hyness / spring-cloud-config-server Goto Github PK
View Code? Open in Web Editor NEWDocker build of the spring-cloud-config-server
License: Apache License 2.0
Docker build of the spring-cloud-config-server
License: Apache License 2.0
Setting the environment property SPRING_SECURITY_USER_PASSWORD is not working! While using GCP Cloud Run and Secrets.
Example:
docker run -it -p 8888:8888
-e SPRING_PROFILES_ACTIVE=security
-e SPRING_SECURITY_USER_NAME=myuser
-e SPRING_SECURITY_USER_PASSWORD=
hyness/spring-cloud-config-server
Version 3.1.0-jdk11
it took me a couple of days to find out that since the use of the Cloud Native buildpacks the .ssh directory is under /home/cnb/.ssh
docker run --rm --name=test -it -p 8888:8888 -v $HOME/.ssh:/home/cnb/.ssh hyness/spring-cloud-config-server [email protected]:user/private-github-repo.git --spring.cloud.config.server.git.default-label=main
It might be useful to add this to the documentation or a wiki page. Posting this to save people tons of time.
Originally posted by @fennekit in #60 (comment)
Create a workflow that verifies that changes do not introduce regressions
It appears the new entrypoint.sh
script isn't working as expected. After pulling the container, java fails to startup:
$ docker run --rm -it hyness/spring-cloud-config-server
Error: Could not find or load main class
Checking out the additions of entrypoint.sh
, it looks like quoting "${JAVA_OPTS}"
causes the issue. When I remove the quotes from that script inside the container, and re-run it, the script seems to work:
# cat /opt/spring-cloud-config-server/entrypoint.sh
#!/bin/sh
java ${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom -jar \
/opt/spring-cloud-config-server/target/spring-cloud-config-server.jar --server.port=8888 \
--spring.config.name=application "$@"
# sh /opt/spring-cloud-config-server/entrypoint.sh
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.2.2.RELEASE)
2020-01-31 21:01:39.091 INFO 414 --- [ main] o.s.c.c.server.ConfigServerApplication : No active profile set, falling back to default profiles: default
2020-01-31 21:01:40.468 INFO 414 --- [ main] o.s.cloud.context.scope.GenericScope : BeanFactory id=e6ccd91b-1415-353c-a35a-5b63eb34d5d7
...
Hi,
I have just a very short question: are there any plans to provide the docker image with preconfigured AWSS3 as Configuration Storage?
That would be really great.
Best regards
Marco
I try to mount a local config dir without using a git repo ...
in my docker-compose.yaml:
configserver:
image: hyness/spring-cloud-config-server:1.3.0.RELEASE
ports:
- "8888:8888"
volumes:
- ./configuration:/config
I would have expected, that the configserver uses the yaml files I have in that folder.
But instead I get:
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate
[org.springframework.boot.actuate.autoconfigure.EndpointAutoConfiguration$$EnhancerBySpringCGLIB$$8e9f1d35]: Constructor threw exception; nested exception is
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'configServerHealthIndicator' defined in class path resource
[org/springframework/cloud/config/server/config/EnvironmentRepositoryConfiguration.class]:
Unsatisfied dependency expressed through method 'configServerHealthIndicator' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.cloud.config.server.config.CompositeConfiguration':
Unsatisfied dependency expressed through method 'setEnvironmentRepos' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'defaultEnvironmentRepository' defined in class path resource
[org/springframework/cloud/config/server/config/EnvironmentRepositoryConfiguration$DefaultRepositoryConfiguration.class]: Invocation of init method failed; nested exception is
java.lang.IllegalStateException: **You need to configure a uri for the git repository**
Hi,
I see that end points encrpt/decrypt wont work, is JCE not setup yet?
Hi, currently trying to debug my configuration and make sure files are passed over. We also made some changes to this to run a configentry.sh script to move our settings into a docker file built on top of this. However, looks like the image no longer contains an executable we can do (used to be /bin/sh it looks like).
It seems I can only get the environment variables to work for a GIT configuration. It keeps claiming my application.yml file is invalid. The same file use to work in the 2.2.2 release.
I would love to mount a different banner.txt when the config server starts. should be possible by defining a volume mount.
I am trying to use the docker image with a private GitHub repository and get the following error (see below). If I use a a public repository works fine, but as soon as it is private and i use the token I get the following error. The token should allow access and does via the command line. Yet it fails when run in the image.
I have two factor authentication on if that help. I also tried using my username and password, still same issue.
Would appreciate any help. I am trying to setup a single Java application to use with Cloud Config, but I would primarily end up using it with Python applications. So my Java knowledge is limited.
org.eclipse.jgit.api.errors.TransportException: https://[email protected]/devsetgo/myfiles.git: Authentication is required but no CredentialsProvider has been registered
jvmTarget
is hardcoded to 11 in gradle.properties
I would like to see if there is a support available for git clone via ssh.
