I am trying to connect Keycloak running on local Kubernetes cluster with Spring Security OAuth application. When I port-forward Keycloak from k8s using kubectl port-forward svc/keycloak 8080:8080 I can access web GUI with no problem, but when Authorizing with Spring Security, it will always throw an error
Invalid token issuer. Expected 'http://localhost:8080/auth/realms/master', but was 'http://10.104.81.255:8080/auth/realms/master'
Here is my Keycloak configuration in Spring
keycloak:
realm: master
auth-server-url: http://localhost:8080/auth
ssl-required: external
resource: my-resource
use-resource-role-mappings: true
public-client: true
Please let me know how I can set this up, so I can continue developing locally.
NOTE: When the Spring Application runs within the cluster and I port-forward that one instead, it obviously works perfectly.
It looks like you haven't configured the frontendUrl for the Hostname provider. Set it to http://localhost:8080/auth and you should be fine.
Related
I am running Spring Cloud Dataflow on Kubernetes runtime.
Currently, I am using K8 secrets to manage secrets for the dataflow server, and skipper server. Going forward I want to use Spring Cloud Vault as a secrets manager.
Is there any support to configure vault secrets in dataflow and skipper servers?
SCDF Version: springcloud/spring-cloud-dataflow-server:2.10.0
Skipper Version: springcloud/spring-cloud-skipper-server:2.9.0
I enabled following configuration in
application.yaml
vault:
enabled: true
authentication: KUBERNETES
uri: http://<vault_host>
backend: secret
application-name: scdf-server
kubernetes:
role: internal-app
bootstrap.yaml
spring:
application:
name: scdf-server
I was expecting scdf-server to inject secrets from the vault kV backend, but it seems it's not activating the vault config.
Spring Cloud Vault isn't in the classpath of the standard build.
You can follow these instructions to add jar files to the containers.
I am just started with Kong API with One API
I am able to run kong api locally using its official docker image available.
And on other side I am having another Spring-Boot microservice locally running inside same Docker engine.
Problem : What configuration needs in kong api yaml file so that I can connect to my spring-boot microservice ?
My kong -api yaml file
services:
- name: control-service-integration
url: http://localhost:8080/
plugins:
- name: oneapi
config:
edgemicro_proxy: edgemicro_demo_v0
add_application_id_header: true
authentication:
apikey:
header_name: "x-api-key"
upstream_auth:
basic_auth:
username: username
password: password
routes:
- name: control-service-route
request_buffering: false
response_buffering: false
paths:
- /edgemicro-demo-v0
From kon-one api service i am getting always 502 Bad Gateway error.
Let me know if anything information required.
I found the solution for this
in above YAML
services:
- name: control-service-integration
url: http://localhost:8080/
add this value in-front of url section http://host.docker.internal:8080/ after doing lot of trials and errors finally now I am able to connect my app which is running on host.
I’m trying to migrate JHipster from using Zuul to Spring Cloud Gateway. JHipster uses Eureka to look up routes and I believe I’ve configured Spring Cloud Gateway correctly to look up routes and propagate the access token to them. Here’s my config:
spring:
cloud:
gateway:
default-filters:
- TokenRelay
discovery:
locator:
enabled: true
lower-case-service-id: true
route-id-prefix: /services/
httpclient:
pool:
max-connections: 1000
The problem I’m experiencing is the access token is not sending an Authorization header to the downstream services.
