Last active
May 30, 2023 09:13
-
-
Save fragaLY/52d7c8917cc2b6181e9b7a94fdd64a19 to your computer and use it in GitHub Desktop.
Spring Cloud Config Server - Vault and Git integration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server: | |
port: ${CONFIG_SERVER_PORT:8088} | |
error: | |
whitelabel: | |
enabled: false | |
shutdown: graceful | |
servlet: | |
application-display-name: config-server | |
spring: | |
application: | |
name: config-server | |
profiles: | |
active: git, vault | |
main: | |
banner-mode: off | |
thymeleaf: | |
enabled: false | |
cloud: | |
config: | |
server: | |
vault: | |
order: 1 | |
host: ${VAULT_HOST} | |
port: ${VAULT_PORT:8200} | |
scheme: ${VAULT_SCHEME:https} | |
skip-ssl-validation: ${VAULT_SKIP_VERIFY:true} | |
namespace: ${VAULT_NAMESPACE} | |
profile-separator: / | |
backend: "kv" | |
path-to-key: "app" | |
kvVersion: 2 | |
git: | |
order: 2 | |
uri: ${GIT_CONFIG_REPO} | |
username: ${GIT_USERNAME} | |
password: ${GIT_TOKEN} | |
force-pull: true | |
clone-on-start: true | |
timeout: 10 # seconds | |
default-label: master | |
deleteUntrackedBranches: true | |
refreshRate: 3600 # every hour | |
skip-ssl-validation: true | |
search-paths: | |
- location-service | |
- gateway | |
basedir: ${GIT_CLONE_BASEDIR:/opt/app/config-server/} | |
force-pull: true | |
management: | |
health: | |
livenessstate: | |
enabled: true | |
readinessstate: | |
enabled: true | |
endpoint: | |
health: | |
enabled: true | |
probes: | |
enabled: true | |
show-components: never | |
show-details: never | |
group: | |
readiness: | |
include: readinessState, vault | |
metrics.enabled: true | |
prometheus.enabled: true | |
endpoints.web.exposure.include: "*" | |
prometheus: | |
metrics: | |
export: | |
enabled: true | |
logging: | |
level: | |
org.springframework: info | |
org.springframework.cloud: info | |
--- | |
spring: | |
config: | |
activate: | |
on-profile: local | |
main: | |
banner-mode: off | |
cloud: | |
config: | |
server: | |
native: | |
search-locations: | |
- ../configs/location-service | |
- ../configs/gateway | |
fail-on-error: true | |
server: | |
port: 8088 | |
--- | |
spring: | |
config: | |
activate: | |
on-profile: dev, dev2, qa, qa2, qa3, qa4, at, integration, prod |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
plugins { | |
java | |
id("org.springframework.boot") version "3.0.5" | |
id("io.spring.dependency-management") version "1.1.0" | |
} | |
group = "by.vk" | |
version = "0.1.0" | |
java.sourceCompatibility = JavaVersion.VERSION_17 | |
repositories { | |
mavenCentral() | |
} | |
springBoot { | |
buildInfo() | |
} | |
extra["springCloudVersion"] = "2022.0.1" | |
dependencies { | |
implementation("org.springframework.cloud:spring-cloud-config-server") | |
implementation("org.springframework.boot:spring-boot-starter-actuator") | |
implementation("net.logstash.logback:logstash-logback-encoder:7.3") | |
implementation("io.micrometer:micrometer-registry-prometheus") | |
} | |
dependencyManagement { | |
imports { | |
mavenBom("org.springframework.cloud:spring-cloud-dependencies:${property("springCloudVersion")}") | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@EnableConfigServer | |
@SpringBootApplication | |
public class ConfigServer { | |
private static final Logger LOGGER = LoggerFactory.getLogger(ConfigServer.class); | |
public static void main(String[] args) { | |
final var context = SpringApplication.run(ConfigServer.class, args); | |
final var properties = context.getBean(BuildProperties.class); | |
LOGGER.info("[CONFIG SERVER] Config server version {}", properties.getVersion()); } | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server: | |
compression: | |
enabled: true | |
shutdown: graceful | |
max-http-request-header-size: 64KB | |
spring: | |
config: | |
activate: | |
on-profile: at, qa, qa2, qa3, qa4, dev, dev2, integration | |
main: | |
banner-mode: off | |
web-application-type: reactive | |
lifecycle: | |
timeout-per-shutdown-phase: 30s | |
cloud: | |
gateway: | |
routes: | |
- id: resource | |
uri: no://op | |
predicates: | |
- Path=/api/v1/** | |