Below is the command used to bring up the container
docker run -it -p 8888:8888 \ -e SPRING_CLOUD_CONFIG_SERVER_GIT_URI=sssh://[email protected]/AppConfig.git \ docker pull hyness/spring-cloud-config-server
Hitting config server url gives me the below
There was an unexpected error (type=Not Found, status=404).
Cannot clone or checkout repository: ssh://[email protected]/AppConfig.git
Is it possible to update log4j so spring cloud server is not vulnerable?
Thanks a lot for creating & maintaining this project!
It would be great if we could enable metrics endpoints for integrations with monitoring tools like Prometheus.
My use case is that I want to monitor the Spring Cloud Config Server with Prometheus. For that I need to expose /actuator/prometheus
.
Right now I'm able to set management.endpoints.web.exposure.include=health,info,metrics
which exposes /actuator/metrics
. However, I need the /actuator/prometheus
endpoint which exposes metrics in a custom format.
I think 2 changes would be required here:
micrometer-registry-prometheus
in the application artifactmanagement.endpoints.web.exposure.include=prometheus
to enable Prometheus metricsWhat do you think?
Hi,
After installing the config server I tried fetching a plain text file as:
$ wget http://config-server/*/mz/develop/filename.xml
I see the following error in config server logs:
herServlet] in context with path [] threw exception [Request processing failed; nested exception is org.springframework.cloud.config.se
rver.environment.FailedToConstructEnvironmentException: Could not construct context for config=* profile=mz label= includeOrigin=false;
nested exception is java.lang.IllegalStateException: Config name '*' cannot contain wildcards] with root cause
As per documentation the above should work. When I give some random text instead of '*', it works:
$ wget http://config-server/xyz/mz/develop/filename.xml
Not sure why it is not allowing wildcards.
Hello, we had some issues on AWS authentication, trying to clone the repository using an IAM role.
Actually the spring cloud config server provide the following ways to authenticate to AWS (the authentication will be taken by the following order):
1- Java System Properties - aws.accessKeyId and aws.secretAccessKey
2- Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
3 - Web Identity Token credentials from system properties or environment variables
4 - Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI
5 - Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment 6 6 - variable is set and security manager has permission to access the variable,
7 - Instance profile credentials delivered through the Amazon EC2 metadata service
(You can find this information in the following link: AWS SDK for Java )
These ways of authentication are not available on the current image.
We would need that because we cannot read the credentials assumed by the pod, only passing it manually via ENV VAR and we need the new version of AWS SDK with support to IAM role anywhere. Based on that we would like to ask an update on AWS SDK to a version above 2.10.
Thanks in advance!
We have configured AWS ECS without ELB & mentioned spring uri as bitbucket ssh url
when i invoke the properties using https i'm getting error like below
ttps://localhost:8888/api/test
curl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
could you please help me
We run a github appliance which listens on https. In order to access it from the config server it's necessary to provider a truststore containing the git server's tls certificate , ow:
org.eclipse.jgit.api.errors.TransportException: https://xxx/Development/spring-config-server-test.git: Secure connection to https://xxx/Development/spring-config-server-test.git could not be established because of SSL problems
...
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Secondly - I am using the jwilder/nginx-proxy image to listen on https and provide basic authentication. I read the other comment about basic authentication as not being your wish to support. However any thoughts about enabling https support so I can forgo a proxy?
To make this work the following needs to be added to the java command line: -Djavax.net.ssl.trustStore= and -Djavax.net.ssl.keyStore= and access to the cert stores.
Any thoughts about enabling this?
When running the cloud config server this error is presented on startup. Looks like some compilation had 11 as the target, cant see how though...
`Picked up JAVA_TOOL_OPTIONS: -Djava.security.properties=/layers/paketo-buildpacks_bellsoft-liberica/java-security-properties/java-security.properties -XX:+ExitOnOutOfMemoryError -XX:ActiveProcessorCount=8 -XX:MaxDirectMemorySize=10M -Xmx18355449K -XX:MaxMetaspaceSize=160518K -XX:ReservedCodeCacheSize=240M -Xss1M -XX:+UnlockDiagnosticVMOptions -XX:NativeMemoryTracking=summary -XX:+PrintNMTStatistics -Dorg.springframework.cloud.bindings.boot.enable=true
Exception in thread "main" java.lang.UnsupportedClassVersionError: org/freshlegacycode/cloud/config/server/ConfigServerApplicationKt has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 52.0
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:756)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:473)
at java.net.URLClassLoader.access$100(URLClassLoader.java:74)
at java.net.URLClassLoader$1.run(URLClassLoader.java:369)
at java.net.URLClassLoader$1.run(URLClassLoader.java:363)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:362)
at java.lang.ClassLoader.loadClass(ClassLoader.java:418)
at org.springframework.boot.loader.LaunchedURLClassLoader.loadClass(LaunchedURLClassLoader.java:135)
at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:46)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:108)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:58)
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88)
Native Memory Tracking:`
Hi team,
does this image support gitlab instead of a local repository? can I set http proxy or https proxy for git?
