Spring Boot framework extension

The spring-boot-framework extension includes configuration options customised for a Spring Boot application. This document describes all the keys that a user may interact with.

Tip

If you’d like to see the full contents contributed by this extension, see How to manage extensions.

charmcraft.yaml > config > options

You can use the predefined options (run charmcraft expand-extensions for details) but also add your own, as needed.

The predefined configuration options for the spring-boot-framework are:

  • app-port: Port in which the application should listen. The ingress will be configured using this port. The environment variable passed to the app is APP_PORT. Default value is 8080.

  • app-profiles: Comma-separated list of active Spring Boot profiles. The environment variable passed to the app is spring.profiles.active.

  • app-secret-key-id: A secret you can use for sessions, protection against cross-site request forgery, or any other thing where you need a random secret shared by all units. The environment variable passed to the app is APP_SECRET_KEY. The secret should contain a single key, value, which maps to the actual application secret key. To create the secret, run the following command: juju add-secret my-app-secret-key value=<secret-string>, grant the application access to the secret and use the output secret ID to configure this option. If this configuration option is not set, the environment variable APP_SECRET_KEY is a 64 byte Base64 encoded random string.

  • metrics-port: Port where the prometheus metrics will be scraped. The environment variable passed to the app is APP_PORT. Default value is 8080.

  • metrics-path: Path where the prometheus metrics will be scraped. The environment variable passed to the app is APP_METRICS_PATH. Default value is /metrics.

In case you want to add extra configuration options, any option you define will be used to generate environment variables; a user-defined option config-option-name will generate an environment variable named APP_CONFIG_OPTION_NAME where the option name is converted to upper case and dashes are converted to underscores.

In either case, you will be able to set it in the usual way by running juju config <application> <option>=<value>. For example, if you define an option called token, as below, this will generate a APP_TOKEN environment variable, and a user of your charm can set it by running juju config <application> token=<token>.

config:
  options:
    token:
      description: The token for the service.
      type: string

In addition to this, you can set the configuration option to be mandatory by setting the optional key to false. This will block the charm and stop services until the configuration is supplied. For example, if your application needs an api-token to function correctly you can set optional, as shown below. This will block the charm and stop the services until the api-token configuration is supplied.

charmcraft.yaml
config:
  options:
    api-token:
      description: The token necessary for the service to run.
      type: string
      optional: false

Note

A configuration with optional: false can’t also have a default key. If it has both, the charm will fail to pack.

Relations

Your charm already has the following peers, provides, and requires relations, as they were automatically supplied by the Spring Boot extension:

peers:
  secret-storage:
    interface: secret-storage
provides:
  metrics-endpoint:
    interface: prometheus_scrape
  grafana-dashboard:
    interface: grafana_dashboard
requires:
  logging:
    interface: loki_push_api
  ingress:
    interface: ingress
    limit: 1

In addition to these relations, in each provides and requires block you may specify further relations, to integrate with the following charms:

Relation

Endpoint definition

Ingress traefik and nginx ingress integrator

Already available in the charm

MySQL machine and Kubernetes charm

 
requires:
  mysql:
    interface: mysql_client
    optional: True
    limit: 1

PostgreSQL machine and Kubernetes charm

 
requires:
  postgresql:
    interface: postgresql_client
    optional: True
    limit: 1

MongoDB charm

 
requires:
  mongodb:
    interface: mongodb_client
    optional: True
    limit: 1

Canonical Observability Stack (COS)

Already available in the charm

Redis charm

 
requires:
  redis:
    interface: redis
    optional: True
    limit: 1

SAML charm

 
requires:
  saml:
    interface: saml
    optional: True
    limit: 1

S3 charm

 
requires:
  s3:
    interface: s3
    optional: True
    limit: 1

RabbitMQ machine and Kubernetes charm

 
requires:
  rabbitmq:
    interface: rabbitmq
    optional: True
    limit: 1

Tempo charm

 
requires:
  tracing:
    interface: tracing
    optional: True
    limit: 1

SMTP charm

 
requires:
  smtp:
    interface: smtp
    optional: True
    limit: 1

OpenFGA charm

 
requires:
  openfga:
    interface: openfga
    optional: True
    limit: 1

Hydra charm

The oauth interface is a conduit for the OpenID Connect authentication protocol. Each configuration option for this endpoint is prefixed with the endpoint name.

requires:
  oauth-endpoint-name:
    interface: oauth
    optional: True
    limit: 1

The relation will create two configuration options, {endpoint_name}-redirect-path and {endoint_name}-scopes. {endpoint_name}-scopes is a space separated list of scopes, and the scope openid is manadatory.

