Eureka is ideal for middle tier services as service registry and discovery soln.
Isn't it going to be a security smell, if the same eureka server is used to register edge services also?
In such case, is it advisable to have separate eureka servers for edge and middle services?
Asked
Active
Viewed 87 times
0
Divs
- 1,578
- 2
- 24
- 51
-
1What would be the security gain if you put each category of your services in a different registry? How will your edge services discover the "middle" services? – Hannoun Yassir Jun 28 '17 at 22:44
-
@HannounYassir Bang On! Absolutely correct!. I tried hosting 2 different eureka server at 2 different Tomcat deployments in local and then connecting the `App Service(s)` to one `eureka server` and the `Zuul (i.e. App Client)` to another `eureka server`. The `eureka-client.properties` within the `eureka server` specified the `defaultZone`, that had both eureka servers.. When I hit the `Zuul` proxy Url, it still gets routed to correct `App Service`. So even when `edge service` works as a `client`, they should still be able to discover `middle service` and thus no `security` gain. – Divs Jun 29 '17 at 07:07
-
Also, if I consider this article ("https://medium.com/netflix-techblog/netflix-shares-cloud-load-balancing-and-failover-tool-eureka-c10647ef95e5") the section "When should I use Eureka", then it seems like `Zuul` is probably not best suited using `ribbon-eureka` as a client for `edge services`, for avoiding any security smells? – Divs Jun 29 '17 at 08:18