Here's how things were configured with Zuul in my application.yml:
zuul: # those values must be configured depending on the application specific needs
sensitive-headers: Cookie,Set-Cookie #see https://github.com/spring-cloud/spring-cloud-netflix/issues/3126
host:
max-total-connections: 1000
max-per-route-connections: 100
prefix: /services
semaphore:
max-semaphores: 500
I created a pull request to show what's changed after integrating Spring Cloud Gateway.
https://github.com/mraible/jhipster-reactive-microservices-oauth2/pull/4
Steps to reproduce the issue:
git clone -b reactive git#github.com:mraible/jhipster-reactive-microservices-oauth2.git
Start JHipster Registry, Keycloak, and the gateway app:
cd jhipster-reactive-microservices-oauth2/gateway
docker-compose -f src/main/docker/jhipster-registry.yml up -d
docker-compose -f src/main/docker/keycloak.yml up -d
./mvnw
Start MongoDB and the blog app:
cd ../blog
docker-compose -f src/main/docker/mongodb.yml up -d
./mvnw
Navigate to http://localhost:8080 in your browser, log in with admin/admin, and try to go to Entities > Blog. You will get a 403 access denied error. If you look in Chrome Developer Tools at the network traffic, you'll see the access token isn't included in any headers.
I was able to solve this using this answer.
spring:
cloud:
gateway:
discovery:
locator:
enabled: true
predicates:
- name: Path
args:
pattern: "'/services/'+serviceId.toLowerCase()+'/**'"
filters:
- name: RewritePath
args:
regexp: "'/services/' + serviceId.toLowerCase() + '/(?<remaining>.*)'"
replacement: "'/${remaining}'"
I also had to add .pathMatchers("/services/**").authenticated() to my security config, which wasn't needed for Zuul. You can see my commit here.
I got troubles get Zuul working with a dockerized Spring boot app.
It seems Zuul is not able to proxy requests to the target application (gis_import_export) even if it is up and running.
My Zuul based Spring app configuration:
spring:
banner:
location: classpath:banner.txt
zuul:
debug:
request: true
routes:
ie:
url: http://gis_import_export:8080
geoserver:
url: http://geoserver:8080
geonetwork:
url: http://geonetwork:8080
ribbon:
eureka:
enabled: false
and my docker-compose.yml file:
version: "3"
services:
geoserver:
image: kartoza/geoserver
geonetwork:
image: geonetwork
postgres:
image: postgres
environment:
- POSTGRES_DB=xxx
- POSTGRES_PASSWORD=xxx
- POSTGRES_USER=xxx
gis_import_export:
image: gis_import_export:develop
ports:
- 8888:8080
zuul:
image: gis_api_gateway:develop
ports:
- 8080:8080
I'm able to have geonetwork/geoserver proxied correctly via Zuul service exposed port but I'm stuck with getting with Spring boot app seems not get proxied.
By the way, the dockerized Spring boot apps works as expected if accessed via the 8888 port and via Zuul if zuul itself is not deployed via Docker.
Running a ping/telnet to dockerized spring boot app inside the Zuul docker container works as expected, so names are being resolved correctly.
Ideas?
Thanks, FB
Your services running in different docker networkds.
You have to specify same network in two files network.
And of course it will be good if you specify hostname parameter for each container
I'm running a Spring Boot application as a Docker container. This works fine so far, but it's giving me some head aches when trying to use Spring Cloud Consul as well. It reads the configuration from the Consul KVS just fine, but the health checks seem to be acting up.
The default health check uses the hostname of the docker container, for example http://users-microservice/health. Obviously this won't resolve when accessed from Consul.
No problem, the documentation mentions that you can use healthCheckPath in your bootstrap.yml file to configure it. This is what I have now:
spring:
application:
name: users-microservice
cloud:
consul:
host: myserver.com
port: 8500
config:
prefix: API-CONFIG
profileSeparator: '__'
discovery:
tags: users-microservice
healthCheckPath: http://myserver.com:${server.port}/status
healthCheckInterval: 30s
Unfortunately, this variable seems to be used in a very different manner from what I expected. This is what Consul is trying to reach:
Get http://users:18090http//myserver.com:18090/status: dial tcp: unknown port tcp/18090http
How can I fix this? Is there some undocumented configuration parameter that I should set?
Use spring.cloud.consul.discovery.healthCheckUrl=http://myserver.com:${server.port}/status
healthCheckPath only changes the path, not host and port.