I am using the quarkus-smallrye-health extension in my Quarkus application. Our load balancer for our container platform requires that our application expose a health check endpoint over HTTP. For the other endpoints, I would like those to be exposed over HTTPS.
I've looked through the documentation but have not seen anything that would allow me to do this through Quarkus configuration parameters.
Related
Can Eureka be used by outside world to discover my service? Below is the flow:
Public client( developed in any technology and not using Eureka) --> Eureka server (hosted on my organization server, exposed to outside world) --> My Eureka aware services.
I am trying to understand how Netfilx Eureka works from overall architecture point of view.
Basically Load Balancer and discovery service are two completely different things.
Discovery service = a registry of currently available services
Load Balancer = a routing of requests based on various rules
So, Eureka, as a discovery service, cannot be used a Load Balancer by itself.
However Eureka, being an application by itself, exposes an HTTP REST API
So if you want to build a load balancer by yourself based on the information provided by eureka, you can call rest APIs like this.
For example, Ribbon, being a client side load balancer, calls these APIs internally.
Having said that, its not unclear why to use the tool for the purpose for which is not intended to be...
So I have a very small micro service architecture built using Eureka service discovery. The problem I am facing right now is that I only want my service endpoints to accept request from my api gateway, as it is right now you can just make a request straight to the service and hit that service endpoint. Is this a problem Kubernetes would solve? Or Is there a more practical way of doing this?
You should be using network policies to control the traffic between the services.
In kubernetes the services you want to expose internally use service type ClusterIP. This is default anyway which means services are accessible within cluster only. your api gateway is exposed as load balancer service type which then takes traffic from external world and talks to services internally. Depending on your cloud provider you can use firewall in front of load balancer since you can compromise security by simply exposing load balancer. e.g. azure kubernetes you could use application gateway. You can also replace the api gateway with ingress controller. it's very powerful reverse proxy controller which you can expose directly to traffic and that would talk to your services internally.
You really need to understand concepts so i would recommend following links
https://kubernetes.io/docs/concepts/services-networking/service/
https://blog.getambassador.io/kubernetes-ingress-nodeport-load-balancers-and-ingress-controllers-6e29f1c44f2d
I am trying to set up a zuul proxy server which will act as a gateway service for other apis in my microservice architecture.
So far all the tutorials that I have come across have the discovery client and zuul proxy set up in different gradle modules while I am trying to set them up in the same gradle module.
I have defined the routes and can see that my services have been successfully registered in the eureka dashboard.
I have also verified that I can ping the services using a discovery client from my gatekeeper service but whenever I try to access the services from the URL, I get
"Load balancer does not have available server for client:xyz"
exception.
Can somebody please help me setting this up?
I am new to spring cloud and going through some examples and material available online to make myself comfortable. However, while reading about ZUUL, some sites configured the routes in ZUUL's application.yml and some other sites mentioned that the requests will be forwarded to the respective microservice and no need to explicitly configure the routes. I was bit confused. For ex, in the below scenario what is the approach, to configure routes or to let zuul route automatically?
Let's say i have few micro services running and all of them along with ZUUL are registered to Eureka.
I have a front end which is running on a different port on the same server and needs to interact with the above micro services.
I also have few other applications (Running entirely on different servers) which need to interact with the above micro services for fetching the data.
TIA..
Did you use Zuul (which know microservices address through Eureka) to forward request between your micro-services ? if it's the case, you are using Server-Side Load Balancing pattern.
If you use a discovery service (Eureka in your case), i think the best approach it's to use Client-Side load balancing pattern for all inter-services requests (inside your system). (you can use Ribbon or RestTemplate for that).
You can use Zuul as a unified front door to your system, which allows a browser, mobile app or other user interface to consume services from multiple hosts without managing cross-origin resource sharing (CORS) and authentication for each one.
For example : a client (mobile app) request for all picture comments. The client dont need to know the Comments-service address. Only proxy address needed and Zuul will forward the request to the right service. You can do this in application.yml/.properties by
zuul.routes.comments.path=/comments/**
zuul.routes.comments.service-id=comments
The request will be GET www.myproxy.mycompany.com/comments. Dont forget the service name in your application.yml/.properties is very important (spring.application.name). It's the service-id in Zuul routes (which the same identifier in Eureka).
For some reason, your system need to request external services (as you mentionned in the 3th note). In this case, your external services are not a discovery client, Zuul can't look for the service-id from Eureka. you use routes as
zuul.routes.currencyprovider.path=/currencies/**
zuul.routes.currencyprovider.url=https://currencies.net/
with this route, all /currencies/** requests from your services THROUGH Zuul will be done.
with this approach you have one door for all your system. This is API Gateway pattern.
Sometimes your system need to aggregate multiple results from different services to response to client request. You can do this in Proxy (Zuul in your case).
I am trying to deploy wso2 api manager to cloudfoundry.
I have created a buildpack including the wso2 api manager. I am able to start the tomcat server and listen to http port. The https redirect doesn't work, an infinite redirect happens, when accessing https only urls like publisher. I tried changing the proxyport in catalina-server.xml (tried adding X-Forward-Proto in remote valve config). http urls work
According to This blog post this is a limitation, I assume.
The existing CF architecture only supports exposing one port from a
container. Therefore a WSO2 server cluster can only expose one
transport from CF.