fixes #107 update server.yml to add dynamic port support

light-graphql-4j/src/main/resources/templates/graphql/serverYml.rocker.raw

@@ -4,19 +4,23 @@
 # This is the default binding address if the service is dockerized.
 ip: 0.0.0.0
 
-# Http port if enableHttp is true.
+# Http port if enableHttp is true. It will be ignored if dynamicPort is true.
 httpPort: @httpPort
 
-# Enable HTTP should be false on official environment.
+# Enable HTTP should be false by default. It should be only used for testing with clients or tools
+# that don't support https or very hard to import the certificate. Otherwise, https should be used.
+# When enableHttp, you must set enableHttps to false, otherwise, this flag will be ignored. There is
+# only one protocol will be used for the server at anytime. If both http and https are true, only
+# https listener will be created and the server will bind to https port only.
 enableHttp: @enableHttp
 
-# Https port if enableHttps is true.
+# Https port if enableHttps is true. It will be ignored if dynamicPort is true.
 httpsPort: @httpsPort
 
-# Enable HTTPS should be true on official environment.
+# Enable HTTPS should be true on official environment and most dev environments.
 enableHttps: @enableHttps
 
-# Http/2 is enabled by default.
+# Http/2 is enabled by default for better performance and it works with the client module
 enableHttp2: true
 
 # Keystore file name in config folder. KeystorePass is in secret.yml to access it.
@@ -31,9 +35,24 @@ truststoreName: tls/server.truststore
 # Unique service identifier. Used in service registration and discovery etc.
 serviceId: @serviceId
 
-# Flag to enable service registration. Only be true if running as standalone Java jar.
+# Flag to enable self service registration. This should be turned on on official test and production. And
+# dyanmicPort should be enabled if any orchestration tool is used like Kubernetes.
 enableRegistry: @enableRegistry
 
+# Dynamic port is used in situation that multiple services will be deployed on the same host and normally
+# you will have enableRegistry set to true so that other services can find the dynamic port service. When
+# deployed to Kubernetes cluster, the Pod must be annotated as hostNetwork: true
+dynamicPort: false
+
+# Minimum port range. This define a range for the dynamic allocated ports so that it is easier to setup
+# firewall rule to enable this range. Default 2400 to 2500 block has 100 port numbers and should be
+# enough for most cases unless you are using a big bare metal box as Kubernetes node that can run 1000s pods
+minPort: 2400
+
+# Maximum port rang. The range can be customized to adopt your network security policy and can be increased or
+# reduced to ease firewall rules.
+maxPort: 2500
+
 # environment tag that will be registered on consul to support multiple instances per env for testing.
 # https://github.com/networknt/light-doc/blob/master/docs/content/design/env-segregation.md
 # This tag should only be set for testing env, not production. The production certification process will enforce it.

light-hybrid-4j/src/main/resources/templates/hybrid/serverYml.rocker.raw

@@ -4,19 +4,23 @@
 # This is the default binding address if the service is dockerized.
 ip: 0.0.0.0
 
-# Http port if enableHttp is true.
+# Http port if enableHttp is true. It will be ignored if dynamicPort is true.
 httpPort: @httpPort
 
-# Enable HTTP should be false on official environment.
+# Enable HTTP should be false by default. It should be only used for testing with clients or tools
+# that don't support https or very hard to import the certificate. Otherwise, https should be used.
+# When enableHttp, you must set enableHttps to false, otherwise, this flag will be ignored. There is
+# only one protocol will be used for the server at anytime. If both http and https are true, only
+# https listener will be created and the server will bind to https port only.
 enableHttp: @enableHttp
 
-# Https port if enableHttps is true.
+# Https port if enableHttps is true. It will be ignored if dynamicPort is true.
 httpsPort: @httpsPort
 
-# Enable HTTPS should be true on official environment.
+# Enable HTTPS should be true on official environment and most dev environments.
 enableHttps: @enableHttps
 
-# Http/2 is enabled by default.
+# Http/2 is enabled by default for better performance and it works with the client module
 enableHttp2: true
 
 # Keystore file name in config folder. KeystorePass is in secret.yml to access it.
@@ -31,9 +35,24 @@ truststoreName: tls/server.truststore
 # Unique service identifier. Used in service registration and discovery etc.
 serviceId: @serviceId
 
-# Flag to enable service registration. Only be true if running as standalone Java jar.
+# Flag to enable self service registration. This should be turned on on official test and production. And
+# dyanmicPort should be enabled if any orchestration tool is used like Kubernetes.
 enableRegistry: @enableRegistry
 
+# Dynamic port is used in situation that multiple services will be deployed on the same host and normally
+# you will have enableRegistry set to true so that other services can find the dynamic port service. When
+# deployed to Kubernetes cluster, the Pod must be annotated as hostNetwork: true
+dynamicPort: false
+
+# Minimum port range. This define a range for the dynamic allocated ports so that it is easier to setup
+# firewall rule to enable this range. Default 2400 to 2500 block has 100 port numbers and should be
+# enough for most cases unless you are using a big bare metal box as Kubernetes node that can run 1000s pods
+minPort: 2400
+
+# Maximum port rang. The range can be customized to adopt your network security policy and can be increased or
+# reduced to ease firewall rules.
+maxPort: 2500
+
 # environment tag that will be registered on consul to support multiple instances per env for testing.
 # https://github.com/networknt/light-doc/blob/master/docs/content/design/env-segregation.md
 # This tag should only be set for testing env, not production. The production certification process will enforce it.

light-rest-4j/src/main/resources/templates/rest/server.yml.rocker.raw

@@ -4,19 +4,23 @@
 # This is the default binding address if the service is dockerized.
 ip: 0.0.0.0
 
-# Http port if enableHttp is true.
+# Http port if enableHttp is true. It will be ignored if dynamicPort is true.
 httpPort: @httpPort
 
-# Enable HTTP should be false on official environment.
+# Enable HTTP should be false by default. It should be only used for testing with clients or tools
+# that don't support https or very hard to import the certificate. Otherwise, https should be used.
+# When enableHttp, you must set enableHttps to false, otherwise, this flag will be ignored. There is
+# only one protocol will be used for the server at anytime. If both http and https are true, only
+# https listener will be created and the server will bind to https port only.
 enableHttp: @enableHttp
 
-# Https port if enableHttps is true.
+# Https port if enableHttps is true. It will be ignored if dynamicPort is true.
 httpsPort: @httpsPort
 
-# Enable HTTPS should be true on official environment.
+# Enable HTTPS should be true on official environment and most dev environments.
 enableHttps: @enableHttps
 
-# Http/2 is enabled by default.
+# Http/2 is enabled by default for better performance and it works with the client module
 enableHttp2: true
 
 # Keystore file name in config folder. KeystorePass is in secret.yml to access it.
@@ -31,9 +35,24 @@ truststoreName: tls/server.truststore
 # Unique service identifier. Used in service registration and discovery etc.
 serviceId: @serviceId
 
-# Flag to enable service registration. Only be true if running as standalone Java jar.
+# Flag to enable self service registration. This should be turned on on official test and production. And
+# dyanmicPort should be enabled if any orchestration tool is used like Kubernetes.
 enableRegistry: @enableRegistry
 
+# Dynamic port is used in situation that multiple services will be deployed on the same host and normally
+# you will have enableRegistry set to true so that other services can find the dynamic port service. When
+# deployed to Kubernetes cluster, the Pod must be annotated as hostNetwork: true
+dynamicPort: false
+
+# Minimum port range. This define a range for the dynamic allocated ports so that it is easier to setup
+# firewall rule to enable this range. Default 2400 to 2500 block has 100 port numbers and should be
+# enough for most cases unless you are using a big bare metal box as Kubernetes node that can run 1000s pods
+minPort: 2400
+
+# Maximum port rang. The range can be customized to adopt your network security policy and can be increased or
+# reduced to ease firewall rules.
+maxPort: 2500
+
 # environment tag that will be registered on consul to support multiple instances per env for testing.
 # https://github.com/networknt/light-doc/blob/master/docs/content/design/env-segregation.md
 # This tag should only be set for testing env, not production. The production certification process will enforce it.