23 Ağustos 2021 Pazartesi

SpringCloud Config Server Kullanımı

Giriş
Açıklaması şöyle
With the Spring Cloud Configuration server, we can place the configuration files for all our microservices in a central configuration repository that will make it much easier to handle them. Our microservices will be updated to retrieve their configuration from the configuration server at startup.
Maven
Şu satırı dahil ederiz
<dependency>
  <groupId>org.springframework.cloud</groupId>
  <artifactId>spring-cloud-config-server</artifactId>
</dependency>
JDBC için şu satırı dahil ederiz
<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-config-server</artifactId>
  </dependency>
  <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-data-jdbc</artifactId>
  </dependency>
  <dependency>
    <groupId>mysql</groupId>
    <artifactId>mysql-connector-java</artifactId>
  </dependency>
Config Repository Olarak Ne Kullanılabilir
Açıklaması şöyle. Yani repository olarak bir sürü seçenek var
The config server supports the storing of configuration files in a number of different backends, for example:  

Git repository  
Local filesystem  
HashiCorp Vault  
A JDBC database  

Other Spring projects have added extra backends for storing configuration, for example, the Spring Cloud AWS project, which has support for using either AWS Parameter Store or AWS Secrets Manager as backends. 
Vault için bir örnek burada

Deciding on the Initial Client Connection  
Açıklaması şöyle
By default, a client connects first to the config server to retrieve its configuration....
It is also possible to do this the other way around, that is, the client first connecting to the discovery server to find a config server instance and then connecting to the config server to get its configuration. There are pros and cons to both approaches.  

Note: One concern with connecting to the config server first is that the config server can become a single point of failure. If the clients connect first to a discovery server, such as Netflix Eureka, there can be multiple config server instances registered so that a single point of failure can be avoided.
Config Server API
Açıklaması şöyle
The config server exposes a REST API that can be used by its clients to retrieve their configuration. In this chapter, we will use the following endpoints in the API:  

1. /actuator: The standard actuator endpoint is exposed by all microservices. 
As always, these should be used with care. They are very useful during development but must be locked down before being used in production.  

2. /encrypt and /decrypt: Endpoints for encrypting and decrypting sensitive information. These must also be locked down before being used in production.  

3. /{microservice}/{profile}: Returns the configuration for the specified microservice and the specified Spring profile.
actuator/refresh microservice'leri yeni konfigürasyondan haberdar etmek için kullanılır. Şeklen şöyle


/encrypt ve /decrypt
Örnek - symmetric
Şöyle yaparız
server.port = 8888

# Set path to Local Git Repository
spring.cloud.config.server.git.uri = /home/...

# Setting the key for Symmetric Encryption and Decryption
encrypt.key = secret
Böylece artık 
localhost:888/encrypt
adresine POST yaparsak gönderdiğimiz veriyi şifreli olarak gelir alırız. Eğer şifreli veriyi açmak istersek
localhost:888/encrypt
adresine yine POST yapmak gerekir.
Örnek - asymmetric
keytool komutu ile bir public/private key JKS oluşturulur. Şöyle yaparız
keytool -genkeypair \
  -keyalg RSA \
  -dname "cn=Config-Serv, ou=Java, o=Spring, c=US" \
  -alias configserv \
  -keypass nopass \
  -keystore simple.jks \
  -storepass nopass
Şöyle yaparız
# Path of Key-Pairs to be used. (Recommended: Use Classpath)
encrypt.keyStore.location = claspath:/simple.jks

# Represents the password to read jks file (keypass)
encrypt.keyStore.password = nopass

# Represents the password to read jks file (storepass)
# From Java-11 keystore password and secret should be same.
# Optional to specify. When not given keystore password is used as secret by default.
encrypt.keyStore.secret = nopass

# Value of Alias used in jks generation
encrypt.keyStore.alias = configserv

# Format of keystore (Default: jks)
encrypt.keyStore.type = jks
Kullanım
1. @EnableConfigServer anotasyonu tanımlanır

2. Sunucu için SpringCloud Config Server application.properties ayarları tanımlanır

3. İstemci için ayarlar yapılır. Ayarlarda application + profile + label bilgilerinin belirtilmesi gerekiyor. Yani şöyledir
application-name
|--- application-name-dev.properties
|--- application-name-qa.properties














Hiç yorum yok:

Yorum Gönder