Thanks,
Jeven
I've been running images over the last 2 days hyness/spring-cloud-config-server:jdk11
. I'm adding an application.yml
inside the image. Sometimes the image runs fine, sometimes not. The reported error is:
***************************
APPLICATION FAILED TO START
***************************
Description:
Invalid config server configuration.
The application.yml
file is not changing between when the image runs and when it doesn't.
I've done a diff between the the image that works and one that doesn't and I can see these changes in \opt\spring-cloud-config-server\entrypoint.sh
.
-java -cp /opt/spring-cloud-config-server ${JAVA_OPTS} org.springframework.boot.loader.JarLauncher \
+java ${JAVA_OPTS} org.springframework.boot.loader.JarLauncher \
I suspect that different images are being tagged with jdk11
as I can see there is some development underway in this project. Would that be the case?
Thanks in advance, and great work on this project by the way!
Hi,
While running as a docker image as below it, works fine.
docker run -it -p 8888:8888 \
-v /etc/springboot_configs/application.yaml:/config/application.yaml \
hyness/spring-cloud-config-server:3.0.5
Invoking this command works and it fetches the values from the git.
curl http://localhost:8888/spboot-sink/gcpnpr
Now, I am trying to run this container to run as a cloud run service, and the application.yaml
is provided as a secret and expected to work as a volume in the cloud run.
Here is how, I am running the cloud run command:
gcloud run deploy spring-cloud-config-server \
--image=us-west1-docker.pkg.dev/gcp-demo-prj/testrepo/spring-cloud-config-server@sha256:xxxxxxx \
--vpc-connector=projects/gcp-demo-prj/locations/us-west1/connectors/serverless-connector \
--allow-unauthenticated \
--port=8888 \
[email protected] \
--memory=1Gi \
--min-instances=1 \
--max-instances=2 \
--set-secrets=/config/application.yaml=configserver:latest \
--region=us-west1 \
--project=gcp-demo-prj
However it does not work. The the service running fine, I am not able to fetch the details from the git.
Appreciate any help on this.
Using placeholders in a customized banner.txt file does not work anymore in the 2.2.3 release. I use ${application.version}. It did work in the 2.2.2 release. The other static banner changes do display, so I know the path is correct.
Hi there,
I know the config server requires the settings... Can you add the steps to configure the server? As you did not expose any volumes, I wonder how you are using this...
thanks
I have been using this this compose file locally without issue. I have deployed it to an Ubuntu VM in Azure but every time I docker-compose up
, It throws an error starting up stating:
Caused by: java.lang.OutOfMemoryError: Java heap space at com.jcraft.jsch.KeyPairRSA.parse(KeyPairRSA.java:223) ~[jsch-0.1.54.jar!/:na] at com.jcraft.jsch.KeyPair.load(KeyPair.java:943) ~[jsch-0.1.54.jar!/:na] at org.springframework.cloud.config.server.ssh.PrivateKeyValidator.isPrivateKeyFormatCorrect(PrivateKeyValidator.java:82) ~[spring-cloud-config-server-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
I have tried setting the JVM_OPTS environment variable in the compse file for Xmx and Xms but this does not seem to help. I have also tried VMs with both 1gb and 2gb of system memory. Nothing but this container runs on the VM.
simple run with a volume not working since 2 days ago. i can't get the files mounted.
docker run -it -p 8888:8888 -v mypath:/config -e SPRING_PROFILES_ACTIVE=native hyness/spring-cloud-config-server
curl http://localhost:8888/service-dev.properties
will return empty
cat /config/service-dev.properties
inside container will show the content of file correctly.
Originally posted by tommy38hk February 22, 2022
I was unable to run this config server for some reason starting this week. Looks like something had changed and preventing the instance to be running. I even tried different tag versions but still getting the same error. It looks like the startup entrypoint is incorrect.
docker run -it --name=spring-cloud-config-server -p 8888:8888 -v config:/config hyness/spring-cloud-config-server:latest
Unable to find image 'hyness/spring-cloud-config-server:latest' locally
latest: Pulling from hyness/spring-cloud-config-server
Digest: sha256:a0a6f85bf0b2c86908ac647373e11abc50cc9a920d0c398f5cb002fce78b2870
Status: Downloaded newer image for hyness/spring-cloud-config-server:latest
ERROR: failed to launch: determine start command: when there is no default process a command is required
This is handy dockerized spring cloud config server, but I would really like to use some basic security for client accessing. Right now anybody can do requests to this setup and get everything, which might include passwords etc. (Having them encrypted in the underlying git repo obviously doesn't protect them in this use case.)
