The Spring Cloud Services Config Server provides the ability to serve configuration properties from a composite of multiple backends, including multiple Git repositories and the HashiCorp Vault server. This feature builds upon the Composite Environment Repositories feature of Spring Cloud Config Server by allowing declaration of multiple Git servers together with (optionally) a Vault server to compose a unified configuration source.
The Spring Cloud Services Config Server cannot serve configuration properties from multiple Vault servers. A composite backend can contain only a single Vault server.
When a Config Server is composed with multiple backends, a request from a client app retrieves properties found in any applicable backend within the composite. The composite backends are always searched in the order in which they are configured, and the Config Server assembles configuration properties beginning at the first backend in the composite by order.
For example, given the following configuration:
dbhost=foo
is defined in the first backenddbhost=bar
is defined in the second backendport=4321
is defined in the third backendThe client will resolve property dbhost
to foo
, from the first backend, as that backend has precedence over the second. Property port
will be resolved to 4321
, as it is only defined in the third backend.
If the Config Server encounters an error when retrieving properties from any one of the backends, the client app's request fails. The Config Server's composite configuration sources will only be available once all backends are available.
Within the composite, all repositories or servers must contain the same labels--branches or tags in a Git repository, or paths in a Vault server. A label in a Config Server configuration source corresponds to a Spring application profile on a client app. If a client app makes a request for configuration for a given profile and one of the composite's backends does not have a corresponding branch, tag, or path, the request fails and no configuration is returned.
See below for information about configuring a Config Server service instance to use a composite backend for configuration sources.
Parameters used to configure configuration sources are part of a JSON array called composite
. The composite
array contains one or more JSON objects which defines a type
key, where the value of type
is either git
or vault
. An object with a type
of git
contains settings for a Git repository, and an object with a type
of vault
contains settings for a Vault server. For information about configuring a Git configuration source, see Configuring with Git. For information about configuring a Vault configuration source, see Configuring with Vault.
Configuration properties from individual backends are given precedence based on the order in which they are provided to the Config Server. A backend specified later in the composite
array is searched after backends specified earlier in the array.
To configure a Config Server service instance to use a composite backend comprising two Git repositories and a Vault server, you might use the following:
cf create-service p.config-server standard config-server -c '{ "composite": [ { "type": "git", "uri": "https://github.com/spring-cloud-services-samples/cook-config", "periodic": true }, { "type": "git", "uri": "https://github.com/spring-cloud-samples/config-repo" }, { "type": "vault", "host": "127.0.0.1", "port": 8200, "scheme": "https", "backend": "secret", "defaultKey": "application", "profileSeparator": "," } ] }'
In this example, configuration properties found in the Vault server are added to the response only if they are not found in either of the Git repositories specified before the Vault server.
To configure a Config Server service instance to use a composite backend comprising a Vault server and a Git repository, use the following:
cf create-service p.config-server standard config-server -c '{ "composite": [ { "type": "vault", "host": "127.0.0.1", "port": 8200, "scheme": "https", "backend": "secret", "defaultKey": "application", "profileSeparator": "," }, { "type": "git", "uri": "https://github.com/spring-cloud-services-samples/cook-config" } ] }'
In this example, the response consists of configuration properties found in the Vault server, plus any properties found only in the Git repository.
For information about using an app to access configuration values served by a Config Server service instance, see Writing Client Applications.
Proxy server configuration must be defined for each item in the composite set. For example:
cf create-service p.config-server standard config-server -c '{ "composite": [ { "type": "git", "uri": "https://github.com/spring-cloud-services-samples/cook-config", "proxy": { "http": { "host": "http://proxy1.example.com", "port": 3218 } } }, { "type": "git", "uri": "https://github.com/spring-cloud-samples/config-repo", "proxy": { "http": { "host": "http://proxy2.example.com", "port": 3218 } } }, { "type": "vault", "host": "127.0.0.1", "proxy": { "http": { "host": "http://proxy1.example.com", "port": 3218 } } } ] }'
For detailed information about configuring proxy support, see the HTTP(S) Proxy Repository Access section of Configuring with Git and the HTTP(S) Proxy Repository Access section of Configuring with Vault.