Skip to content

Instantly share code, notes, and snippets.

@fragaLY

fragaLY/ConfigServer.java

Last active May 30, 2023 09:13
Show Gist options
  • Save fragaLY/52d7c8917cc2b6181e9b7a94fdd64a19 to your computer and use it in GitHub Desktop.
Save fragaLY/52d7c8917cc2b6181e9b7a94fdd64a19 to your computer and use it in GitHub Desktop.
Download ZIP
Spring Cloud Config Server - Vault and Git integration
Raw
application.yml
server:
port: ${CONFIG_SERVER_PORT:8088}
error:
whitelabel:
enabled: false
shutdown: graceful
servlet:
application-display-name: config-server
spring:
application:
name: config-server
profiles:
active: git, vault
main:
banner-mode: off
thymeleaf:
enabled: false
cloud:
config:
server:
vault:
order: 1
host: ${VAULT_HOST}
port: ${VAULT_PORT:8200}
scheme: ${VAULT_SCHEME:https}
skip-ssl-validation: ${VAULT_SKIP_VERIFY:true}
namespace: ${VAULT_NAMESPACE}
profile-separator: /
backend: "kv"
path-to-key: "app"
kvVersion: 2
git:
order: 2
uri: ${GIT_CONFIG_REPO}
username: ${GIT_USERNAME}
password: ${GIT_TOKEN}
force-pull: true
clone-on-start: true
timeout: 10 # seconds
default-label: master
deleteUntrackedBranches: true
refreshRate: 3600 # every hour
skip-ssl-validation: true
search-paths:
- location-service
- gateway
basedir: ${GIT_CLONE_BASEDIR:/opt/app/config-server/}
force-pull: true
management:
health:
livenessstate:
enabled: true
readinessstate:
enabled: true
endpoint:
health:
enabled: true
probes:
enabled: true
show-components: never
show-details: never
group:
readiness:
include: readinessState, vault
metrics.enabled: true
prometheus.enabled: true
endpoints.web.exposure.include: "*"
prometheus:
metrics:
export:
enabled: true
logging:
level:
org.springframework: info
org.springframework.cloud: info
---
spring:
config:
activate:
on-profile: local
main:
banner-mode: off
cloud:
config:
server:
native:
search-locations:
- ../configs/location-service
- ../configs/gateway
fail-on-error: true
server:
port: 8088
---
spring:
config:
activate:
on-profile: dev, dev2, qa, qa2, qa3, qa4, at, integration, prod
Raw
build.gradle.kts
plugins {
java
id("org.springframework.boot") version "3.0.5"
id("io.spring.dependency-management") version "1.1.0"
}
group = "by.vk"
version = "0.1.0"
java.sourceCompatibility = JavaVersion.VERSION_17
repositories {
mavenCentral()
}
springBoot {
buildInfo()
}
extra["springCloudVersion"] = "2022.0.1"
dependencies {
implementation("org.springframework.cloud:spring-cloud-config-server")
implementation("org.springframework.boot:spring-boot-starter-actuator")
implementation("net.logstash.logback:logstash-logback-encoder:7.3")
implementation("io.micrometer:micrometer-registry-prometheus")
}
dependencyManagement {
imports {
mavenBom("org.springframework.cloud:spring-cloud-dependencies:${property("springCloudVersion")}")
}
}
Raw
ConfigServer.java
@EnableConfigServer
@SpringBootApplication
public class ConfigServer {
private static final Logger LOGGER = LoggerFactory.getLogger(ConfigServer.class);
public static void main(String[] args) {
final var context = SpringApplication.run(ConfigServer.class, args);
final var properties = context.getBean(BuildProperties.class);
LOGGER.info("[CONFIG SERVER] Config server version {}", properties.getVersion()); }
}
Raw
Gateway as an oauth2 client and resource server application.yml on config server
server:
compression:
enabled: true
shutdown: graceful
max-http-request-header-size: 64KB
spring:
config:
activate:
on-profile: at, qa, qa2, qa3, qa4, dev, dev2, integration
main:
banner-mode: off
web-application-type: reactive
lifecycle:
timeout-per-shutdown-phase: 30s
cloud:
gateway:
routes:
- id: resource
