I've enabled liveness and readiness endpoints using Spring Boot actuator (v2.6.1)
What I have is the following config:
management
endpoint:
health:
enabled: true
probes:
enabled: true
group:
readiness:
include: readinessStateProbeIndicator
exploratory:
include:
- livenessState
- readinessState
- ping
show-details: always
health:
enabled: true
probes:
livenessstate:
enabled: true
readinessstate:
enabled: true
Probably endpoint.health.enabled, endpoint.health.group.explotatory... are not required but I set it because I've seen it for some working solution, but I don't think there will affect if are not needed.
What I have read, but not in official docs, is that this endpoints are not available in a local deployment (running the application). Is this the reason why I'm getting 404 when I try to call http://localhost:8080/actuator/health/readiness and /actuator/health/liveness or I'm missing something?
I checked some posts like this but it seems management.health.enabled has been deprecated and management.endpoint.health.probes.enabled should be enough.
Thanks
This is the setting I was looking for, and it works fine on localhost:
endpoint:
health:
probes:
enabled: true
enabled: true
Related
We are in process of migrating spring boot 3 from 2.7.7(We did an incremental upgrade from 2.6.8 to 2.7.7 and then to 3.0.0). We have almost got our application working except for the secrets are not read from the vault after migrating to Spring Boot 3 - Getting an error - This method requires either a Token (spring.cloud.vault.token) or a token file at ~/.vault-token. The vault integration worked perfectly fine in the previous version of 2.6.8.
**Specifications - **
JDK - 17
Spring boot - 3.0.0
Spring Cloud - 2022.0.0
spring-cloud-starter-vault-config - 4.0.0
**bootstrap.yml - **
bootstrap.yml: |-
spring:
cloud:
vault:
enabled: true
host: pvault.dummy.local
port: 8200
uri: https://localhost:8200
scheme: https
namespace: rpp
authentication: KUBERNETES
generic:
enabled: false
kv:
enabled: true
backend: kv
profile-separator: '/'
application-name: path1/couchbase
ssl:
trust-store: classpath:config/vault-truststore.p12
trust-store-password: password
#trust-store-type: JKS
kubernetes:
role: b2c-isp-bss-role
kubernetes-path: path1
service-account-token-file: /var/run/secrets/kubernetes.io/serviceaccount/token
application.yml -
application.yml: |-
spring:
cloud:
bootstrap:
enabled: true
The migration guide does not suggest any change w.r.t vault. I'm a bit clueless as to where to start the changes.
I'm trying to add 2 different discovery clients depending on my Env variable. I want to do that for easier local development, without running local k8s cluster.
cloud:
retry:
initial-interval: 10
max-interval: 20
kubernetes:
discovery:
enabled: ${!CONSUL_ENABLED:true}
consul:
host: ${CONSUL_HOST:localhost}
port: ${CONSUL_PORT:8500}
discovery:
enabled: ${CONSUL_ENABLED:false}
fail-fast: true
instance-id: ${spring.application.name}-${server.port}-${instance-id}
health-check-path: /actuator/health
health-check-interval: 20s
My gradle file:
implementation 'org.springframework.cloud:spring-cloud-starter-kubernetes'
implementation 'org.springframework.cloud:spring-cloud-starter-consul-discovery'
But this config fails with error:
Field registration in org.springframework.cloud.netflix.zuul.ZuulProxyAutoConfiguration required a single bean, but 2 were found:
- getRegistration: defined by method 'getRegistration' in class path resource [org/springframework/cloud/kubernetes/discovery/KubernetesDiscoveryClientAutoConfiguration.class]
- consulRegistration: defined by method 'consulRegistration' in class path resource [org/springframework/cloud/consul/serviceregistry/ConsulAutoServiceRegistrationAutoConfiguration.class]
Is there any way to do that?
