The platform is a four-service microservices architecture deployed inside a Kubernetes cluster. External traffic enters through an NGINX Ingress Controller atDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Miguel-Rodriguez15/msvc/llms.txt
Use this file to discover all available pages before exploring further.
microservicios.local, is routed to msvc-gateway, and then forwarded to the appropriate business service. Authentication is handled entirely by msvc-auth, which issues JWT tokens consumed by msvc-usuarios and msvc-cursos as OAuth2 Resource Servers. Services communicate with each other via OpenFeign using Kubernetes DNS, and each service owns an isolated database with no cross-service SQL access.
Cluster Topology
OAuth2 Authentication Flow
The platform uses the Authorization Code grant type with client credentialsusuarios-client / 12345 and scopes openid, read, and write.
- The client initiates the flow by sending a
GETrequest to/oauth2/authorizeon msvc-auth (port 9000), passingresponse_type=code,client_id=usuarios-client, and the desired scopes. - msvc-auth queries user credentials from msvc-usuarios via a reactive WebClient call to the internal
/login?email=endpoint — this is the only case where msvc-auth reaches out to another service. - Upon successful authentication, msvc-auth issues a signed JWT access token containing the granted scopes (
read,write,openid). - The client attaches the JWT as a
Bearertoken on subsequent requests to msvc-usuarios and msvc-cursos. Both services validate the token locally as OAuth2 Resource Servers without a round-trip to msvc-auth.
Inter-Service Communication
Business services call each other using OpenFeign declarative HTTP clients. Service resolution is performed by Spring Cloud Kubernetes using Kubernetes Service DNS — there is no Eureka or Consul registry.- msvc-cursos → msvc-usuarios: msvc-cursos calls msvc-usuarios to create a new user and immediately enroll them in a course (
POST /crear-usuario/{cursoId}), and to look up users by ID when returning course details. - msvc-usuarios → msvc-cursos: msvc-usuarios calls msvc-cursos to clean up all course enrollments when a user is deleted, ensuring referential consistency across the isolated databases.
- DNS-based discovery: Feign clients resolve target services by their Kubernetes Service names —
lb://msvc-usuariosandlb://msvc-cursos— enabling client-side load balancing across multiple pod replicas.
Gateway Routing
msvc-gateway uses Spring Cloud Gateway MVC to route external requests to upstream services. Routes are defined inmsvc-gateway/src/main/resources/application.yaml:
| Path Prefix | Backend Service | Strip Prefix |
|---|---|---|
/api/usuarios/** | lb://msvc-usuarios | 2 |
/api/cursos/** | lb://msvc-cursos | 2 |
StripPrefix=2 filter removes the first two path segments before forwarding. A request to /api/usuarios/1 is forwarded to msvc-usuarios as /1. The lb:// scheme activates Spring Cloud LoadBalancer, which distributes traffic across all healthy pods of the target service.
Data Isolation
Each service owns its database exclusively. There are no shared schemas and no direct cross-service SQL queries.- msvc-usuarios → MySQL 8 — schema
msvc_usuarios. Managed by Spring Data JPA with Hibernate using the MySQL8 dialect. - msvc-cursos → PostgreSQL 14 — schema
msvc_cursos. Managed by Spring Data JPA with Hibernate using the PostgreSQL dialect.