configserver

module

v0.0.0-...-e75a48e Latest Latest Go to latest Published: Apr 1, 2024 License: GPL-3.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/fredjeck/configserver

Links

Open Source Insights

README ¶

configserver

Current status : Work In Progress but usable 😃

Nowadays a wide range of solutions exists when it comes to managing your running pod configuration, from secrets to AzureKeyVaults - I tried a lot of them but none really fitted my needs. Therefore I decided to write configserver. (heavily) Inspired by spring-cloud-config, configserver is framework agnostic (written in goloang), and is aimed at cloud/kubernetes payloads to allows you to centrally manage your application configuration using gitops.

Configserver supports :

mutliple git repositories for one central instance
sensitive content encryption
client based repository access
and much more to come

Philosophy

Configserver aims at simplicity and security (well it tries to) and limit its dependencies to a strict minimum

Overview

flowchart LR
    A[[Repository-A/Branch-Integration]] 
    B[[Repository-A/Branch-Production]] 
    C[[Repository-B/Main]] 
    D{{ConfigServer}}
    D -->|Monitor| A
    D -->|Monitor| B
    D -->|Monitor| C
    E([POD Instance]) -.-> |GET http://svc.local/git/repository-a/configfile| D
    F([POD Instance]) --- G 
    G[Sidecar] -.-> |GET http://svc.local/git/repository-b/configfile| D

Getting Started

Prepare your configuration file

ConfigServer one single configuration file for all its needs :

environment:
  kind: production # If production logs are using JSON format if anything else logs are human readable
  home: /var/run/configserver # Not used yet

server:
  passPhrase: To infinity and beyond # Single passphrase used to encrypt sensitive content and generate client secrets
  listenOn: ":4200" # Port on which ConfigServer listens
  secretExpiryDays: 365 # Number of days a client secret is valid 
  validateSecretLifeSpan: false # If true will reject outdated secret, if false will only issue a warning in the logs

repositories:
  checkoutLocation: /tmp/configserver # Root path where the repositories are cloned
  configuration: # Configuration can contain multiple git repositories, they will be accessible via the /git/{name} url
    - name: configserver-samples-integration 
      url: https://github.com/fredjeck/configserver-samples
      branch: integration # Name of the branch to be checked out, if not provided defaults to main
      refreshIntervalSeconds: 3600 # Interval at which the repository is updated locally
      clients: # List of allowed client Ids
        - myclientid
        - sample_client

Run your configserver

In a pod simply run the configserver executable optionally using the -c switch to specify the configuration location. By default the configuration file configserver.yml will be located in /var/run/configserver

Prepare your repositories

If your configuration files contain sensitive contents, enclose the sensitive values within the {enc:} tag. For instance

password = 'SECRETPASSWORD'

will become

password = '{enc:SECRETPASSWORD}'

Then use the tokenize endpoint of your running endpoint to convert your file :

curl --request POST \
  --url http://localhost:4200/api/tokenize \
  --data 'password = '\''{enc:SECRETPASSWORD}'\'''

which would result in :

password = '{enc:HGSrEasO3EDYdTA5w+259/4hCxfmlIKh6i7wwZF9eFIg9kFwF7iMjg4T}'

And commit the resulting file in your repository

Using configserver

Configserver offers a simple API for all common tasks

Registering a new client

curl --request GET \
  --url 'http://localhost:4200/api/register?client_id=myclientid'

Will generate a client secret for the provided client id

{
  "client_id": "myclientid",
  "client_secret": "LjTo0NW7Fq0LLfpGFkJRWSlLvlETeEOt5T53zyWLJyqSI4BvlG8MehGK28RoG2LCJZ2VGDO2vU6PM3MwN/5TNw==",
  "expires_at": "2025-04-01T21:04:11.357903614+02:00"
}

Obtaining repository statistics

curl --request GET \
  --url http://localhost:4200/stats

returns

{
  "configserver-samples-integration": {
    "hitCount": 0,
    "lastUpdate": "2024-04-01T20:56:31.559944915+02:00",
    "nextUpdate": "2024-04-01T21:56:32.541023156+02:00",
    "lastError": null
  }
}

Accessing Content

Repository content requires the generated ClientID and Secret to be provided as part of a Basic Auth scheme See MDN docs.

Repositories are accessible via the /git/{repository name}/{path} endpoint where :

repository name is the name given in the configuration
path is a path fragment from the repository root

curl --request GET \
  --url http://localhost:4200/git/configserver-samples-integration/configuration/branch.md

Repository ACL

For a ClientID to be allowed to browse a repository, the ClientID must be declared in the clients section of the configserver.yml file for the repository.

Directories ¶

Path	Synopsis
cmd main is the main executable for ConfigServer	main is the main executable for ConfigServer
internal
configuration Package configuration groups all configuration related utilities	Package configuration groups all configuration related utilities
repository Package repository contains utilities abstracting git repositories configuration and source code pulling	Package repository contains utilities abstracting git repositories configuration and source code pulling
server Package server contains all the server related functions of the ConfigServer app	Package server contains all the server related functions of the ConfigServer app
utils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL