Sample repository to explore microservices architecture patterns using Micronaut and Kotlin while following clean architecture/ports and adapters.
Tech stack:
- Kotlin
- Gradle
- GraalVM
- Micronaut
- Project Reactor
- Postgres
- Flyway
- Hibernate / R2DBC
- Apache Kafka
- Redis
- Keycloak
- Docker
- Testcontainers
The goal is to mimic the well known project Spring PetClinic but using Micronaut and following a distributed architecture design.
The application requires JDK 21 on a GraalVM distribution.
Is recommended to use SDKMAN! to install the JDK.
$ curl -s "https://get.sdkman.io" | bash
$ sdk install java 21.0.2-graalce
$ sdk use java 21.0.2-graalce
Add the following entry to your /etc/hosts
:
# Required for Keycloak issuer matching
127.0.0.1 keycloak.local
Also see .env
file for needed environment variables.
Build Micronaut applications Docker images:
./gradlew dockerBuildNative
Start all the applications and infrastructure containers:
docker compose --profile petclinic up
1. Start infrastructure dependencies containers
docker compose up
2. identity-service
./gradlew :identity-service:nativeCompile # or from your IDE with the env vars below
export MICRONAUT_ENVIRONMENTS=dev OAUTH2_CLIENT_SECRET=${IDENTITY_SERVICE_OAUTH2_CLIENT_SECRET}; ./identity-service/build/native/nativeCompile/identity-service
3. pet-service
./gradlew :pet-service:nativeCompile # or from your IDE with the env vars below
export MICRONAUT_ENVIRONMENTS=dev OAUTH2_CLIENT_SECRET=${PET_SERVICE_OAUTH2_CLIENT_SECRET}; ./pet-service/build/native/nativeCompile/pet-service
4. vet-service
./gradlew :vet-service:nativeCompile # or from your IDE with the env vars below
export MICRONAUT_ENVIRONMENTS=dev OAUTH2_CLIENT_SECRET=${VET_SERVICE_OAUTH2_CLIENT_SECRET}; ./vet-service/build/native/nativeCompile/vet-service
How to import Keycloak OpenID realm
- Open your browser and head to Master Realm Admin Console page.
- Login with Keycloak Administrator credentials.
- Create a new realm named
petclinic
by importing the file./keycloak/realm/petclinic-realm.json
.
OpenID client settings:
-
Valid Redirect URIs:
http://localhost:${server.port}/oauth/callback/keycloak
Client Scope
Create a new client scope for both identity-service
and pet-service
OAuth clients.
The client scope should contain an Audience mapper that adds both services as audience in the aud
claim of the JWT token.
Fixes:
13:54:48.623 [default-nioEventLoopGroup-1-3] DEBUG i.m.s.t.jwt.validator.JwtValidator - Validating signed JWT
13:54:48.645 [default-nioEventLoopGroup-1-3] DEBUG i.m.s.t.j.s.jwks.JwksSignatureUtils - JWT Key ID: gOb1j1sIHJKVTacOrsKLH-LaQEkK_rGnSGnWnVXFZ18
13:54:48.645 [default-nioEventLoopGroup-1-3] DEBUG i.m.s.t.j.s.jwks.JwksSignatureUtils - JWK Set Key IDs: gOb1j1sIHJKVTacOrsKLH-LaQEkK_rGnSGnWnVXFZ18,2avwDqmRvQW-nJcEZQiIjoIY5wsNyarebI6kziBY2oU
13:54:48.646 [default-nioEventLoopGroup-1-3] DEBUG i.m.s.t.j.s.jwks.JwksSignatureUtils - Found 1 matching JWKs
13:54:48.651 [default-nioEventLoopGroup-1-3] DEBUG i.m.s.o.c.IdTokenClaimsValidator - audiences 'identity-service' does not contain client id 'pet-service'