Secure inter-micro-service communication with Spring Boot, Kafka, Vault and Kubernetes -- Part 5 : Deployment and testing

1. Part 1: Intoduction and architecture
2. Part 2: Setting up Kubernetes and Kafka
3. Part 3: Setting up Vault
4. Part 4: Building micro-services
5. Part 5: Deployment and testing <--This article

Deploying micro-services

• We will use Jib to deploy. Recall the concept of deployment to Kubernetes here [https://github.com/azrulhasni/Ebanking-JHipster-Keycloak-Nginx-K8#deployment-concept]
• We will first push our images to Docker Hub (hub.docker.com) and pull them back into our Kubernetes cluster. For this we will need a Docker Hub account. You can register for one for free.

Build images and deploy to Kubernetes

• Point your command line console to the $PROJECTS/k8s folder. Run the command

> jhipster kubernetes

• The choices presented are:
• Which * type *- choose Microservice application
• Enter the root directory - in our case we use (../)
• When asked which application do you want to include - choose GatewayKafka, Transaction and DepositAccount
• Make sure you enter the registry admin password
• For Kubernetes namespace - choose default
• For base Docker repository - use your Docker Hub username
• To push docker images - choose docker push
• For istio - set to No
• For Kubernetes service type for edge service - choose LoadBalancer
• For dynamic storage provisioning - yes
• For storage class, use default storage class - leave the answer empty
• Once successful you will see the screen below

Kubernetes configuration successfully generated!
WARNING! You will need to push your image to a registry. If you have not done so, use the following commands to tag and push the images:
  docker image tag depositaccount azrulhasni/depositaccount
  docker push azrulhasni/depositaccount
  docker image tag gatewaykafka azrulhasni/gatewaykafka
  docker push azrulhasni/gatewaykafka
  docker image tag transaction azrulhasni/transaction
  docker push azrulhasni/transaction
INFO! Alternatively, you can use Jib to build and push image directly to a remote registry:
  ./mvnw -ntp -Pprod verify jib:build -Djib.to.image=azrulhasni/depositaccount in /Users/azrul/Documents/GitHub/Ebanking-JHipster-Kafka-Vault/DepositAccount
  ./mvnw -ntp -Pprod verify jib:build -Djib.to.image=azrulhasni/gatewaykafka in /Users/azrul/Documents/GitHub/Ebanking-JHipster-Kafka-Vault/GatewayKafka
  ./mvnw -ntp -Pprod verify jib:build -Djib.to.image=azrulhasni/transaction in /Users/azrul/Documents/GitHub/Ebanking-JHipster-Kafka-Vault/Transaction
You can deploy all your apps by running the following kubectl command:
  bash kubectl-apply.sh -f
[OR]
If you want to use kustomize configuration, then run the following command:
  bash kubectl-apply.sh -k
Use these commands to find your application's IP addresses:
  kubectl get svc gatewaykafka
INFO! Congratulations, JHipster execution is complete!

• We will be using the Jib version. Point your command line console to $PROJECTS/DepositAccount
• Run the command below. This will push DepositAccount to Docker Hub.

>./mvnw -ntp -Pprod verify jib:build -Djib.to.image=azrulhasni/depositaccount

• Then, go to $PROJECTS/GatewayKafka and run the command below. This will push GatewayKafka to Docker Hub.

> ./mvnw -ntp -Pprod verify jib:build -Djib.to.image=azrulhasni/gatewaykafka

• Lastly, go to $PROJECTS/Transaction and run the command below. This will push Transaction to Docker Hub.

>./mvnw -ntp -Pprod verify jib:build -Djib.to.image=azrulhasni/transaction

• Then, go back $PROJECTS/k8s and run the command below. This will pull all three images above into our Kubernetes cluster.

> bash kubectl-apply.sh -f

• To verify if the micro-services are deployed properly and running, run the command:

>kubectl get  pods

• You will see the result below. Note that we deploy each micro-service, its corresponding database and also JHipster registry.