Squid Forward Proxy charm

 
requires:
  http-proxy:
    interface: http_proxy
    optional: True
    limit: 1

Note

The key optional with value False means that the charm will get blocked and stop the services if the integration is not provided.

To add one of these relations, e.g., PostgreSQL, in the project file, include the appropriate requires block and integrate with juju integrate <Spring Boot charm> postgresql as usual.

Environment variables

Each relation adds its own environment variables to your Spring Boot app. Some are required, meaning they must be set for the relation to function.

The environment variable APP_BASE_URL provides the ingress URL for an Ingress relation or the Kubernetes service URL if there is no Ingress relation.

Relation

Environment variables

PostgreSQL

  • spring.datasource.url

  • spring.jpa.hibernate.ddl-auto

  • spring.datasource.username

  • spring.datasource.password

  • POSTGRESQL_DB_CONNECT_STRING

  • POSTGRESQL_DB_SCHEME

  • POSTGRESQL_DB_NETLOC

  • POSTGRESQL_DB_PATH

  • POSTGRESQL_DB_PARAMS

  • POSTGRESQL_DB_QUERY

  • POSTGRESQL_DB_FRAGMENT

  • POSTGRESQL_DB_USERNAME

  • POSTGRESQL_DB_PASSWORD

  • POSTGRESQL_DB_HOSTNAME

  • POSTGRESQL_DB_PORT

  • POSTGRESQL_DB_NAME

MySQL

  • spring.datasource.url

  • spring.jpa.hibernate.ddl-auto

  • spring.datasource.username

  • spring.datasource.password

  • MYSQL_DB_CONNECT_STRING

  • MYSQL_DB_SCHEME

  • MYSQL_DB_NETLOC

  • MYSQL_DB_PATH

  • MYSQL_DB_PARAMS

  • MYSQL_DB_QUERY

  • MYSQL_DB_FRAGMENT

  • MYSQL_DB_USERNAME

  • MYSQL_DB_PASSWORD

  • MYSQL_DB_HOSTNAME

  • MYSQL_DB_PORT

  • MYSQL_DB_NAME

MongoDB

  • spring.data.mongodb.uri

Redis

  • spring.data.redis.url

  • spring.data.redis.host

  • spring.data.redis.port

  • spring.data.redis.username

  • spring.data.redis.password

SAML

  • spring.security.saml2.relyingparty.registration.testentity.assertingparty.metadata-uri (required)

  • spring.security.saml2.relyingparty.registration.testentity.entity-id (required)

  • spring.security.saml2.relyingparty.registration.testentity.assertingparty.singlesignin.url (required)

  • spring.security.saml2.relyingparty.registration.testentity.assertingparty.verification.credentials[0].certificate-location (required)

S3

  • spring.cloud.aws.credentials.accessKey (required)

  • spring.cloud.aws.credentials.secretKey (required)

  • spring.cloud.aws.s3.bucket (required)

