-
Notifications
You must be signed in to change notification settings - Fork 259
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove netflix zuul library #4549
Comments
removing zuul doesn't increase any flexibility, we can deploy the UI and API separately with the zuul right now, we just have to tell the API where the UI is deployed(by URL). i don't think it can get simpler than this if we want to remove zuul, we should remove everything that has to do with the UI that it is stored in the the main idea of zuul was to allow the API to deliver the UI contents through it's context increasing the security level of what we send to the client, the session and all requests that are at Spring level i don't think of removing zuul as being a step forward, moving this kind of config at server level(nginx) will actually minimize the flexibility of how users deploy.. i would rather go for the two complete separate deployments(cc: @planetf1 #4441 (comment)):
we didn't even check to see why we can't update Spring version and we already think of zuul as leftover |
The driving pricliple here was separation of concerns. I am not in favour of emmbedding "reverse proxy" capability inside the backend app (server-cahssis-ui) just because it comes handy from development perspective. When you think from operational and maintainance it is restrictive because of the two reasons mentioned above. Additionally... About the flexibility: We have to also consider different options and deployment architectures whrere clients can choose for different reasons: security, availability etc aspect that might be already established as practices and standards in an organization. I do not see need for us to prefer any deployment option. About the maintainance: We are trying to minimize the effort and automate as much as possible to have regular updates on dependencies and spend less time identifying cross dependencies when some library contains vulnerability. In this case we need to update spring but we cannot because of compatibility issues with zuul (we depend on external release cycle). For pointers why we cannot update see following discussion #4263 (comment) |
it doesn't come in hand just from development perspective, the zuul approach is actually designed production first [0]
now this is a show stopper, [1] for reference, that's why they are not compatible anymore
[0] - https://blog.heroku.com/using_netflix_zuul_to_proxy_your_microservices |
I did not mean just as dev tool, on contrary looks like can very poverfull services but it is just one of the options. My argument is more about the choice of embedding it as part of the application Users can always install it as middleware gateway component to support all the cross cutting ascpect we mentioned before if they want to. |
Agree on that, the initial intentions of adding zuul was to minimize the pipeline changes and the time needed to integrate in the infrastructures at that moment. |
If/when removed I think the main impact outside the UI itself is
On the latter the change should be simple - please raise an issue or @mention me when needed. It's likely minor, again maybe just docs ( port/URL changes) or minor changes to container config. |
We're now pushing out a few levels of spring versions, and have issues to resolve. would be good to address this for our Feb release (ie code we work on in feb) |
@planetf1 a major thing will be that we will access the UI directly not via the backend anymore. there will be a default setup for this, the public setup, and other solutions per case or by choice depending on the environment on where it will be deployed cc: @lpalashevski |
@sarbull yes, understood. It is a change from what we've had before - but it is very typical for UI deployments, so I think it's what we should do. We should add some information to the readme for the release to point out the change, and update the supporting docs For our samples we already include the front and backend, so it's just minor tweaks to config/docs Overall we'll have a better end result :-) |
@planetf1 yes, on tomorrow's discussion me and @lpalashevski will present some technical aspects on the solution and output some action points |
Next steps following zull removal #4723 |
#4710 appears to remove the build dependency on zuul - so we will have no re-routing in the spring UI. Is this the last step or the first, or do we need to do all together. If together it's going to be best to do in a single PR (though we can cherry-pick from the existing PRs) #4723 is proposing a change to nginx.conf -- but this needs to be configured specifically in each environment. Firstly the nature of the change required to get the ui working alongside the static content needs to be clear in the UI docs (be it in base or the egeria-ui repo). The fragment provided is likely useful for a developer, but will need to use the coco platform hostnames - in docker-compose these are fixed (so we could just have a static file), whilst in k8s these are variables and so we would need to insert a variable, or more likely use a k8s configmap for the nginx config - needs a bit further work So can I clarify this is what I think is needed for containers
A few observations from this
Meaning the tasks we have are @lpalashevski :
Does that make sense? Is the order correct to allow things to continue working at each step? (though we may consolidate) For future thought: (cc: @sarbull )