metadata: | |
response-timeout: 600 | |
connect-timeout: 600 | |
filters: | |
- RewritePath=/api/v1(?<segment>/?.*), $\{segment} | |
- LocationBasedRequestForwardingFilter=10001 | |
- name: RequestSize | |
args: | |
maxSize: 1000000 # 1MB | |
httpclient: | |
response-timeout: 600 | |
pool: | |
name: http-client-pool | |
connect-timeout: 600 | |
filter: | |
secure-headers: | |
strict-transport-security: "\"max-age=31536000; includeSubDomains\" always" | |
content-security-policy: "default-src 'self' https://*.company.com *.cloudflare.com;img-src 'self' *.company.com *.cloudflare.com *.cloudfront.net *.svgur.com *.assets-yammer.com *.imgur.com *.google-analytics.com *.fbcdn.net http://gravatar.com https://gravatar.com https://stats.g.doubleclick.net https://media.licdn.com https://server.arcgisonline.com https://maps.googleapis.com https://nominatim.openstreetmap.org *.tile.osm.org https://media.giphy.com http://*.company.com http://*.company.com data: blob:;script-src 'self' *.company.com *.cloudflare.com *.uservoice.com *.uvcdn.com *.googletagmanager.com *.google-analytics.com *.tagmanager.google.com *.assets-yammer.com https://cdn.ravenjs.com https://js-agent.newrelic.com https://bam.nr-data.net 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' *.company.com *.cloudflare.com *.uservoice.com *.assets-yammer.com;font-src 'self' *.company.com *.cloudflare.com https://fonts.gstatic.com *.uvcdn.com 'unsafe-inline' data:;connect-src 'self' https://apm-sandbox.cloudapp.company.com/ https://apm-cluster6.cloudapp.company.com wss://menu.company.com https://menu.company.com https://apm.apps.dev1.paas4.company-paas.projects.company.com https://www.google-analytics.com https://globalmenu-stage.company-ppa.projects.company.com wss://globalmenu-stage.company-ppa.projects.company.com https://login-stage.company-sso.projects.company.com;frame-src 'self' *.company.com *.yammer.com *.uservoice.com https://www.google.com https://login.microsoftonline.com https://static.cdn.company.com/;frame-ancestors 'self' *.company.com;manifest-src 'self' http://*.company.com https://company.luminatesec.com https://*.company.com;" | |
redirect-to: | |
enabled: false | |
globalcors: | |
cors-configurations: | |
'[/**]': | |
allowedOrigins: "*.company.com" | |
allowCredentials: true | |
allowedHeaders: "Authorization, Cache-Control, X-Requested-With, Accept, Origin, Referer, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Request-Private-Network, Content-Type, X-XSRF-TOKEN, make-me" | |
allowedMethods: "OPTIONS, GET, POST, PUT, DELETE, HEAD, PATCH" | |
maxAge: 3600 | |
add-to-simple-url-handler-mapping: true | |
security: | |
oauth2: | |
client: | |
provider: | |
company: | |
issuer-uri: https://access-staging.company.com/auth/realms/plusx | |
registration: | |
company: | |
provider: company | |
client-id: oauth-client.company.namespace | |
authorization-grant-type: authorization_code | |
client-secret: ${VTS_SECURITY_OAUTH2_CLIENT_SECRET} | |
redirectUri: https://${spring.profiles.active}.vacation.company.com/login/oauth2/code/company | |
resourceserver: | |
jwt: | |
jwk-set-uri: https://access-staging.company.com/auth/realms/plusx/protocol/openid-connect/certs | |
management: | |
health: | |
livenessstate: | |
enabled: true | |
readinessstate: | |
enabled: true | |
endpoint: | |
health: | |
enabled: true | |
probes: | |
enabled: true | |
show-components: never | |
show-details: never | |
metrics.enabled: true | |
prometheus.enabled: true | |
gateway: | |
enabled: true | |
endpoints.web.exposure.include: "*" | |
prometheus: | |
metrics: | |
export: | |
enabled: true | |
logging.level: | |
ROOT: info | |
epm.vts.unified.gateway: info | |
org.springframework: info | |
unified: | |
client: | |
uri: ${LOCATION_SERVICE_URL} | |
enabled: true | |
timeout: 100 | |
max-attempts: 3 | |
duration: 1 | |
security: | |
enabled: true | |
api-prefixes: /api/v1/ | |
public-paths: | |
- /static/** | |
- /actuator/health/** | |
- /actuator/info | |
- /favicon.* | |
make-me: | |
enable: true | |
--- | |
spring: | |
config: | |
activate: | |
