Uncategorized

Spring Cloud Services 3.0 Includes New and Improved Config Server

Spring Cloud Services v3.0.0 is here! In this post, we’ll describe what this means for developers and operators who are using Spring Cloud Services with Pivotal Cloud Foundry.

Run SCS 3.0 Alongside 2.0.x

First of all, if you’re currently using Spring Cloud Services (SCS) v2.0.x or earlier it’s important to note that Spring Cloud Services v3.0.0 can run alongside SCS v2.0.x if you want to continue using all your existing v2.0.x features. Here’s why…

Since the current Service Registry and Circuit Breaker Dashboard services are not included in the SCS v3.0.0 release, you may continue to use these services via SCS v2.0.x. There are recommendations in the SCS v3.0.0 documentation on how to migrate SCS v2.0.x Config Server instances to SCS v3.0.0.

Note: In order to maintain the availability of current Service Registry and Circuit Breaker Dashboard capabilities in your marketplace, both the SCS v2.0.x and SCS v3.0.0 tiles should be deployed and used “side by side” in your PCF environment.

An Inside Look at Config Server 3.0

With this upgrade to SCS v3.0.0, we’ve made several improvements to the Config Server. These enhancements provide better support for common enterprise development policies, practices, and procedures. All told, developers and operators now enjoy more control over how Config Server properties are managed on the PCF foundation.

Highlights of the release include:

  • The Config Server now includes a “mirror” service. Configuration data is still sourced from Git repositories, but performance, availability, and governance have been improved by adding a mirror of the Git repository within the PCF foundation.

  • The way you refresh your Config Server configuration is changing. Operators or developers with sufficient access can control Config Server property updates via a new endpoint.

  • Support for CredHub secrets management has been added to Config Server (in addition to Vault). Each Config Server service instance will have a secured path for secrets in the Pivotal Application Service (PAS) CredHub, which can be accessed via an API.

  • The way you commission new Config Server instances is changing to bring it in line with the Spring Cloud OSS approach.

  • SCS 3.0.0 no longer requires RabbitMQ for PCF and MySQL for PCF tiles.

For more information about each of these changes, please read on…

The Mirror Service

You told us that many of you ran a large number of Config Server instances per PCF foundation. These instances typically were configured to use Git repositories from the same Git server. This could lead to a significant load on the Git server during a Pivotal Application Service (PAS) upgrade. Such an event causes each Config Server instance’s backing application to be relocated onto a new cell. Since this is similar to an application restage, the backing application needed to re-clone the Git repository. Depending on the number of Config Server instances and their configured high availability count, this often caused a tremendous load.

To help mitigate this, in SCS v3.0.0, we’ve introduced a new component, the Mirror Service, designed to cache your configuration and reduce this back-and-forth chatter significantly. The Mirror Service also increases the availability of the Git repositories configured on Config Server instances because it sits in between each instance and the corresponding external Git repository.

Caption: High-level architecture diagram showing Mirror Service management of multiple repositories from an external Git server on behalf of Config Server service instances and their associated PAS CredHub integration for managing secrets.

Please see the SCS Config Server documentation for more detailed information.

Initiating Config Server Property Updates

The Mirror Service is now configured as the source for Git repository properties. Consequently, all changes made in the external Git repository are no longer initiating periodic updates to each Config Server instance. Instead, an action is required by someone with sufficient authority to initiate the Config Server property update. This can be done via API using the `/refresh` endpoint on the Config Server’s backing application. Please read the SCS docs to learn more about how to refresh the Config Server instance’s mirror. This task can, of course, be automated if desired.

Managing Secrets with CredHub

Ever since CredHub’s inception, there have been requests to add CredHub as a backend to manage secrets for Config Server instances. The recently released Spring CredHub OSS project is now adopted in SCS. It’s configured to use the PAS CredHub instance to store secrets. Each Config Server instance comes with a CredHub path and authorized credentials to store secrets and provide them to client applications at runtime. Please read more about managing secrets via the Config Server backing application’s API in the SCS docs.

Changes to Config Server Configuration

There’s a new service name for the SCS Config Server service: `p.config-server`. As a result, the way you provision a Config Server service instance via the PCF marketplace changes ever-so-slightly.

The Config Server service is still configured with Git repositories by providing the locations where the configuration properties are version controlled. But when providing multiple Git repositories to a single Config Server service instance, the format of this `composite` configuration has changed slightly to be in alignment with the Spring Cloud Config open source configuration format, which is:

`{composite: [{“type”: “git”, ...}, {“type”: “git”, ...}, {“type”: “vault”, ...}]}`

 There are more details in the documentation.

No More RabbitMQ or MySQL Tile Dependencies

SCS 3.0 now offers a leaner installation profile and requires fewer dependencies to run. The new SCS service broker has been upgraded to use Reactive programming techniques to handle requests asynchronously. This negates the need for the RabbitMQ tile. In SCS v3.0.0, a MySQL database is deployed on the SCS service broker BOSH-managed VM. (A dedicated MySQL for PCF is no longer required.) The elimination of these tile dependencies allows SCS and other tiles to evolve independently!

What’s Next?

There will be more exciting enhancements coming along in Spring Cloud Services later in the year. You can download the latest version of Spring Cloud Services from PivNet and check out the documentation here. If you want to learn more about Spring Cloud, why not sign up for SpringOne Platform in Austin, TX on October 7-10, 2019. You can get a discount on your ticket by using the code `S1P_Save200`. We’d love to see you there!