Ok, i found way to do that, you must disable all k8s, not only discovery:
cloud:
retry:
initial-interval: 10
max-interval: 20
kubernetes:
discovery:
enabled: ${K8S_ENABLED:true}
enabled: ${K8S_ENABLED:true}
consul:
host: ${CONSUL_HOST:localhost}
port: ${CONSUL_PORT:8500}
discovery:
enabled: ${CONSUL_ENABLED:false}
fail-fast: true
instance-id: ${spring.application.name}-${server.port}-${instance-id}
health-check-path: /actuator/health
health-check-interval: 20s
But is there a way to combine K8S_ENABLED and CONSUL_ENABLED variable to one?
Similar question asked in Spring Cloud Load Balancer multiple configurations.
I want to use health-check and same-instance-preference configurations for spring cloud load balancer at the same time. Unable to give mutiple configurations.
I am using SimpleDiscoveryClient for listing out the instances. Additionally, if both these configurations are clubbed, can it be a replacement for sticky session loadbalancer rule?
Posting my yml here:
spring:
application:
name: sample
cloud:
discovery:
client:
health-indicator:
enabled: false
simple:
instances:
test-service:
- uri: http://localhost:8082
- uri: http://localhost:8081
loadbalancer:
# configurations: health-check
configurations: same-instance-preference
sticky-session:
add-service-instance-cookie: true
cache:
enabled: false
health-check:
path:
default: /actuator/health
interval: 10000
gateway:
routes:
- id: test_routing
path: /user/*
uri: lb://test-service
predicates:
- Method=GET,POST
- Path=/user/**
server:
port: 45000
I am introducing in microservices with spring and kubernetes.
I have gateway services made with spring-cloud-starter-netflix-zuul that works like an apigateway
I define Zull gateway like this:
server:
port: 8080
use-forward-headers: true
security:
basic:
enabled: false
oauth2:
resource:
jwk.key-set-uri: ${OAUTH_KEYSETURI}
spring:
config:
name: proxy-service
application:
name: proxy-service
zuul:
routes:
service-one:
path: /service-one/**
url: http://service-one:8080
serviceId: service-one
service-two:
path: /service-two/**
url: http://service-two:8080
serviceId: service-two
ribbon:
eureka:
enabled: false
eureka:
client:
enabled: false
error:
whitelabel:
enabled: false
But I found some problems, for example, that the requests have a limit per service, so I added the following lines:
zuul:
host:
max-per-route-connections: 100000
max-total-connections: 100000
I want to know. What is the most performant way to integrate spring-zuul with Kubernetes? I have read that it can also be integrated with spring-kubernetes-config, ribbon, and eureka. But doing it is more performant?
Recently I also read about spring-cloud-gateway. What is the difference with this project? Why spring has two gateway projects very similar? Are there differences in performance? Will both be supported in the future? What do you recommend to use?
I have configured a Spring Cloud Config server to force BASIC authentication and here is my application.yml file:
# Config Repo:
spring:
cloud:
config:
server:
git:
uri: file:///${HOME}/microservices_config_repo
# Show sensitive information for endpoints:
endpoints:
sensitive: true
# Security for endpoints:
management:
security:
enabled: true
security:
user:
name: user1
password: changeme
My issue I am having is that when I start the server up as:
mvn spring-boot:run
The server endpoints FORCE BASIC Authentication.
But when I start the Application.main() method, BASIC Authentication is enabled, but NOT enforced.
Meaning I can access configuration on:
http://localhost:8888/client-config
and
http://user1:changeme#localhost:8888/client-config
Can anyone help me understand why this is occuring and how to enforce BASIC Authentication while running the Application.main(), and not just through the Maven spring-boot plugin?
Note, when I use maven to package the app into a jar, then run the generated jar, BASIC Authentication is enforced, but still not through the IDE running just the Application.main directly.
Maybe the format the oy Yaml for example to me seems works like this:
server:
port:9999
spring:
application:
name: config-server-sample
cloud:
config:
name: ${spring.application.name}
fail-fast: true
server:
git:
uri: url
username: xx
password: zz
default-label: master
basedir: '${user.home}/${spring.application.name}/default'
timeout: 10
clone-on-start: true
force-pull: true
security:
basic:
enabled: true
path: /**
ignored: /health**,/info**,/metrics**,/trace**
user:
name: admin
password: tupassword