Testing micro-services

• Firstly, we need to install JQ. JQ is a tool that allow us to grep json data. JQ distribution can be found here https://stedolan.github.io/jq/download/
• Recall our architecture. In order for us to call the Transaction micro-service, we have to go through our Gateway. Recall also that we have chosen JWT authentication when we created our Gateway. Run the command below to create a token for such access. The token will be exported into a variable called TOKEN. Note that we are using the default admin user and password. We should create proper users for production.

> export TOKEN=`curl  -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{  "password": "admin",  "rememberMe": true,  "username": "admin"  }' 'https://localhost:8080/api/authenticate' | jq -r .id_token`

• To verify the token, run:

> echo $TOKEN

• You should get the response like below

> echo $TOKEN
eyJhbGciOiJIUzUxMiJ9...AE2w

• Firstly, we may want to create 2 deposit accounts that we can debit from and credit too. Use the curl command below. We will create an account with the account number 1111 with 10000 as balance.

> curl -X POST "https://localhost:8080/services/depositaccount/api/deposit-accounts" -H "accept: */*" -H "Content-Type: application/json" -H "Authorization: Bearer $TOKEN" -d "{ \"accountNumber\": \"1111\", \"balance\": 10000, \"openingDate\": \"2020-10-17T11:55:02.749Z\", \"productId\": \"DEPOSIT\", \"status\": 0}"

{"id":1001,"accountNumber":"1111","productId":"DEPOSIT","openingDate":"2020-10-17T11:55:02.749Z","status":0,"balance":10000}

• Then create the second account. The account number is 2222 with the balance of 0

> curl -X POST "https://localhost:8080/services/depositaccount/api/deposit-accounts" -H "accept: */*" -H "Content-Type: application/json" -H "Authorization: Bearer $TOKEN" -d "{ \"accountNumber\": \"2222\", \"balance\": 0, \"openingDate\": \"2020-10-17T11:55:02.749Z\", \"productId\": \"DEPOSIT\", \"status\": 0}"

{"id":1002,"accountNumber":"2222","productId":"DEPOSIT","openingDate":"2020-10-17T11:55:02.749Z","status":0,"balance":0}

• Now is the moment of truth. Let us transfer 10 from account 1111 to account 2222

> curl -X POST "https://localhost:8080/services/transaction/api/transaction-kafka/transfer" -H "accept: */*" -H "Content-Type: application/json" -H "Authorization: Bearer $TOKEN" -d "{ \"amount\": \"10\", \"finalBalance\": \"\", \"fromAccountNumber\": \"1111\", \"toAccountNumber\": \"2222\"}"

{"fromAccountNumber":"1111","toAccountNumber":"2222","amount":"10","finalBalance":"9990.00"}

• Notice that the finalBalance field is now 9990.
• You can also run the curl command below to find out the current balance of both accounts:

> curl -X GET "https://localhost:8080/services/depositaccount/api/deposit-accounts" -H "accept: */*" -H "Authorization: Bearer $TOKEN"

You will get the reply below:

[
  {
    "id": 1001,
    "accountNumber": "1111",
    "productId": "DEPOSIT",
    "openingDate": "2020-10-17T12:22:57.494Z",
    "status": 0,
    "balance": 9990
  },
  {
    "id": 1002,
    "accountNumber": "2222",
    "productId": "DEPOSIT",
    "openingDate": "2020-10-17T12:22:57.494Z",
    "status": 0,
    "balance": 10
  }
]

Conclusion

We started with a simple architecture where we want to send an encrypted message (and receive a response) from one micro-service to another.

We have explored Kafka, installing it too Kubernetes. We have also explored Vault and play around with its functionalities.

Finally, we created 2 micro-services and send an encrypted message from one to another and receive a reply. This concludes our tutorial

The full application can be accessed here: https://github.com/azrulhasni/Ebanking-JHipster-Kafka-Vault