Hi, I am updating some Springboot applications to run in native images.

These applications run on Kubernetes and use actuator's probes to check their status. To avoid exposing the actuator endpoints I change the management server port via the MANAGEMENT_SERVER_PORT environment variable.

Doing so doesn't seem to work in a native image (using native-maven-plugin) the MANAGEMENT_SERVER_PORT is ignored. But for example passing SPRING_PROFILES_ACTIVE works as expected. Also configuring the port by setting management.server.port in the properties file works fine.

Here is a basic example to reproduce the issue https://github.com/adrien-ben/springboot-native-actuator-env-var

Comment From: wilkinsona

This is due to the closed-world assumptions that Graal makes when building the native image. Setting the management server port changes the application's beans and, as described in the reference documentation, changing such properties at runtime with a native image is not supported.

But for example passing SPRING_PROFILES_ACTIVE works as expected

It may change the profiles that are logged as active but it will not affect profile-specific beans.

Also configuring the port by setting management.server.port in the properties file works fine.

This is the recommended approach. When declared in a properties file, the property can be found at build time and the use of the management server port is baked into the resulting native image. You could also use an environment variable, but it has to be set on the application during AOT processing as part of the native image being built rather than at runtime.

Comment From: adrien-ben

Thanks for the answer. I didn't realize setting the port changed application's beans.

edit: Setting a default value for management.server.port in the properties file then overriding it with the environment variable works.

Comment From: snicoll

@adrien-ben setting a management port means that we're actually deploying an additional container. There's quite some additional infrastructure involved. Setting a port at build time when AOT runs allows to opt-in for that additional infrastructure.