uri: no://op
predicates:
- Path=/api/v1/**
metadata:
response-timeout: 600
connect-timeout: 600
filters:
- RewritePath=/api/v1(?<segment>/?.*), $\{segment}
- LocationBasedRequestForwardingFilter=10001
- name: RequestSize
args:
maxSize: 1000000 # 1MB
httpclient:
response-timeout: 600
pool:
name: http-client-pool
connect-timeout: 600
filter:
secure-headers:
strict-transport-security: "\"max-age=31536000; includeSubDomains\" always"
content-security-policy: "default-src 'self' https://*.company.com *.cloudflare.com;img-src 'self' *.company.com *.cloudflare.com *.cloudfront.net *.svgur.com *.assets-yammer.com *.imgur.com *.google-analytics.com *.fbcdn.net http://gravatar.com https://gravatar.com https://stats.g.doubleclick.net https://media.licdn.com https://server.arcgisonline.com https://maps.googleapis.com https://nominatim.openstreetmap.org *.tile.osm.org https://media.giphy.com http://*.company.com http://*.company.com data: blob:;script-src 'self' *.company.com *.cloudflare.com *.uservoice.com *.uvcdn.com *.googletagmanager.com *.google-analytics.com *.tagmanager.google.com *.assets-yammer.com https://cdn.ravenjs.com https://js-agent.newrelic.com https://bam.nr-data.net 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' *.company.com *.cloudflare.com *.uservoice.com *.assets-yammer.com;font-src 'self' *.company.com *.cloudflare.com https://fonts.gstatic.com *.uvcdn.com 'unsafe-inline' data:;connect-src 'self' https://apm-sandbox.cloudapp.company.com/ https://apm-cluster6.cloudapp.company.com wss://menu.company.com https://menu.company.com https://apm.apps.dev1.paas4.company-paas.projects.company.com https://www.google-analytics.com https://globalmenu-stage.company-ppa.projects.company.com wss://globalmenu-stage.company-ppa.projects.company.com https://login-stage.company-sso.projects.company.com;frame-src 'self' *.company.com *.yammer.com *.uservoice.com https://www.google.com https://login.microsoftonline.com https://static.cdn.company.com/;frame-ancestors 'self' *.company.com;manifest-src 'self' http://*.company.com https://company.luminatesec.com https://*.company.com;"
redirect-to:
enabled: false
globalcors:
cors-configurations:
'[/**]':
allowedOrigins: "*.company.com"
allowCredentials: true
allowedHeaders: "Authorization, Cache-Control, X-Requested-With, Accept, Origin, Referer, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Request-Private-Network, Content-Type, X-XSRF-TOKEN, make-me"
allowedMethods: "OPTIONS, GET, POST, PUT, DELETE, HEAD, PATCH"
maxAge: 3600
add-to-simple-url-handler-mapping: true
security:
oauth2:
client:
provider:
company:
issuer-uri: https://access-staging.company.com/auth/realms/plusx
registration:
company:
provider: company
client-id: oauth-client.company.namespace
authorization-grant-type: authorization_code
client-secret: ${VTS_SECURITY_OAUTH2_CLIENT_SECRET}
redirectUri: https://${spring.profiles.active}.vacation.company.com/login/oauth2/code/company
resourceserver:
jwt:
jwk-set-uri: https://access-staging.company.com/auth/realms/plusx/protocol/openid-connect/certs
management:
health:
livenessstate:
enabled: true
readinessstate:
enabled: true
endpoint:
health:
enabled: true
probes:
enabled: true
show-components: never
show-details: never
metrics.enabled: true
prometheus.enabled: true
gateway:
enabled: true
endpoints.web.exposure.include: "*"
prometheus:
metrics:
export:
enabled: true
logging.level:
ROOT: info
epm.vts.unified.gateway: info
org.springframework: info
unified:
client:
uri: ${LOCATION_SERVICE_URL}
enabled: true
timeout: 100
max-attempts: 3
duration: 1
security:
enabled: true
api-prefixes: /api/v1/
public-paths:
- /static/**
- /actuator/health/**
- /actuator/info
- /favicon.*
make-me:
enable: true
---
spring:
config:
activate:
on-profile: prod
security:
oauth2:
client:
provider:
company:
issuer-uri: https://access.company.com/auth/realms/plusx
registration:
company:
provider: company
client-id: oauth-client.company.namespace
client-secret: ${VTS_SECURITY_OAUTH2_CLIENT_SECRET}
redirectUri: https://vacation.company.com/login/oauth2/code/company
resourceserver:
jwt:
jwk-set-uri: https://access.company.com/auth/realms/plusx/protocol/openid-connect/certs
cloud:
gateway:
cors-configurations:
'[/**]':
allowedOrigins: "*.company.com"
allowCredentials: true
allowedHeaders: "Authorization, Cache-Control, X-Requested-With, Accept, Origin, Referer, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Request-Private-Network, Content-Type, X-XSRF-TOKEN, make-me"
unified:
security:
make-me:
enable: false
Raw
Location Service on Config Server: application.yml
server:
compression:
enabled: true
shutdown: graceful
spring:
main:
banner-mode: off
web-application-type: reactive
lifecycle:
timeout-per-shutdown-phase: 30s
webflux:
base-path: "api/v1/"
r2dbc:
url: "vault"
username: "vault"
password: "vault"
properties:
schema: "public"
management:
health:
livenessstate:
enabled: true
readinessstate:
enabled: true
endpoint:
health:
enabled: true
probes:
enabled: true
show-components: never
show-details: never
group:
readiness:
include: readinessState, db
metrics.enabled: true
prometheus.enabled: true
endpoints.web.exposure.include: "*"
prometheus:
metrics:
export:
enabled: true
logging.level:
ROOT: info
org.springframework: info
---
spring:
config:
activate:
on-profile: prod
security:
oauth2:
resourceserver:
jwt:
jwk-set-uri: https://access.company.com/auth/realms/plusx/protocol/openid-connect/certs
---
spring:
config:
activate:
on-profile: local, at, qa, qa2, qa3, qa4, dev, dev2, integration
security:
oauth2:
resourceserver:
jwt:
jwk-set-uri: https://access-staging.company.com/auth/realms/plusx/protocol/openid-connect/certs
Raw
Location Service: in app application.yml
spring:
application:
name: location-service
config:
import: ${CONFIG_SERVER}
cloud:
config:
import-check:
enabled: false
token: ${VAULT_TOKEN}
---
spring:
config:
activate:
on-profile: local
import: configserver:http://localhost:8088?fail-fast=true&max-attempts=10&max-interval=1500&multiplier=1.2&initial-interval=1100
main:
banner-mode: off
r2dbc:
url: "r2dbc:postgresql://localhost:5432/vts"
username: "postgres"
password: "Postgre"
server:
port: 8082
logging:
level:
ROOT: info
epm.vts.unified.location.service: info
org.springframework: info
Raw
logback-spring.xml
<configuration>
<appender class="ch.qos.logback.core.ConsoleAppender" name="consoleAppender">
<encoder class="net.logstash.logback.encoder.LogstashEncoder"/>
</appender>
<appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %highlight(%-5level) %cyan(%-40logger{36}) - %msg%n
</pattern>
</encoder>
</appender>
<logger additivity="false" level="DEBUG" name="jsonLogger">
<appender-ref ref="consoleAppender"/>
</logger>
<springProfile name="local">
<root level="info">
<appender-ref ref="STDOUT"/>
</root>
</springProfile>
<springProfile name="at,dev,dev2,integration,qa,qa2,qa3,qa4,default">
<logger level="info" name="jsonLogger">
<appender-ref ref="consoleAppender"/>
</logger>
<root level="info">
<appender-ref ref="consoleAppender"/>
</root>
</springProfile>
</configuration>
@fragaLY
Copy link
Author

fragaLY commented May 30, 2023

To get configs from the config server try http://localhost:8080/application-dev.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment