Spring integration with http inbound gateway - spring

Currently am working with spring integration with web service. I googled in many places including git but i could find good example to proceed with. I've configured the http inbound gateway and its not receiving the request from http client. Also am not sure what are the configuration needs to be added.
I couldn't find any better tutorial or steps to proceed. Any help much appreciated. Is it a good practice use http inbound gateway to receive http request as i couldn't find proper step or documentation to proceed.
Any help or guidance or example sites much appreciated.
Thanks,
Krish S

If you are facing the problem, it would be better to share the config.
You can find more info in the Reference Manual.
Also you can take a look into the Samples.
Or even you can take a look into our Test Cases. For example HTTP Proxy.
All that info are available from the main Spring Integration site.
Sorry for the bunch of links, but such a blurred leads to the common answer.

Related

How to provide mutual TLS (mTLS) with Spring application in Kubernetes?

I have an interesting problem, maybe you could help me out.
There are given two spring applications, called app1 and app2. There is plenty of REST calls are happening to both of the services. I need to implement a security solution where both of them can communicate with each other on REST but it is protected by mutual TLS (mTLS where both app has its own cert for each other)
Implementing it the standard way its not that hard, Spring has solutions for it (with keystores and etc.), but the twist is, I have to create it in a Kubernetes environment.
The two app is not in the same cluster, so app1 is in our cluster but app2 deployed in one of our partner's system.
I am pretty new to k8s and not sure what is the best method to achieve this. Should I store the certs or the keystore(s) as secrets? Use and configure nginx ingress somehow, maybe Istio would be useful? I would really want to find the optimal solution but I don't know the right way.
I would really like if I could configure it outside my app and let k8s take care about it but I am not sure if it is the right thing to do.
Any help would be really appreciated, some guidance to find the right path or some kind of real life examples.
Thank you for your help!
Mikolaj has probably covered everything but still let me add my cent
i don't have much experience working with Istio, however i would also suggest checking out the Linkerd service mesh.
Step 1.
Considering if you are on multi could GKE & EKS or so still it will work.
Multicluster guide details and installation details
Linkerd will use the Trust anchor between the cluster so traffic can flow encrypted and not get open to the public internet.
You have to generate the certificate which will form a common base of trust between clusters.
Each proxy will get copy of the certificate and use it for validation.
The answer to your problem will be more complex as there is no one-size-fits-all solution that turns out to be the best. It all depends on what exactly you want to do and what tools you have for it. suren mentioned it very well in the comment:
if you are still in the stage of PoC, then note that there are couple of ways of achieving what you want. Istio would be a valid way, for example. You could have the other service in a ServiceEntry, enable mTLS and there you go. You don't have to even manage secrets for this specific scenario, as it is automatic. But there are other ways. Even with Istio there are other ways. If you are on any cloud provider, you might have some managed services as well
This is a very good comment and I would also recommend an istio based solution to you. First of all check the official mTLS documentation for istio first. You will also find specific usage examples and sample configuration files there.
You also mentioned in the question that your application will run between two clusters. Take a look at this tutorial, which shows exactly how to solve this situation:
Istio injects an envoy sidecar to every pod and makes sure all the traffic goes through the envoy proxy. Envoy proxies compose the data plane. The control plane manages the Envoy sidecars. In previous versions of Istio, the control plane used to have other components, such as Pilot, Citadel, and Galley. These components got consolidated into a single binary called “istiod”. The control plane also deals with the configurations, certificates, secrets, and health checking.
For more information look also at related problem on stackoverflow and another tutorial.
Take into account that in addition to istio itself, you will be able to use ready-made cloud solutions, for example available at GKE i.e. Configuring TLS and mTLS on the Istio ingress .
Another way might be to use a tool Anthos Service Mesh by example: mTLS.

Spring Boot user job/process monitoring

using Spring 2.0.3
I have a set of Spring Servers which I need to find out if the Spring is processing a request sent to it. Only one of these requests is processed at a time. In this case the request is, depending on options, can cause a good number of code paths to be used. To support the different variations of the starting call there are about 30 different services and some other classes.
I need to be able to send some request to these servers and ask the question: Are you working on one of these requests. The response can be a simply yes or no.
In trying to come up with an approach it kind of seems like the Spring Actuator might be the way to go. However in a least some of the material I have looked at seems like it is at more of a sysadmin type of level.
My question is how to approach this issue? Is the Actuator the best bet to archive what I am looking for, and if not what to do? If possible would like to avoid placing code in each service/class to see what is going on.
thanks

How to do canary releases and dynamic routing with Netflix Zuul?

We faced with the problem that we need to do such thing as dynamic routing and canary releases. So, for example, we deploy microservice microservice-1. Then, when someone finished a big feature we want to deploy it as a microservice microservice-1.1.
Question
Is it possible to dynamically reroute requests using information, for example, from Headers, and route to the microservice version microservice-1.1 instead on microservice-1?
For example, someone needs this feature and he will modify/add specific Header and for all requests, he will use new microservice-1.1. And if that Header is missing then the current microservice-1 version should be used.
For service discovery, I am using Eureka. Right now I am looking at linkerd but there is no support for Eureka and I am working on it right now. Of course, if it is possible to do it using Zuul that would be great. Please advise where to look at.
Not really sure about Netflix Zuul, but we liked the approach presented by Istio (backed by Google, etc) which works really well with Containers (Kubernetes) and you get the support for canary releases https://istio.io/blog/2017/0.1-canary/

Using spring-boot-admin for a non spring-boot project

tl;dr
Requesting suggestions, guidelines or examples for possibilities to extend spring-boot-adminto use methods other than HTTP requests for health moitoring of non-spring projects like MariaDB.
Full version
There is a requirement to setup a monitoring application using spring-boot-admin. Several of the clients are spring-bootapplications and are easily implemented. There are however a couple of non spring-boot projects like the database server MariaDB.
The question is therefore formulated thusly : Is it possible to extend SBA to monitor the databse status by methods other than HTTP requests. One possible approach, for example, might be to check if it is possible to connect to the application specific TCP port to verify if the db server is still running. However, other possibilities can be exploited too.
One post I found similar to my question was this :
https://github.com/codecentric/spring-boot-admin/issues/504. The key difference here though is that the provided answer still sugests a HTTP approach. The reference guide also does not suggest an alternative.
Should such a possibility exists, a brief outline of the approach or an example implementation would be most welcome.
SBA currently only supports checking health via http. But your DB should be implicitly monitored if you have an according health indicator on your business application.
It should be possible to extend the StatusUpdater#queryStatus() doing a tcp connect if it encounters an health-url beginning with tcp:// instead of http://...
And in case you accomplish that a PR is appreciated :)

Sending message to single person using Spring STOMP websockets

On the internet I've found some info on how to accept and send messages using Spring and STOMP, however I did not find any good examples on how to send a message to a single user. Only how to broadcast them to every single one. Are there any good examples on it?
I basically want to run one or two controllers with STOMP in a Spring MVC structure, so I can authenticate people outside of the websocket, and later on tie that authentication to the STOMP controllers, and for that I obviously need to be able to send messages to individuals.
There is a reasonable spring blog post which covers this:
http://assets.spring.io/wp/WebSocketBlogPost.html
The source code is on github (and linked from the blog).
There is a concept of User Destinations where messages can be bound to a specific destination belonging to a user's session.
There is this article from the Spring docs that explains it nicely. Hope this helps someone.
For anyone looking for the same answer with a nice code example, I've found this repo: spring-websocket-chat

Resources