search

spring-cloud / spring-cloud-vault

Configuration Integration with HashiCorp Vault
http://cloud.spring.io/spring-cloud-vault/
Apache License 2.0
270 stars 151 forks source link

Spring cloud vault for azure app service using UAMI #714

Closed nks0203 closed 6 months ago

nks0203 commented 6 months ago

Describe the bug I am deploying a spring boot app onto Azure app services and getting "connection time out " error for Azure MSI endpoint.

App uses Spring cloud vault config with azure UAMI to connect to vault, but fails at bootstrap time: I/O error on GET request for "http://169.254.169.254/metadata/instance": connect to http://169.254.169.254/ failed: Connect timed out

I have read(link here) that for azure app services we need to use "IDENTITY_ENDPOINT" & "IDENTITY_HEADER" to connect to resources in App services, but I am not sure where to set it using spring cloud config. stack:JDK 17 | Spring boot 3.2.0 | spring-cloud-vault-config 4.1.0

application.yaml

spring.cloud.vault:
  scheme: https
  uri: <vault url>
  authentication: azure_msi
  connection_timeout: 5000
  azure_msi:
    role: MY_UAMI
spring:
  config:
    import: vault://secret-path

Please help , i am still trying to understand how i can resolve it.

mp911de commented 6 months ago

This is an infrastructure concern. Any Connect timed out errors are I/O failures and not related to missing headers or such.