/consul-config-loader

A small docker based tool to load Spring Boot property files into Consul's K/V Store

Primary LanguageShellOtherNOASSERTION

Consul Config Loader

Azure DevOps Build Status Build Status Docker Pulls

A small docker based tool to load Spring Boot property files into Consul K/V Store. It features hot-reload as well as filesystem and git support.

Filesystem mode

In this mode, the consul-config-loader agent pushes all YAML properties files in the config/ directory to consul K/V store. It automatically detects when files are added or edited to reload them into Consul.

To use this mode, configure those properties in bootstrap.yml:

spring:
    cloud:
        consul:
            config:
                format: yaml
                profile-separator: "-"

Then run docker-compose -f quickstart/consul-loader-filesystem.yml up to start a Consul server on localhost and and its agent. You can then access http://localhost:8500/ui/#/dc1/kv/config/ and watch as your Consul K/V store is synchronised with property files in the config/ directory.

Git mode

To use this mode, configure those properties in bootstrap.yml:

spring:
    cloud:
        consul:
            config:
                fail-fast: true
                format: files
                profile-separator: "-"

This mode is recommended for production, it is a wrapper around git2consul project. You will have to configure the config/git2consul.json file to have it load its configuration from your own git repository.

Simply run docker-compose -f quickstart/consul-loader-git.yml up to start Consul and the agent.

ACL security

To maintain security for KV access and service discovery, this config loader expects consul running with ACL enabled, which leads to the presence of a master ACL token (refered to the loader by environment variable MASTER_ACL_TOKEN). This token is used, to create a client ACL token (provided by CLIENT_ACL_TOKEN variable), with a default policy and for writing config changes. The default policy for the client ACL is to permit read to KV and write to service discovery. This policy can be changed using the HTTP API for ACL for custom policies. It is strongly recommended to use some random strings (like UUID) for the token values. MASTER_ACL_TOKEN and CLIENT_ACL_TOKEN must not be equal.

To make JHipster or Spring Cloud applications registering to consul using the ACL, just add the client ACL token to bootstrap.yml:

consul:
    token: my-client-acl-token