From 72dd4b124bf1e27c8623679319c474564202f5b4 Mon Sep 17 00:00:00 2001 From: Arjav Date: Fri, 7 Feb 2025 23:41:38 +0530 Subject: [PATCH 1/3] Add Maven profile for Vault integration Signed-off-by: Arjav --- .../spring-cloud-kubernetes-configserver/pom.xml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/spring-cloud-kubernetes-controllers/spring-cloud-kubernetes-configserver/pom.xml b/spring-cloud-kubernetes-controllers/spring-cloud-kubernetes-configserver/pom.xml index 5596d86507..ee5cb3242f 100644 --- a/spring-cloud-kubernetes-controllers/spring-cloud-kubernetes-configserver/pom.xml +++ b/spring-cloud-kubernetes-controllers/spring-cloud-kubernetes-configserver/pom.xml @@ -92,6 +92,21 @@ springcloud/${project.artifactId}:${project.version} + + vault + + + useVault + true + + + + + org.springframework.vault + spring-vault-core + + + From fd8bbefe6c02b28dd9aa99f2886431514cb2ec57 Mon Sep 17 00:00:00 2001 From: Arjav Date: Fri, 7 Feb 2025 23:53:04 +0530 Subject: [PATCH 2/3] Add Vault Maven profile info to k8s Config Server documentation Signed-off-by: Arjav --- .../ROOT/pages/spring-cloud-kubernetes-configserver.adoc | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/modules/ROOT/pages/spring-cloud-kubernetes-configserver.adoc b/docs/modules/ROOT/pages/spring-cloud-kubernetes-configserver.adoc index 037557e1fa..2725758f34 100644 --- a/docs/modules/ROOT/pages/spring-cloud-kubernetes-configserver.adoc +++ b/docs/modules/ROOT/pages/spring-cloud-kubernetes-configserver.adoc @@ -29,6 +29,14 @@ list of namespace values. NOTE: If you set `spring.cloud.kubernetes.configserver.config-map-namespaces` and/or `spring.cloud.kubernetes.configserver.secrets-namespaces` you will need to include the namespace in which the Config Server is deployed in order to continue to fetch Config Map and Secret data from that namespace. +### Vault Integration +To enable Vault integration, you can activate the vault Maven profile by setting the `useVault` property to true. This profile adds the `spring-vault-core` dependency. + +Example: +```bash +mvn clean install -DuseVault=true +``` + ### Kubernetes Access Controls The Kubernetes Config Server uses the Kubernetes API server to fetch Config Map and Secret data. In order for it to do that it needs ability to `get` and `list` Config Map and Secrets (depending on what you enable/disable). From 100c15b3c0163ad60bbc254419b728c4664076fc Mon Sep 17 00:00:00 2001 From: Arjav Date: Mon, 10 Feb 2025 11:02:44 +0530 Subject: [PATCH 3/3] Remove activation flag from vault profile an update doc Signed-off-by: Arjav --- .../ROOT/pages/spring-cloud-kubernetes-configserver.adoc | 8 ++++---- .../spring-cloud-kubernetes-configserver/pom.xml | 6 ------ 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/docs/modules/ROOT/pages/spring-cloud-kubernetes-configserver.adoc b/docs/modules/ROOT/pages/spring-cloud-kubernetes-configserver.adoc index 2725758f34..f310bf210e 100644 --- a/docs/modules/ROOT/pages/spring-cloud-kubernetes-configserver.adoc +++ b/docs/modules/ROOT/pages/spring-cloud-kubernetes-configserver.adoc @@ -29,13 +29,13 @@ list of namespace values. NOTE: If you set `spring.cloud.kubernetes.configserver.config-map-namespaces` and/or `spring.cloud.kubernetes.configserver.secrets-namespaces` you will need to include the namespace in which the Config Server is deployed in order to continue to fetch Config Map and Secret data from that namespace. -### Vault Integration -To enable Vault integration, you can activate the vault Maven profile by setting the `useVault` property to true. This profile adds the `spring-vault-core` dependency. +### Using Advanced Features Of Spring Vault +In order to use some of the [more advanced Spring Vault features](https://docs.spring.io/spring-cloud-config/reference/server/environment-repository/vault-backend.html) of the **Spring Cloud Config Server**, [`spring-vault-core`](https://mvnrepository.com/artifact/org.springframework.vault/spring-vault-core) must be on the classpath. By default, Spring Cloud Kubernetes can generate a Docker image for deploying Config Server to Kubernetes, but it does not include `spring-vault-core` in the classpath. If you need `spring-core-vault` to enable certain functionality in the Config Server you can build your own version of Docker image by enabling the `vault` Maven profile when running Maven build. Example: ```bash -mvn clean install -DuseVault=true -``` +$ ../../mvnw clean install -Pvault +``` ### Kubernetes Access Controls The Kubernetes Config Server uses the Kubernetes API server to fetch Config Map and Secret data. In order for it to do that diff --git a/spring-cloud-kubernetes-controllers/spring-cloud-kubernetes-configserver/pom.xml b/spring-cloud-kubernetes-controllers/spring-cloud-kubernetes-configserver/pom.xml index ee5cb3242f..33641a2a71 100644 --- a/spring-cloud-kubernetes-controllers/spring-cloud-kubernetes-configserver/pom.xml +++ b/spring-cloud-kubernetes-controllers/spring-cloud-kubernetes-configserver/pom.xml @@ -94,12 +94,6 @@ vault - - - useVault - true - - org.springframework.vault