How to Set Up Config Sync

Set Up GitHub Repo and OAuth Token

  1. Create a private GitHub repo for Fusion config.

  2. Set up an OAuth token.

  3. Create a publish branch for the config-sync service, such as stage.

  4. Create a sub-directory in the branch if desired (set pub.git.dir / sub.git.dir)

  5. Create a subscrive branch for the config-sync service, such as prod.

  6. Create the GitHub OAuth Token Secret.

Use kubectl to create a Kubernetes secret named config-sync-github-oauth-token which holds the GitHub OAuth token.

kubectl create secret generic config-sync-github-oauth-token \
  --from-literal=token='INSERT_TOKEN_HERE'

Configure pub / sub in your custom values yaml

Determine which mode you want to run config-sync in, either pub or sub.

For publisher (pub) mode, supply the following settings:

config-sync:
  enabled: true
  springProfilesOverride: "kubernetes,jwt,fusion,pub"
  pulsar:
    enabled: false
  pub:
    git:
      repo: https://github.com/lucidworks/fusion-config-sync-test.git
      branch: stage
    github:
      username: GITHUB_USERNAME
      email: GITHUB_EMAIL

Pulsar is not used in publisher mode, so you should disable it using pulsar.enabled=false.

Additional pub options include:

Property Default Value Usage / Notes

pub.apps

*

Specifies the list of apps to watch with optional object type filters

pub.initAppSyncThreads

4

How many threads to use when initializing apps during startup; increase this value if you have many apps

pub.initAppSyncMaxWaitSecs

240

Max time to wait for initializing the apps during startup before reporting as ready

pub.git.path

/

Path in the Git repo for this environment; allows multiple clusters to share the same repo with different paths.

pub.git.dir

/tmp/local-repo

Local tmp directory to clone the remote Git repo into

pub.git.pushPendingChangesFrequencyMs

5000

How frequently to PUSH pending updates to remote (in ms); PUSH operations are slow so values less than 3 seconds should be avoided

pub.git.createBranchIfNotExist

true

Create the branch in the remote repo if it does not exist; the branch will be created from the HEAD of master

pub.watcher.path

/

Path in ZK to watch for ZNode updates

pub.watcher.threads

6

Number of background threads for processing events from ZK; increase this value if you have many apps and objects in ZK to improve startup time.

pub.watcher.includes

All Fusion objects

List of sub-paths in ZK to watch

pub.watcher.excludes

/services**

list of sub-paths in ZK to exclude

The pub.watcher.excludes setting is useful for globally excluding a type, such as job schedules, as those would typically differ between environments.

For subscriber mode, provide the following (shown in pink):

config-sync:
  enabled: true
  springProfilesOverride: "kubernetes,jwt,fusion,sub"
  sub:
    git:
      repo: https://github.com/lucidworks/fusion-config-sync-test.git
      branch: prod
    github:
      username: GITHUB_USERNAME
      email: GITHUB_EMAIL

Additional sub options include:

Property Default Value Usage / Notes

sub.apps

*

Specifies the list of apps to watch with optional object type filters.

sub.pollEnabled

true

Poll the remote repo for updates every N ms (sub.git.pullRemoteEveryMs) or disable polling by setting this to false to trigger updates by API call instead. You can also configure a GitHub WebHook to receive a push notification when the branch is updated.

sub.git.path

/

Path in the Git repo for this environment; allows multiple clusters to share the same repo with different paths.

sub.git.dir

/tmp/local-repo

Local tmp directory to clone the remote Git repo.

sub.git.pullRemoteEveryMs

30000

How frequently to PULL from remote; be cognizant of your organization’s GitHub rate limits or switch to using WebHooks.

sub.github.webhookSecret

Random SECRET

Ensures requests sent to the /sub/webhook endpoint come from GitHub; this secret is used to compute an HMAC-SHA1 hash of the message payload received from GitHub.

sub.initAppSyncThreads

4

How many threads to use when initializing apps during startup; increase this value if you have many apps.

sub.initAppSyncMaxWaitSecs

240

Max time to wait for initializing the apps during startup before reporting as ready.

Add Substitution Vars

You can configure substitution vars per app and/or per branch using the following files in the Git repo:

REPO_ROOT
|__ vars.json
|__ <branch>_vars.json
|__ <APP>
     |__ vars.json
     |__ <branch>_vars.json

Note: Using the global vars.json should be avoided in favor of using the branch specific files whenever possible.

Setup GitHub WebHook for Config Repo

GitHub WebHooks sends immediate notifications of PUSH events to the subscriber. This alleviates the need to poll GitHub (which can lead to rate limit issues) and provides more timely updates to the target Fusion environment (near real-time).

You only need to watch for PUSH events as other events are not supported.

Create a secret hash:

ruby -rsecurerandom -e 'puts SecureRandom.hex(20)'

Set the generated secret in the WebHook config.

Disable polling and configure the secret hash in config:

   sub:
     pollEnabled: false
     git:
       ...
     github:
       webhookSecret: SECRET_HERE