chore(gateway): enhance configurations, optimize Dockerfile, and improve resilience

- Updated `application.yaml` to include Redis and Consul configurations for rate limiting and service discovery. - Added OAuth2 resource server settings to improve security. - Refined Gradle dependencies, introducing Reactive Resilience4j for WebFlux. - Optimized Dockerfile with cleaner build and runtime stages, adjusted caching, and streamlined directory structure.
2026-01-16 23:06:01 +01:00
parent 6f78a9ce83
commit 11040d6765
4 changed files with 64 additions and 46 deletions
@@ -1,21 +1,56 @@
+server:
+  port: 8081
+
 spring:
  application:
    name: "gateway"
  autoconfigure:
    exclude:
      - "org.springframework.cloud.client.loadbalancer.LoadBalancerAutoConfiguration"
+
+  # --- REDIS (für Rate Limiting) ---
+  data:
+    redis:
+      host: ${SPRING_DATA_REDIS_HOST:localhost}
+      port: ${SPRING_DATA_REDIS_PORT:6379}
+      password: ${SPRING_DATA_REDIS_PASSWORD:redis-password}
+
+  # --- CONSUL (Service Discovery) ---
  cloud:
+    consul:
+      host: ${CONSUL_HOST:localhost}
+      port: ${CONSUL_PORT:8500}
+      discovery:
+        register: true
+        service-name: ${spring.application.name}
+        # Bei lokalem Start (Gradle) wollen wir nicht die Docker-IP registrieren, sondern localhost oder die Host-IP.
+        # Aber für den Anfang reicht es, wenn wir Consul finden.
+
    gateway:
-      # Wir nutzen die Standard-HTTP-Client-Konfiguration (Reactor Netty Defaults).
-      # Explizite Timeouts oder Pool-Settings können bei Bedarf über System-Properties
-      # oder spezifische Beans gesetzt werden, um Deprecation-Warnungen in YAML zu vermeiden.
      httpclient: {}
+      # Routen sind in GatewayConfig.kt definiert
+
+  # --- SECURITY (OAuth2 Resource Server) ---
+  security:
+    oauth2:
+      resourceserver:
+        jwt:
+          # Keycloak URL. Lokal: localhost:8080 (oder 8180 je nach Mapping).
+          # Im Docker: keycloak:8080.
+          # Wir nutzen hier localhost:8180 als Default (siehe docker-compose Port Mapping).
+          issuer-uri: ${KEYCLOAK_ISSUER_URI:http://localhost:8180/realms/meldestelle}
+          jwk-set-uri: ${KEYCLOAK_JWK_SET_URI:http://localhost:8180/realms/meldestelle/protocol/openid-connect/certs}

 management:
  endpoints:
    web:
      exposure:
        include: "health,info,prometheus"
+  endpoint:
+    health:
+      show-details: always
+      probes:
+        enabled: true # Aktiviert /actuator/health/liveness und /readiness
  tracing:
    sampling:
      probability: 1.0