SpringCloud Config Server Kullanımı

Giriş

Açıklaması şöyle

With the Spring Cloud Configuration server, we can place the configuration files for all our microservices in a central configuration repository that will make it much easier to handle them. Our microservices will be updated to retrieve their configuration from the configuration server at startup.

Maven

Şu satırı dahil ederiz

<dependency>
  <groupId>org.springframework.cloud</groupId>
  <artifactId>spring-cloud-config-server</artifactId>
</dependency>

JDBC için şu satırı dahil ederiz

<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-config-server</artifactId>
  </dependency>
  <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-data-jdbc</artifactId>
  </dependency>
  <dependency>
    <groupId>mysql</groupId>
    <artifactId>mysql-connector-java</artifactId>
  </dependency>

Config Repository Olarak Ne Kullanılabilir

Açıklaması şöyle. Yani repository olarak bir sürü seçenek var

The config server supports the storing of configuration files in a number of different backends, for example:  

Git repository  

Local filesystem  

HashiCorp Vault  

A JDBC database  

Other Spring projects have added extra backends for storing configuration, for example, the Spring Cloud AWS project, which has support for using either AWS Parameter Store or AWS Secrets Manager as backends. 

Vault için bir örnek burada

Deciding on the Initial Client Connection  

Açıklaması şöyle

By default, a client connects first to the config server to retrieve its configuration....

It is also possible to do this the other way around, that is, the client first connecting to the discovery server to find a config server instance and then connecting to the config server to get its configuration. There are pros and cons to both approaches.  

Note: One concern with connecting to the config server first is that the config server can become a single point of failure. If the clients connect first to a discovery server, such as Netflix Eureka, there can be multiple config server instances registered so that a single point of failure can be avoided.

Config Server API

Açıklaması şöyle

The config server exposes a REST API that can be used by its clients to retrieve their configuration. In this chapter, we will use the following endpoints in the API:  

1. /actuator: The standard actuator endpoint is exposed by all microservices. 

As always, these should be used with care. They are very useful during development but must be locked down before being used in production.  

2. /encrypt and /decrypt: Endpoints for encrypting and decrypting sensitive information. These must also be locked down before being used in production.  

3. /{microservice}/{profile}: Returns the configuration for the specified microservice and the specified Spring profile.

actuator/refresh microservice'leri yeni konfigürasyondan haberdar etmek için kullanılır. Şeklen şöyle

/encrypt ve /decrypt

Örnek - symmetric

Şöyle yaparız

server.port = 8888

# Set path to Local Git Repository
spring.cloud.config.server.git.uri = /home/...

# Setting the key for Symmetric Encryption and Decryption
encrypt.key = secret

Böylece artık 

localhost:888/encrypt

adresine POST yaparsak gönderdiğimiz veriyi şifreli olarak gelir alırız. Eğer şifreli veriyi açmak istersek

localhost:888/encrypt

adresine yine POST yapmak gerekir.

Örnek - asymmetric

keytool komutu ile bir public/private key JKS oluşturulur. Şöyle yaparız

keytool -genkeypair \
  -keyalg RSA \
  -dname "cn=Config-Serv, ou=Java, o=Spring, c=US" \
  -alias configserv \
  -keypass nopass \
  -keystore simple.jks \
  -storepass nopass

Şöyle yaparız

# Path of Key-Pairs to be used. (Recommended: Use Classpath)
encrypt.keyStore.location = claspath:/simple.jks

# Represents the password to read jks file (keypass)
encrypt.keyStore.password = nopass

# Represents the password to read jks file (storepass)
# From Java-11 keystore password and secret should be same.
# Optional to specify. When not given keystore password is used as secret by default.
encrypt.keyStore.secret = nopass

# Value of Alias used in jks generation
encrypt.keyStore.alias = configserv

# Format of keystore (Default: jks)
encrypt.keyStore.type = jks

Kullanım

1. @EnableConfigServer anotasyonu tanımlanır

2. Sunucu için SpringCloud Config Server application.properties ayarları tanımlanır

3. İstemci için ayarlar yapılır. Ayarlarda application + profile + label bilgilerinin belirtilmesi gerekiyor. Yani şöyledir

application-name

|--- application-name-dev.properties
|--- application-name-qa.properties