Kube-Series-1: Features/prometheus metrics (#198)

bygui86 · Crim · commit e9a011bd010f · 2019-12-19T17:28:23.000+09:00
* Added Micrometer Prometheus to Maven pom

* Updated WebConfig to include a StringHttpMessageConverter in order to properly manage "Accept: text/plain" header in requests

* Updated "dev" config to setup advanced Spring Actuator properties - Added WebServer config to allow secondary port on tomcat and fix Spring Actuator login page redirection failure

* Updated README - Removed commented dev property

* Added property to export all Tomcat metrics

* Fixed Actuator login issue

* Moved Actuator-related properties from dev.yml to base.yml

* Added missing javadoc comment
diff --git a/kafka-webview-ui/pom.xml b/kafka-webview-ui/pom.xml
@@ -124,6 +124,11 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-actuator</artifactId>
         </dependency>
+        <!-- Micrometer Prometheus registry  -->
+        <dependency>
+            <groupId>io.micrometer</groupId>
+            <artifactId>micrometer-registry-prometheus</artifactId>
+        </dependency>
 
         <dependency>
             <groupId>javax.interceptor</groupId>
diff --git a/kafka-webview-ui/src/main/java/org/sourcelab/kafka/webview/ui/configuration/ActuatorSecurityConfig.java b/kafka-webview-ui/src/main/java/org/sourcelab/kafka/webview/ui/configuration/ActuatorSecurityConfig.java
@@ -0,0 +1,62 @@
+/**
+ * MIT License
+ *
+ * Copyright (c) 2017, 2018, 2019 SourceLab.org (https://github.com/SourceLabOrg/kafka-webview/)
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package org.sourcelab.kafka.webview.ui.configuration;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+/**
+ * Manages Actuator Security Configuration.
+ */
+@Configuration
+@Order(1000)
+public class ActuatorSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    private static final Logger logger = LoggerFactory.getLogger(SecurityConfig.class);
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        logger.info("Configuring Actuator access.");
+
+        // Actuator uses http basic auth
+        http
+                .authorizeRequests()
+                .antMatchers(HttpMethod.GET, "/actuator/info", "/actuator/health", "/actuator/prometheus")
+                    .permitAll()
+                .and()
+                .antMatcher("/actuator/**")
+                    .authorizeRequests()
+                .anyRequest()
+                    .hasRole("ADMIN")
+                .and()
+                .httpBasic();
+    }
+
+}
diff --git a/kafka-webview-ui/src/main/java/org/sourcelab/kafka/webview/ui/configuration/SecurityConfig.java b/kafka-webview-ui/src/main/java/org/sourcelab/kafka/webview/ui/configuration/SecurityConfig.java
@@ -34,6 +34,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -50,6 +51,7 @@
  */
 @Configuration
 @EnableWebSecurity
+@Order(1001)
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
     private static final Logger logger = LoggerFactory.getLogger(SecurityConfig.class);
 
diff --git a/kafka-webview-ui/src/main/java/org/sourcelab/kafka/webview/ui/configuration/WebConfig.java b/kafka-webview-ui/src/main/java/org/sourcelab/kafka/webview/ui/configuration/WebConfig.java
@@ -31,6 +31,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.converter.HttpMessageConverter;
+import org.springframework.http.converter.StringHttpMessageConverter;
 import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
@@ -84,6 +85,9 @@ public void configureMessageConverters(List<HttpMessageConverter<?>> converters)
             .modulesToInstall(new ProtobufModule())
             .serializerByType(GenericData.Record.class, new SimpleAvroDataSerializer(appProperties.isAvroIncludeSchema()))
             .build();
+
         converters.add(new MappingJackson2HttpMessageConverter(mapper));
+        converters.add(new StringHttpMessageConverter());
     }
+
 }
diff --git a/kafka-webview-ui/src/main/resources/config/base.yml b/kafka-webview-ui/src/main/resources/config/base.yml
@@ -3,6 +3,8 @@ server:
   tomcat:
     remote_ip_header: x-forwarded-for
     protocol_header: x-forwarded-proto
+    mbeanregistry:
+      enabled: true
   servlet:
     session:
       ## User sessions should not be persistent across service restarts by default.
@@ -43,12 +45,30 @@ spring:
     show-sql: false
     open-in-view: true
 
-## Disable LDAP Management by default
+# Spring Actuator - global
 management:
+  server:
+    port: 9090
+  endpoints:
+    web:
+      exposure:
+        include: "*"
+  endpoint:
+    health:
+      show-details: when_authorized
+  metrics:
+    tags:
+      application: ${spring.application.name}
+  ## Disable LDAP by default
   health:
     ldap:
       enabled: false
 
+# Spring Actuator - Info endpoint
+info:
+  app:
+    name: ${spring.application.name}
+
 ## Various App Configs
 app:
   name: Kafka Web View
diff --git a/kafka-webview-ui/src/main/resources/config/dev.yml b/kafka-webview-ui/src/main/resources/config/dev.yml
@@ -4,16 +4,15 @@ server:
       persistent: true
 
 spring:
+  jpa:
+    show-sql: true
   # H2 Datbase
   h2:
     console:
       ## Disable for release
       enabled: true
       path: /h2
 
-  jpa:
-    show-sql: true
-
 app:
   requireSsl: false
   user:
