Goal:
Call actuators refresh endpoint to reload an override specified in spring cloud config server
Background:
Spring cloud config server provides a way to push out default configuration to all clients through the overrides property (https://cloud.spring.io/spring-cloud-config/single/spring-cloud-config.html#_property_overrides)
spring.cloud.config.server.overrides.foo=bar
Spring actuator provides a /refresh endpoint to reload configuration properties while the application is running.
Problem:
When a new override is pushed into spring cloud config server and the refresh point refreshes that property, the override value is not updated.
Therefore, an update like spring.cloud.config.server.overrides.foo=baz shows baz under actuators /env endpoint, but the clients still see foo=bar.
Question:
Is this just a missing feature of spring cloud config server?
Related
I have managed to set up a Keycloak server embedded in a Spring Boot Application successfully, following this tutorial:
Keycloak Embedded in a Spring Boot Application
in order to avoid setting it up manually.
Since I am dealing with an old implementation that already has it's own DB, I decided to use Keycloak's User Storage SPI to connect to an external postgresql DB and use this for authentication instead of Keycloak DB.
To do this, I followed the tutorial on Keycloak documentation, but it envolves a standalone Keycloak server, creating a .jar with the custom provider and injecting it to <pathToKeycloak>/standalone/deployments/.
I have created an implementation that works with a standalone Keycloak server, but now I want to include it to the embedded one. Is it possible to use a Keycloak server Embedded in a Spring Boot Application and also have an embedded custom User Storage Provider, to avoid setting up manually?
If you have already implemented the provider and the provider factory, you only need to declare the provider factory class in the resources/META-INF/services/org.keycloak.storage.UserStorageProviderFactory file.
Then you can log in to the administration console and enable user storage provider on the User Federation page.
I'm running a Spring Boot Admin server (2.2.2) and using Spring Cloud Kubernetes discovery (with specific service labels to filter) to detect my client apps. None of my client apps are using the explicit Spring Boot Admin Client dependency mechanism.
One of my client apps has a non-standard actuator URL and uses different security credentials to access those endpoints. I understand that I could use static spring cloud discovery with instance metadata to achieve this, but I'd rather use the kubernetes discovery process for all my client apps.
I think by using a custom ServiceInstanceConverter I might be able to override the management context path, but I couldn't see a way to inject custom security credentials via that route.
Is there a better way to customise this kubernetes-driven discovery process? (e.g. can I declare instance metadata somewhere in the client app so that it's picked up even though I'm using Kubernetes discovery - I got the sense from the Spring Boot Admin docs that setting admin properties in clients applied only to the "push registration from client to server" case rather than the "server discovers" case.)
As a related general question, Spring Boot Admin is presumably using some default credential values for accessing actuator endpoints - where are they set up?
Thanks in advance
Alan
I think I figured this out for myself, but in case it's useful to anyone else here is what I did:
Declared custom values for the instance metadata management.context-path, user.name and user.password under the annotations section of the Kubernetes service for my client application.
e.g.
kind: Service
apiVersion: v1
metadata:
name: foo-service
annotations:
# The following are used to support monitoring and administration
user.name: mySpecialUsername
user.password: mySpecialPassword
management.context-path: /foo/manage
From observation it seems that the default credentials assumed by a Spring Boot Administration server are admin/admin.
I don't think it is advisable to put passwords into a service manifest.
The SBA refdoc documents some properties to configure default or per service usernames/passwords.
If this is not an option, you can always add some custom headers to the requests that are sent to the clients:
#Bean
public HttpHeadersProvider customHttpHeadersProvider() {
return (instance) -> {
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.add("Authorization", "Basic bXlTcGVjaWFsVXNlcm5hbWU6bXlTcGVjaWFsUGFzc3dvcmQ=");
return httpHeaders;
};
}
I'm using spring cloud config together with spring cloud bus.
I set up a webhook from my git repository (hosted in bitbucket) to notify the config server when a push occurs. In order to reduce throughput and use a minimal caching I set the refresh rate for 2 minutes:
spring.cloud.config.server.git.refresh-rate=120
Now when I push to the repository, the config server is being notified via the webhook and send a message to the clients. The client is asking for the configuration again from the server, but because the refresh rate is set to two minutes, and the notifications chain is faster the configuration server returns the previous configuration.
Is there a way to cancel the refresh rate on a webhook (a request to /monitor)? Maybe other way to overcome this issue?
I have a Spring-Cloud-Gateway app (V. Finchley.SR1) and need the routing config to be externalized and refreshable. I'm currently able to configure the Gateway to pull config from a Cloud-Config app and refresh the routes by hitting the /actuator/refresh endpoint on the cloud app. However, I'd like to configure the route refresh to be automatic via a schedule rather than requiring a client to POST to /actuator/refresh. How can this be achieved?
We have a Zuul proxy (wraped with Spring Cloud/Boot) deployed that fetches configuration from the Spring Config Server. Every time I do changes in the routes I restart Zuul application and I wonder if there is a better approach that can be taken (like refresh of Zuul config information)? :)
Thank you,
You can issue a refresh command via rest:
curl -X POST http://<host>:<port>/refresh
I wrote a simple bash script that commits all my changes to the config file in the Git repository and then issue curl request to all my services.
If you wanted to be fancy you could write a script that first queries your Eureka server to get the list of all services and then refresh them all :)
Zuul Routes could be dynamically refreshed when configuring them in a Git backend for instance, fronted by Spring Cloud Config server and Spring Cloud Bus.
I have covered this scenario in a recent blog post Routing requests and dynamically refreshing routes using Spring Cloud Zuul Server
For #1, Spring cloud config introduced the #RefreshScope annotation which will expose the /refresh endpoint (over HTTP or JMX)
For #2, after '/refresh', spring cloud config will take the latest git commit, For the config changes, essentially there are two ways, 1) pull the changes 2) push the changes, spring cloud bus approach is based on the rabbitmq to push the config changes.
Check out this article
And this also
Many respositories such as github are able to configure Webhook POST endpoints.
Besides the previously mentioned way of manually executing a request to the /refresh endpoint, you could configure your github config repository to use the /request endpoint as the webhook endpoint. That way, you could automatically refresh the properties on push.