusters, SSL or client authentication.
Doing a quick look at the starter's source code in GitHub, in the ArtemisConnectionFactoryFactory.java file, at lines 127 and onwards, I will have to add the TransportConstants necessary to configure SSL, authentication, etc.
An example of a more complete connection configuration is in Artemis' test source code, in CoreClientOverTwoWaySSLTest.java, on lines 178 and onwards, there is a really complete connection setup, so to contribute, I have to change the Artemis auto-configuration properties to take the new property options, and add them all to ArtemisConnectionFactoryFactory.java following the example in CoreClientOverTwoWaySSLTest.java
I'll do a fork on the starter, make the modifications, and figure out what bureaucracy is needed to submit a pull request and get it accepted on spring-boot.
Spring Boot does not support such arrangement. Not everything should happen via properties if you ask me but in any case a good way to find out is asking your IDE to auto-complete the keys for that namespace (you'll quickly find out there is nothing related to SSL and security in there). If you don't use an IDE, this appendix should help

Resources