on-profile: prod | |
security: | |
oauth2: | |
client: | |
provider: | |
company: | |
issuer-uri: https://access.company.com/auth/realms/plusx | |
registration: | |
company: | |
provider: company | |
client-id: oauth-client.company.namespace | |
client-secret: ${VTS_SECURITY_OAUTH2_CLIENT_SECRET} | |
redirectUri: https://vacation.company.com/login/oauth2/code/company | |
resourceserver: | |
jwt: | |
jwk-set-uri: https://access.company.com/auth/realms/plusx/protocol/openid-connect/certs | |
cloud: | |
gateway: | |
cors-configurations: | |
'[/**]': | |
allowedOrigins: "*.company.com" | |
allowCredentials: true | |
allowedHeaders: "Authorization, Cache-Control, X-Requested-With, Accept, Origin, Referer, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Request-Private-Network, Content-Type, X-XSRF-TOKEN, make-me" | |
unified: | |
security: | |
make-me: | |
enable: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server: | |
compression: | |
enabled: true | |
shutdown: graceful | |
spring: | |
main: | |
banner-mode: off | |
web-application-type: reactive | |
lifecycle: | |
timeout-per-shutdown-phase: 30s | |
webflux: | |
base-path: "api/v1/" | |
r2dbc: | |
url: "vault" | |
username: "vault" | |
password: "vault" | |
properties: | |
schema: "public" | |
management: | |
health: | |
livenessstate: | |
enabled: true | |
readinessstate: | |
enabled: true | |
endpoint: | |
health: | |
enabled: true | |
probes: | |
enabled: true | |
show-components: never | |
show-details: never | |
group: | |
readiness: | |
include: readinessState, db | |
metrics.enabled: true | |
prometheus.enabled: true | |
endpoints.web.exposure.include: "*" | |
prometheus: | |
metrics: | |
export: | |
enabled: true | |
logging.level: | |
ROOT: info | |
org.springframework: info | |
--- | |
spring: | |
config: | |
activate: | |
on-profile: prod | |
security: | |
oauth2: | |
resourceserver: | |
jwt: | |
jwk-set-uri: https://access.company.com/auth/realms/plusx/protocol/openid-connect/certs | |
--- | |
spring: | |
config: | |
activate: | |
on-profile: local, at, qa, qa2, qa3, qa4, dev, dev2, integration | |
security: | |
oauth2: | |
resourceserver: | |
jwt: | |
jwk-set-uri: https://access-staging.company.com/auth/realms/plusx/protocol/openid-connect/certs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
spring: | |
application: | |
name: location-service | |
config: | |
import: ${CONFIG_SERVER} | |
cloud: | |
config: | |
import-check: | |
enabled: false | |
token: ${VAULT_TOKEN} | |
--- | |
spring: | |
config: | |
activate: | |
on-profile: local | |
import: configserver:http://localhost:8088?fail-fast=true&max-attempts=10&max-interval=1500&multiplier=1.2&initial-interval=1100 | |
main: | |
banner-mode: off | |
r2dbc: | |
url: "r2dbc:postgresql://localhost:5432/vts" | |
username: "postgres" | |
password: "Postgre" | |
server: | |
port: 8082 | |
logging: | |
level: | |
ROOT: info | |
epm.vts.unified.location.service: info | |
org.springframework: info |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<configuration> | |
<appender class="ch.qos.logback.core.ConsoleAppender" name="consoleAppender"> | |
<encoder class="net.logstash.logback.encoder.LogstashEncoder"/> | |
</appender> | |
<appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT"> | |
<encoder> | |
<pattern>%d{HH:mm:ss.SSS} [%thread] %highlight(%-5level) %cyan(%-40logger{36}) - %msg%n | |
</pattern> | |
</encoder> | |
</appender> | |
<logger additivity="false" level="DEBUG" name="jsonLogger"> | |
<appender-ref ref="consoleAppender"/> | |
</logger> | |
<springProfile name="local"> | |
<root level="info"> | |
<appender-ref ref="STDOUT"/> | |
</root> | |
</springProfile> | |
<springProfile name="at,dev,dev2,integration,qa,qa2,qa3,qa4,default"> | |
<logger level="info" name="jsonLogger"> | |
<appender-ref ref="consoleAppender"/> | |
</logger> | |
<root level="info"> | |
<appender-ref ref="consoleAppender"/> | |
</root> | |
</springProfile> | |
</configuration> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To get configs from the config server try http://localhost:8080/application-dev.yml