  • spring.cloud.aws.region.static

  • spring.cloud.aws.s3.endpoint

RabbitMQ

  • spring.rabbitmq.host

  • spring.rabbitmq.password

  • spring.rabbitmq.port

  • spring.rabbitmq.username

  • spring.rabbitmq.virtual-host

Tracing

  • OTEL_EXPORTER_OTLP_ENDPOINT

  • OTEL_SERVICE_NAME

Prometheus

  • management.endpoints.web.exposure.include

  • management.endpoints.web.base-path

  • management.endpoints.web.path-mapping.prometheus

SMTP

  • spring.mail.host

  • spring.mail.port

  • spring.mail.username

  • spring.mail.password

  • spring.mail.properties.mail.smtp.auth

  • spring.mail.properties.mail.smtp.starttls.enable

OpenFGA

  • openfga.store-id

  • openfga.credentials.method

  • openfga.credentials.config.api-token

  • openfga.api-url

OpenID Connect

  • spring.security.oauth2.client.registration.{endpoint_name}.client-id

  • spring.security.oauth2.client.registration.{endpoint_name}.client-secret

  • spring.security.oauth2.client.registration.{endpoint_name}.redirect-uri

  • spring.security.oauth2.client.registration.{endpoint_name}.scope

  • spring.security.oauth2.client.registration.{endpoint_name}.user-name-attribute

  • spring.security.oauth2.client.provider.{endpoint_name}.authorization-uri

  • spring.security.oauth2.client.provider.{endpoint_name}.issuer-uri

  • spring.security.oauth2.client.provider.{endpoint_name}.jwk-set-uri

  • spring.security.oauth2.client.provider.{endpoint_name}.token-uri

  • spring.security.oauth2.client.provider.{endpoint_name}.user-info-uri

  • spring.security.oauth2.client.provider.{endpoint_name}.user-name-attribute

HTTP Proxy

  • HTTP_PROXY

  • HTTPS_PROXY

HTTP Proxy

Proxy settings can be sourced either from the model configurations or from the http-proxy relation. When the http-proxy relation is present, its values take precedence over those defined in the model configuration. Charms built using the Spring Boot extension automatically expose the Juju proxy settings to the workload as the environment variables HTTP_PROXY, HTTPS_PROXY and NO_PROXY. The HTTP_PROXY and HTTPS_PROXY values are obtained from the relation, whereas the NO_PROXY value is obtained from the model configuration. For example, if the relation is absent, the juju-http-proxy environment variable will be exposed as HTTP_PROXY to the Spring Boot service.

Worker and Scheduler Services

Extra services defined in the file rockcraft.yaml with names ending in -worker or -scheduler will be passed the same environment variables as the main application. If there is more than one unit in the application, the services with the name ending in -worker will run in all units. The services with name ending in -scheduler will only run in one of the units of the application.

Observability

12-Factor charms are designed to be easily observable using the Canonical Observability Stack.

You can easily integrate your charm with Loki, Prometheus and Grafana using Juju.

juju integrate spring-boot-k8s grafana
juju integrate spring-boot-k8s loki
juju integrate spring-boot-k8s prometheus

After integration, you will be able to observe your workload using Grafana dashboards.

In addition to that you can also trace your workload code using Tempo.

To learn about how to deploy Tempo you can read the documentation here.

OpenTelemetry will automatically read the environment variables and configure the OpenTelemetry SDK to use them. See the OpenTelemetry documentation for further information about tracing.

Secrets

Juju secrets can be passed as environment variables to your Spring Boot application. The secret ID has to be passed to the application as a config option in the project file of type secret. This config option has to be populated with the secret ID, in the format secret:<secret ID>.

The environment variable name passed to the application will be:

APP_<config option name>_<key inside the secret>

The <config option name> and <key inside the secret> keywords in the environment variable name will have the hyphens replaced by underscores and all the letters capitalised.

See more: Juju | Secret

Grafana dashboard graphs

If the Spring Boot app is connected to the Canonical Observability Stack (COS), the Grafana dashboard Spring Boot Operator displays the following default graphs:

  • Java version: The version of Java that is running.

  • Status code count: Number of requests broken by responses status code.

  • Requests average duration: Number of requests per second over time.

  • 2XX Rate: Portion of responses that were successful (in the 200 range).

  • 3XX Rate: Portion of responses that were redirects (in the 300 range).

  • 4XX Rate: Portion of responses that were client errors (in the 400 range).

  • 5XX Rate: Portion of responses that were server errors (in the 500 range).

  • Request duration percentile: The 50th, 90th, and 99th percentile of all the request duration lengths after sorting them from slowest to fastest. For example, the 50th percentile represents the length of time (or less) that 50% of the requests lasted.

  • Total HTTP requests: Total number of HTTP requests.

  • HTTP requests per second: Number of HTTP requests per second.

  • Application logs: Application logs collected by Loki.

  • Average of GC call time: Average time spent in garbage collection.

  • JVM memory used: Amount of used memory in the JVM.

  • Number of live threads: Number of live threads in the JVM.

  • Rate of GC calls: Rate of garbage collection calls.

  • Tomcat active current sessions: Current number of active sessions

  • Tomcat active max sessions: Maximum number of active sessions

  • Tomcat sessions alive max seconds: Maximum time a session was alive

  • Tomcat created sessions total: Total number of sessions created

  • Tomcat expired sessions total: Total number of sessions expired

  • Tomcat rejected sessions total: Total number of sessions rejected