https://github.com/groundsgg/service-config
Quarkus gRPC service for storing, versioning, and serving configuration documents from Postgres, with NATS-based change notifications.
https://github.com/groundsgg/service-config
config-service configuration-management flyway grpc kotlin nats postresql quarkus
Last synced: 6 days ago
JSON representation
Quarkus gRPC service for storing, versioning, and serving configuration documents from Postgres, with NATS-based change notifications.
- Host: GitHub
- URL: https://github.com/groundsgg/service-config
- Owner: groundsgg
- License: agpl-3.0
- Created: 2026-02-08T16:59:29.000Z (5 months ago)
- Default Branch: main
- Last Pushed: 2026-05-27T14:08:27.000Z (about 1 month ago)
- Last Synced: 2026-05-27T16:07:52.974Z (about 1 month ago)
- Topics: config-service, configuration-management, flyway, grpc, kotlin, nats, postresql, quarkus
- Language: Kotlin
- Homepage: https://docs.grounds.gg/plugins/config-system
- Size: 148 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# service-config
gRPC service for reading and mutating configuration documents stored in Postgres.
## Change Delivery
`service-config` stores the authoritative config state in Postgres. NATS change notifications are a
best-effort latency optimization, not a durable source of truth.
- Writes commit the database transaction before attempting to publish `config...changed`.
- If the pod crashes after the commit or NATS is unavailable, the database state is still correct
and the change event can be missed.
- Consumers must treat the NATS payload as a refresh trigger only and fetch state through
`GetSnapshotIfNewer` before applying changes locally.
- Config consumers must treat `GetSnapshotIfNewer` snapshot polling as the reconciliation path and
source of truth for cache correctness.
## Security
The admin gRPC API does not enforce application-level authentication or authorization in this
service today. That is currently expected to be handled by deployment controls such as private
networking or mTLS.
This is a deliberate gap to track, not an implicit guarantee. Admin API auth is still required and
must be treated as a follow-up item rather than part of the current PR scope.
## Operations
`quarkus.flyway.migrate-at-start=true` is enabled today for convenience, but it is not the preferred
deployment model for multi-replica rollouts. Flyway locking reduces migration races, yet the
cleaner setup is a dedicated migration job or release step that runs before application pods start.