After reading up on the Spring Boot Actuator features, specifically the health endpoint, I've found it quite useful for implementing docker container health checks for some of my services.
However some of my services are not webapps, and it seems like overkill to enable HTTP just to allow the container to check the app is up and running. Looking through the options, actuator seems to support HTTP endpoints, JMX, and SSH/Telnet, though that last one apparently requires you to be running a JDK, and is going away in boot 2.0.
Are there any established ways of doing container healthchecks for non-web spring boot apps?
Related
In our application we have been separating the management.server.port and the server.port so we can expose the web server easily via Ingress and Service objects and keep the management port only for the Kubernetes liveness and readiness probes.
However, in the documentation for Actuator there is this warning:
If your Actuator endpoints are deployed on a separate management context, be aware that endpoints are then not using the same web infrastructure (port, connection pools, framework components) as the main application. In this case, a probe check could be successful even if the main application does not work properly (for example, it cannot accept new connections).
Is there a best practice here? Is it just to implement my own readiness check?
I've just been playing around with Spring Boot and developed a small Spring Cloud Streams app which basically acts as a destination for incoming messages through a queue.
However, I wanted to expose a health check endpoint so that I can verify if the service is up and running.
Until now, spring.main.web-application-type has been none. However, tu run actuator I must have that on.
I want to think that having the previously mentioned property to none didn't make the service exposed to the outside world and now that it has been enabled I must check and prevent some kind of accesses?
Are there any security concerns I must check now?
Was wondering the recommended way of starting a spring boot app if the Spring cloud config server is temporarily down or unavailable. What would be the approach? I know of the retry configurations, but I am wondering if there is a way to have a 'replica' config server and use that as a failover (or something along those lines).
Sure, why not?
After all, spring-cloud-config server exposes rest API and all the interaction with spring boot microservices is done over HTTP.
From this point of view, you can scale out the spring cloud config server by providing more than one instance of it all are up-and-running and mapping them to one virtual IP.
If you're running in some kind of orchestrated environment (like kubernetes) it is a very easy thing to do.
Is Spring cloud config server an example of sidecar application for microservices?
Do you mean if the Spring Cloud Config Server itself is what the Spring Cloud documentation labels as Sidecar? Then no, as far as I know it is just a plain, regular Spring Boot app.
A Sidecar as referred to in Polyglot support with Sidecar is a Spring Boot application that acts as a bridge between your service infrastructure and a service that is not written in a JVM language. Apps written in Python, Go, Ruby, C#, NodeJS, Erlang or really any other language that can bind something to a port come to mind.
The benefits of the Sidecar are, that your Non-JVM apps
service discovery become automatically discoverable through Eureka, which means that JVM services can resolve the host:port/<service-id> of the Non-JVM apps as well as the other way around,
monitoring are monitorable through the same health-endpoints-infrastructure that is available in Spring Boot (Actuator), i.e. by manually providing the health endpoint in the Non-JVM app Eureka knows when the Non-JVM service is down
routing/proxying query the services by either manually looking up their hosts/ports or proxying these requests through Zuul, which in turn resolves their current addresses through Eureka
balancing be load balanced by Ribbon and
configuration may consume configuration properties provided via Spring Cloud Config.
I hope this answer addresses your question, if not (or someone finds it to be inaccurate or misleading) just let me know and I delete it to make room for something more suitable. ;-)
I'm developing a webapplication with Spring-boot using embedded tomcat.
One of the requirements of this app is 2-way SSL (clientAuth).
Enabling ClientAuth is easy enough however we also like to use spring-boot Actuator for management of the app on a different port without clientAuth.
Is there is a clean way to do this?
(Disabling SSL on the actuator endpoints would also be enough)
According to latest spring docs, you can use
management.server.port=8080
management.server.ssl.enabled=false
in the properties to configure the management ports. see production-ready-management-specific-ssl in the spring boot doc for more options.