|
@planetf1 the final solution should also include updating the UI so that it contains a configuration file where we specify the The nginx proxy should be just another way of deploying the UI in production, as it works in some of the contexts we have, not the default public one which everyone should start with. |
Ok @sarbull do you see that as a change you will make very soon - in which case the changes to the charts/compose will need to set that config rather than create a nginx config. If so, the work to setup that nginx config is then no longer needed so I would prefer to go straight to that if it's viable. Whilst nginx is relevant in production for more complex cases, the primary purpose of that chart is to get a lab environment working - nginx just being one way without being dependent on the UI change That being said the egeria-ui container is currently based on nginx in any case, just to serve the static content |
We will also need to test with decent certs (see #4722) - as these will need to be deployed to the egeria-ui container |
the solution i proposed would keep the deployment problem just at UI level, so that the egeria-ui container that is based on nginx would just serve the static content and configured with a given API_URL for the backend, pretty encapsulated i think. unfortunately this isn't tracked by any issue tracker and it should be aligned with the Zuul removal PR. i will raise a PR for the JS config so that it provides the given API_URL and raise an issue in Github odpi/egeria-ui. |
@sarbull thanks - with that feature in place it would mean either solution would work. I do agree that having a specific backend api server configuration to me makes the most sense (even if that then points to an nginx deployment, or of course a k8s service -- plenty of flexibility) I think you could do that change first, and could default to localhost:8443/api ? In that case it would work as today? then the other changes I listed above could be made in followup PRs (I think the ordering makes them compatible at each stage) |
@sarbull What about timing? Do you think that change could be made soon (within a week) or more longer term ( a later release) ? Just so I can decide what to do about the remainder. There isn't a whole lot of difference in the approaches. Both mean a config setting needs adding to the containers |
@planetf1 i think it should not have a given default as a technical implementation i see the following:
|
You could do a quick update to the container to set that variable to local host first (Egeria). Or I can. Then the variable can be used in the ui and it can be committed there without breakage. With that done I can do more fix up of the charts and container and remove the default if needed? Just trying to do the changes incrementally? |
@sarbull are you already working on this change? I cannot find issue open about the change.. I think we all agree that we are following this approach as default but we need to test it - has to work with https and self signed certs like it is configured in current docker image. Can you test it locally first? |
It seems the first step is this UI change. Will keep an eye out for that distinct discussion and return here once done. Meanwhile I've ensured any other PRs relating to these changes are in draft status so they don't get merged until we're ready as we have some linked dependencies. |
Signed-off-by: Sirbu Nicolae-Cezar <sirbunicolaecezar@gmail.com>
i still need to complete some chart updates before we can remove, to avoid breaking charts. work in progress |
Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com> Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
We now have a configuration that works either
This now seems to prove the mechanism Note - docker-compose config still needs updating |
@planetf1 can we not point to the same docker file in egeria-ui repo for the docker compose ui sample in labs? Instead using |
ah I see, disregard my previous comment. we still need the npm build -- then we still need this dockerfile to have npm build + hosting sample in the labs |
The work in docker compose is only around the yml Configuration and proxy setup. Should be No change needed to either docker images or build process |
Also the docker file you mentioned is being removed. The Egeria ui repo will be responsible for building with npm then publishing a docker image based on that output |
There are so many ways to manage this of course that will technically work, but my approach has been decomposition. Try and keep each image s simple as possible delivering just one capability that can be consumed in different ways. Then where we need orchestration and aggregation we do that with tools like compose and helm/k8s |
Difinately agree! |
Signed-off-by: Sirbu Nicolae-Cezar <sirbunicolaecezar@gmail.com>
Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
see #4936 for the docker-compose update to support nginx - please review. |
Note:
|
This has been done so we can close - we already have a followon issue to track updating of spring dependencies |
We need to check the impact of removing netflix zuul library form the ui-spring-chassis spring boot UI application.
As discussed on the community call, there are several reasons why we need to move this way:
cc: @sarbull @bogdan-sava @planetf1
The text was updated successfully, but these errors were encountered: