Netflix Eureka for Service Registry cum proxy

[krsr...@gmail.com]

An existing application (lets call it Appy) communicates with a number of services (that can be added dynamically to the ecosystem). Services expose 2 private end points to Appy - one to consume event notifications from Appy and the other as a "heart beat" end point.

As per current architecture, the end point URLs are hard coded into a JSON file in Appy. The JSON file is read once during server start up. End point URLs are exposed over HTTPS. When the end point uses a self signed certificate or a certificate issued by a CA that is not in the trust store, the same needs to be added to the trust store of Appy. The above steps are manual in nature and necessitate a server restart.

We are working on building a centralized Server Registry that can handle end point registration and preferably, act as a proxy between Appy and the end points. To achieve this, the Service Registry needs to allow dynamic addition of certificates to trust store without requiring a restart.

Has anyone handled a similar scenario? Are there any best practices in this area? Does Netflix Eureka have the capabilities that we are looking for and is it a good fit for our scenario? Any suggestions/pointers are greatly appreciated.

[Nitesh]

Eureka is not designed to be a proxy like HAProxy, it is just a service registry. Inside netflix, we use ribbon as our IPC client which integrates with eureka to lookup the available instances for a service.

I do not completely follow your usecase of certificate management, but if your intent is to use eureka for that certificate management, eureka is not designed for such uses. Also general design guideline will be to have a separate certificate management service that can be used for this purpose.