I have a Spring-Cloud-Gateway app (V. Finchley.SR1) and need the routing config to be externalized and refreshable. I'm currently able to configure the Gateway to pull config from a Cloud-Config app and refresh the routes by hitting the /actuator/refresh endpoint on the cloud app. However, I'd like to configure the route refresh to be automatic via a schedule rather than requiring a client to POST to /actuator/refresh. How can this be achieved?
Related
I’m currently experimenting on Metaflow. I followed the documentation and was able to deploy an aws setup with the given cloud formation template.
My question is why is that I’m always getting a:
message: "Missing Authentication Token"
when I access METAFLOW_SERVICE_URL in the browser, even if I made sure that the APIBasicAuth was set to false during the creation of cloudformation?
Shouldn’t this setting make the metadata/metaflow service accessible without the authentication/api key?
How can I resolve this? Or is this expected? That is, I cannot really view the metadata/metaflow service url via browser?
Thanks in advance
This was resolved under this github issue.
You still need to set the x-api-key header if you are trying to access the service url via the browser. To get the api-key you can go to the aws console
Api Gateway -> Api Keys -> show api key
Alternatively you can use the metaflow client in the sagemaker notebook which should be automatically setup for you via the template.
Also worth mentioning that there are two sets of endpoints: The one provided by the api gateway (which you seem to be hitting) and the one provided by the service itself. The api gateway forwards the requests the the service endpoints but needs the x-api-key to be set in the header. You can probably try hitting the service endpoints directly since you disabled auth.
If I want to access the REST API of the openshift master server from anywhere in my company I use https://master.test04.otc-test.company.com:8443 which works just fine.
Now I'm writing an admin application that is accessing the REST API and is deployed in this openshift cluster. Is there a generic name or environment variable in openshift to get the hostname of the master server?
Background: My admin application will be deployed on multiple openshift clusters which do not have the same URL. It would be very handy to have them autodiscover the hostname of the current master server instead of configuring this value for every deployment.
Use environment variables:
https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT
In the container, unless service account details are not being mounted, you can also access the directory:
/var/run/secrets/kubernetes.io/serviceaccount
In this you can then find a token file which contains the access token for the service account the container runs as. This means you can create a separate service account for the application in that project, and use RBAC to control what it can do via the REST API.
That same directory also has a namespace file so you know what project the container is running in, and files with certificates to use when accessing the REST API over a secure connection.
This is the recommended approach, rather than trying to pass an access token to your application through its configuration.
Note that in OpenShift 4, if you need to access the OAuth server endpoint, it is on a separate URL to what the REST API is. In 3.X, they were on the same URL.
In 4.0, you can access the path /.well-known/oauth-authorization-server on the REST API URL, to get information about the separate OAuth server endpoint.
For additional information on giving REST API access to an application via a service account, see:
https://cookbook.openshift.org/users-and-role-based-access-control/how-do-i-enable-rest-api-access-for-an-application.html
Note that that page currently says you can use https://openshift.default.svc.cluster.local as URL, but this doesn't work in OpenShift 4.
Goal:
Call actuators refresh endpoint to reload an override specified in spring cloud config server
Background:
Spring cloud config server provides a way to push out default configuration to all clients through the overrides property (https://cloud.spring.io/spring-cloud-config/single/spring-cloud-config.html#_property_overrides)
spring.cloud.config.server.overrides.foo=bar
Spring actuator provides a /refresh endpoint to reload configuration properties while the application is running.
Problem:
When a new override is pushed into spring cloud config server and the refresh point refreshes that property, the override value is not updated.
Therefore, an update like spring.cloud.config.server.overrides.foo=baz shows baz under actuators /env endpoint, but the clients still see foo=bar.
Question:
Is this just a missing feature of spring cloud config server?
Recently, I started seeing an issue when trying to setup secure gateway within API Connect on IBM Cloud, I previously had it working but looks like they changed this wizard interface and its broken since then
here is what I did to recreate the issue:
Setup new APIC instance on IBM Cloud
API connect Manager UI > Admin > Secure Gateways > Add (name & save)
once created, in Secure Gateway Clients section, click on +Set Up
I see no ID or Token generated
no matter what type of client I choose (DataPower, Docker or Installer)
Anyone facing the same issue?
Empty ID and Token when trying to setup Secure Gateway Client
turned out that creating SecureGateway from within the APIC is deprecated feature anyway.
you will need to create standalone SecureGateway resource on Bluemix and call it from your API assembly.
here is the instructions
https://www.ibm.com/support/knowledgecenter/en/SSFS6T/com.ibm.apic.apionprem.doc/task_api_secure_gateway.html
We have a Zuul proxy (wraped with Spring Cloud/Boot) deployed that fetches configuration from the Spring Config Server. Every time I do changes in the routes I restart Zuul application and I wonder if there is a better approach that can be taken (like refresh of Zuul config information)? :)
Thank you,
You can issue a refresh command via rest:
curl -X POST http://<host>:<port>/refresh
I wrote a simple bash script that commits all my changes to the config file in the Git repository and then issue curl request to all my services.
If you wanted to be fancy you could write a script that first queries your Eureka server to get the list of all services and then refresh them all :)
Zuul Routes could be dynamically refreshed when configuring them in a Git backend for instance, fronted by Spring Cloud Config server and Spring Cloud Bus.
I have covered this scenario in a recent blog post Routing requests and dynamically refreshing routes using Spring Cloud Zuul Server
For #1, Spring cloud config introduced the #RefreshScope annotation which will expose the /refresh endpoint (over HTTP or JMX)
For #2, after '/refresh', spring cloud config will take the latest git commit, For the config changes, essentially there are two ways, 1) pull the changes 2) push the changes, spring cloud bus approach is based on the rabbitmq to push the config changes.
Check out this article
And this also
Many respositories such as github are able to configure Webhook POST endpoints.
Besides the previously mentioned way of manually executing a request to the /refresh endpoint, you could configure your github config repository to use the /request endpoint as the webhook endpoint. That way, you could automatically refresh the properties on push.