如何使用 bootBuildImage 将 NewRelic 等 APM 代理链接到 Spring 引导应用程序？

Question

I have a gradle based Spring Boot 3 application. I use the bootBuildImage gradle task in circleci to build a docker image of this application.

Now, I want to add NewRelic to this application. I know I can do it by writing my own Dockerfile but I want to do it by configuring the bootBuildImage gradle task.

I saw that I can add buildPacks like this:

tasks.named("bootBuildImage") {
    buildpacks = [...]
}

And it appears that NewRelic has a buildpack here .

How can I generate the docker image with NewRelic integration?

Bonus: I need to inject environment variable as NEW_RELIC_ENABLE_AGENT=true|false. How can I do it?

Answer 1

You're on the right track. You want to use the New Relic Buildpack that you found.

High-level instructions for that buildpack can be found here . It essentially works by taking in bindings (the secret config data) and the buildpack securely maps those values to the standard New Relic agent configuration properties (through env variables).

An example of an APM tool configured through bindings can be found here . The specific example is using a different APM tool, but the same steps will work with any APM tool configured through bindings, like New Relic.

For your app:

1. Create a bindings directory. The root of your project is a reasonable place, but the path doesn't ultimately matter. Don't check in binding files that contain secret data:)

2. In the folder, create a subfolder called new-relic . Again, the name doesn't really matter.

3. In the folder from the previous step, create a file called type . The name does matter. In that file, write NewRelic and that's it. Save the file. This is how the buildpack identifies the bindings.

4. In the same folder, you can now add additional files to configure New Relic. The name of the file is the key and the contents of the file are the value . When your app runs, the buildpack will read the bindings and translate these to New Relic configuration settings in the form NEW_RELIC_<KEY>=<VALUE> . Thus if you read the New Relic docs and see a property called foo , you could make a file called foo set the value to bar and at runtime, you'll end up with an env variable NEW_RELIC_foo=bar being set. The New Relic agent reads environment variables for it's configuration, although sometimes it's not the first way that's mentioned in their docs.

5. Next you need to configure your build.gradle file. These changes will tell bootBuildImage to add the New Relic buildpack and to pass through your bindings.

   • In the tasks.named("bootBuildImage") block, add buildpacks = ["urn:cnb:builder:paketo-buildpacks/java", "gcr.io/paketo-buildpacks/new-relic"] . This will run the standard Java buildpack and then append New Relic onto the end of that list. Example .

   • Add a bindings list. In the same tasks.named("bootBuildImage") block add bindings = ["path/to/local/bindings/new-relic:/platform/bindings/new-relic"] . This will mount path/to/local/bindings/new-relic on your host to /platform/bindings/new-relic in the container, which is where the buildpack expects bindings to live. You will need to change the first path to point to the local bindings you created above (you can probably use a Gradle variable to the project to reference them, but I don't know if off the top of my head). Don't change the path on the container side, that needs to be exactly what I put above.

6. Run your build. ./gradlew bootBuildImage . In the output, you should see the New Relic buildpack pass detection (it passes if it finds the type file with NewRelic as the contents) and it should also run and contribute the New Relic agent as is described in the buildpack README.md.

7. After a successful build, you'll have the image. The key to remember is that bindings are not added to the image. This is intentional for security reasons. You don't want secret binding info to be included in the image, as that will leak your secrets.

   This means that you must also pass the bindings through to your container runtime when you run the image. If you're using Docker, you can docker run --volume path/to/local/bindings/new-relic:/platform/bindings/new-relic... and use the same paths as build time. If you're deploying to Kube.nets, you'll need to set up Secrets in K8s and mount those secrets as files within the container under the same path as before /platform/bindings/new-relic . So you need to make a type file, /platform/bindings/new-relic/type , and files for each key/value parameter you want to set.

At some point in the future, we're working to have all of the APM buildpacks included in the main Java buildpack by default. This would eliminate the first config change in step #5.

Because managing bindings can be kind of a pain, I also have a project called binding-tool that can help with steps 1-3. It allows you to easily create the binding files, like bt add -t NewRelic -p key1=val1 -p key2=val2 . It's not doing anything magic, just creates the files for you, but I find it handy. In the future, I want it to generate the Kube.netes YAML as well.