I've just been playing around with Spring Boot and developed a small Spring Cloud Streams app which basically acts as a destination for incoming messages through a queue.
However, I wanted to expose a health check endpoint so that I can verify if the service is up and running.
Until now, spring.main.web-application-type has been none. However, tu run actuator I must have that on.
I want to think that having the previously mentioned property to none didn't make the service exposed to the outside world and now that it has been enabled I must check and prevent some kind of accesses?
Are there any security concerns I must check now?
Related
After reading up on the Spring Boot Actuator features, specifically the health endpoint, I've found it quite useful for implementing docker container health checks for some of my services.
However some of my services are not webapps, and it seems like overkill to enable HTTP just to allow the container to check the app is up and running. Looking through the options, actuator seems to support HTTP endpoints, JMX, and SSH/Telnet, though that last one apparently requires you to be running a JDK, and is going away in boot 2.0.
Are there any established ways of doing container healthchecks for non-web spring boot apps?
I have spring web application (not spring boot) running in AWS. I am trying to create centralized configuration server. How to refresh the spring-cloud-client after the changing the properties? As per tutorial
Actuator endpoint by sending an empty HTTP POST to the client’s refresh endpoint, http://localhost:8080/refresh, and then confirm it worked by reviewing the http://localhost:8080/message endpoint.
But my aws Ec2 instances are behind the loadbalancer so i can't invoke the client url. I didn't understand the netflix Eureka and Ribbon much but it seems like adding another level of load balancer in the client side. I don't like this approach. Just to change a property i don't want to make the existing project unnecessarily complex. Is there any other way? or Am I misunderstood Eureka/Ribbon usage?
I have looked at the spring-cloud-config-client-without-spring-boot, spring-cloud-config-client-without-auto-configuration none of them have answer. First thread was answered in 2015. Wondering is there any update?
To get the configuration properties from a config server. You can do a http request. Example:
From the documentation we can see:
/{application}/{profile}[/{label}]
/{application}-{profile}.yml <- example
/{label}/{application}-{profile}.yml
/{application}-{profile}.properties
/{label}/{application}-{profile}.properties
So if you would do a request to http://localhost:8080/applicationName-activeProfile.yml you would receive the properties in .yml format for the application with that name and active profile. Spring boot config clients would automatically provide these values but you will have to provide em manually.
You don't need Eureka/Ribbon for this to work, it's a separate component.
More info: http://cloud.spring.io/spring-cloud-static/spring-cloud.html#_spring_cloud_config
Maybe you could even use spring-cloud-config but I'm not sure what extra configuration is needed without spring-boot.
https://cloud.spring.io/spring-cloud-config/
I created spring cloud config server and client and they work as expected. I have added #RefreshScope to my client and I am able to see the new properties getting fetched after hitting /refresh endpoint. But I was told that when I deploy it in cloud foundry environment , I must integrate it with RabbitMQ in order for all the instances to receive the refresh message. Is it possible to point me to a link which explains this problem and solution in detail?
Spring Cloud Bus
This is what you need in order to propagate configuration changes to all of your servers via a message broker such as RabbitMQ.
GitHub Project
Documentation
Follow the instructions in the links above you're good to go.
So I assume your application runs as single instance configuration. In that case, you don't need spring cloud bus based refresh and just hitting the {app}/actuator/refresh would be enough. Only if you scale out your app, we would need such setup with a queue like RabbitMQ or kakfa.
We have developed a software proxy based on spring boot and zuul, that is meant to govern services within our integration layer. We do not own the systems consuming the various services, nor do we own the actual services themselves. The services are SOAP based webservices at present. We make use of pre, post , error and route filters. Validations are database driven, including which client is allowed to call what webservice. All service definitions reside in the database (request endpoint, request xsd, response xsd, which clients are allowed to invoke, etc.).
The aim now is to add hystrix commands to handle service failures, as well as a hystrix dashboard.
The standard way to use hystrix commands involves annotating service methods with javanica. Is there a way to dynamically declare/register hystrix commands for these webservices at runtime after reading the configurations from the database? The hystrix interception will need to happen based on the multiple webservice endpoints being invoked from a single point.
Hoping this is achievable ...if not, I would really appreciate any alternative proposals for how hystrix commands could be declared in this way.
Thanks!
You're saying that you are already using Spring Boot and Zuul. How are you mapping the routes? Through the url param? Then you'll have to enroll your own. But if you define the routes as ribbon services and pass the routes as ribbon servers as described in the documentation you will get Hystrix for free.
Is Spring cloud config server an example of sidecar application for microservices?
Do you mean if the Spring Cloud Config Server itself is what the Spring Cloud documentation labels as Sidecar? Then no, as far as I know it is just a plain, regular Spring Boot app.
A Sidecar as referred to in Polyglot support with Sidecar is a Spring Boot application that acts as a bridge between your service infrastructure and a service that is not written in a JVM language. Apps written in Python, Go, Ruby, C#, NodeJS, Erlang or really any other language that can bind something to a port come to mind.
The benefits of the Sidecar are, that your Non-JVM apps
service discovery become automatically discoverable through Eureka, which means that JVM services can resolve the host:port/<service-id> of the Non-JVM apps as well as the other way around,
monitoring are monitorable through the same health-endpoints-infrastructure that is available in Spring Boot (Actuator), i.e. by manually providing the health endpoint in the Non-JVM app Eureka knows when the Non-JVM service is down
routing/proxying query the services by either manually looking up their hosts/ports or proxying these requests through Zuul, which in turn resolves their current addresses through Eureka
balancing be load balanced by Ribbon and
configuration may consume configuration properties provided via Spring Cloud Config.
I hope this answer addresses your question, if not (or someone finds it to be inaccurate or misleading) just let me know and I delete it to make room for something more suitable. ;-)