Hi,
I want my clients to use the DNS configurations to find servers. DSN config: txt.defaultZone IN TXT "user:password@peer1" "user:password@peer2".
useDnsForFetchingServiceUrls: true
eurekaServerDNSName: example
eurekaServerPort: 8761
eurekaServerURLContext: eureka
Is there a way to specify credentials in client config? Or is there a more secure alternative?
Thanks
Comment From: dsyer
I didn't really get what you are doing with the TXT record (isn't it a bad idea to advertise your credentials in DNS?). You can add HTTP basic credentials to eureka.client.serviceUrl.* in "curl" form, "https://user:password@hostname" (lots of examples in spring-cloud-samples).
Comment From: aivans
I am trying to use the DNS mode. I read that it allows for a more dynamic configuration for the clients. I get the part with serviceURL:eureka:
client:
serviceUrl:
defaultZone: http://user:password@peer2:8762/eureka/
but in DNS mode the client is configured with domain details, I didn't find any security properties.
The DiscoveryClient class uses these details like this:
for (String ec2Url : ec2Urls) {
String serviceUrl = "http://" + ec2Url + ":"
+ clientConfig.getEurekaServerPort()
+ "/" + clientConfig.getEurekaServerURLContext()
+ "/";
logger.debug("The EC2 url is {}", serviceUrl);
serviceUrls.add(serviceUrl);
}
So I don't know where I could configure basic auth credentials on the client.
Comment From: dsyer
No, I can't see any way to configure basic auth. It's just native Netflix functionality, so either it's there and we can't see it, or it's not and you are supposed to rely on physical security.
Comment From: aivans
Let's leave this open for a while. I'll ask on the Netflix google group.
Comment From: spencergibb
Closed for lack of feedback. Please, reopen if there is something new to add.
Comment From: ukid
Any clues to workaround?