Could you add simple basic http security for clients, as touched upon briefly in http://cloud.spring.io/spring-cloud-static/spring-cloud-config/1.3.3.RELEASE/multi/multi__spring_cloud_config_server.html#_security ?
(@alzamabar asked the same on the docker hub page.)
Legacy builds are using the deprecated adoptopenjdk
image
The git examples and CI worklow need to be updated
Current version of spring cloud config server(2.2.2.RELEASE) has a bug that header with Vault namespace isn't included into auth methods other than token. It has been already fixed and will be included into next release.
But nevertheless there is a note in spring cloud config server specification:
If you omit the X-Config-Token header and use a server property to set the authentication, the Config Server application needs an additional dependency on Spring Vault to enable the additional authentication options. See the Spring Vault Reference Guide for how to add that dependency.
So if we would like to use docker image with spring-cloud-config-server (vault backend and kubernetes authentication) the additional dependency for spring-vault-core should be added as a dependency ?
The environment variable needs to be SPRING_BANNER_LOCATION instead of BANNER_LOCATION.
I tried --server.port=8080 in the entrypoint.sh script and
server:
port: 8080
in the application.yml and neither changes the value displayed in the config server log output.
I am replacing a custom spring-boot config server with this centralized image. Works fine, good work. But so far, my config server was also a discovery client and registered itself on localhost:8761 ... is it possible to do so with this image as well? Or might this be supported?
I am getting this below error when trying to set SPRING_CLOUD_CONFIG_SERVER_GIT_URI
to ssh://[email protected]:< my user>/<my repo>repo.git
Caused by: org.eclipse.jgit.api.errors.InvalidRemoteException: Invalid remote: origin
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:251) ~[org.eclipse.jgit-5.1.3.201810200350-r.jar!/:5.1.3.201810200350-r]
at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:306) ~[org.eclipse.jgit-5.1.3.201810200350-r.jar!/:5.1.3.201810200350-r]
at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:200) ~[org.eclipse.jgit-5.1.3.201810200350-r.jar!/:5.1.3.201810200350-r]
at org.springframework.cloud.config.server.environment.JGitEnvironmentRepository.cloneToBasedir(JGitEnvironmentRepository.java:589) ~[spring-cloud-config-server-2.1.3.RELEASE.jar!/:2.1.3.RELEASE]
at org.springframework.cloud.config.server.environment.JGitEnvironmentRepository.initClonedRepository(JGitEnvironmentRepository.java:340) ~[spring-cloud-config-server-2.1.3.RELEASE.jar!/:2.1.3.RELEASE]
at org.springframework.cloud.config.server.environment.JGitEnvironmentRepository.afterPropertiesSet(JGitEnvironmentRepository.java:256) ~[spring-cloud-config-server-2.1.3.RELEASE.jar!/:2.1.3.RELEASE]
at org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentRepository.afterPropertiesSet(MultipleJGitEnvironmentRepository.java:66) ~[spring-cloud-config-server-2.1.3.RELEASE.jar!/:2.1.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1837) ~[spring-beans-5.1.7.RELEASE.jar!/:5.1.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1774) ~[spring-beans-5.1.7.RELEASE.jar!/:5.1.7.RELEASE]
... 161 common frames omitted
Caused by: org.eclipse.jgit.errors.NoRemoteRepositoryException: ssh://[email protected]:user/repo.git
: not found.
at org.eclipse.jgit.transport.TransportLocal$1.open(TransportLocal.java:132) ~[org.eclipse.jgit-5.1.3.201810200350-r.jar!/:5.1.3.201810200350-r]
at org.eclipse.jgit.transport.TransportBundleFile$1.open(TransportBundleFile.java:107) ~[org.eclipse.jgit-5.1.3.201810200350-r.jar!/:5.1.3.201810200350-r]
at org.eclipse.jgit.transport.Transport.open(Transport.java:553) ~[org.eclipse.jgit-5.1.3.201810200350-r.jar!/:5.1.3.201810200350-r]
at org.eclipse.jgit.transport.Transport.open(Transport.java:429) ~[org.eclipse.jgit-5.1.3.201810200350-r.jar!/:5.1.3.201810200350-r]
at org.eclipse.jgit.transport.Transport.open(Transport.java:308) ~[org.eclipse.jgit-5.1.3.201810200350-r.jar!/:5.1.3.201810200350-r]
at org.eclipse.jgit.transport.Transport.open(Transport.java:277) ~[org.eclipse.jgit-5.1.3.201810200350-r.jar!/:5.1.3.201810200350-r]
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:235) ~[org.eclipse.jgit-5.1.3.201810200350-r.jar!/:5.1.3.201810200350-r]
... 169 common frames omitted
Any idea ?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.