SpringBoot系列---【SpringBoot集成健康探针和prometheus】

1.前提

资料大多说的都是2.3.x,实际亲测,spring-boot-starter-parent支持健康探针的最低版本是2.3.3.RELEASE。为什么要集成健康探针?健康探针通常包括 存活探针(Liveness Probe) 和 就绪探针(Readiness Probe),用于检查应用容器的健康状态。

2.引入pom

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
    <groupId>io.micrometer</groupId>
    <artifactId>micrometer-registry-prometheus</artifactId>
</dependency>

3.配置yml

management:
  # actuator暴露端口,默认应用端口
  server:
    port: 8688
  endpoints:
    web:
      exposure:
        include: health,prometheus
      # actuator暴露路径,默认是/actuator
      base-path: /actor
      # actuator的路径映射,默认是health和prometheus
      path-mapping:
        health: healthCheck
        prometheus: prometheusMetrics
  endpoint:
    #启用健康探针通常包括 存活探针(Liveness Probe)-决定容器是否重启 和 就绪探针(Readiness Probe)-决定流量是否发送,用于检查应用容器的健康状态。
    health:
      probes:
        enabled: true
        # 是否显示actuator的health接口的细节信息
#      show-details: always
  #控制端点是否开启
  health:
    db:
      enabled: false

4.开启springSecurity的HttpBasic认证

import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Slf4j
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                // 指定接口白名单,允许所有请求
                .antMatchers("/doc.html/**","/webjars/**","/swagger-resources/**","/v2/api-docs/**").permitAll() //放行接口文档
                // 指定接口白名单,仅允许特定 IP 访问
                .antMatchers("/api/whitelisted/**").hasIpAddress("192.168.1.100")
                .antMatchers("/api/secure/**").hasAnyRole("ADMIN", "USER") // 角色访问限制
                .anyRequest().authenticated() // 所有请求需要认证
                .and()
                .httpBasic(); //启用 HTTP Basic Authentication
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("admin") // 自定义用户名
                .password(passwordEncoder().encode("admin")) // 自定义密码(加密后)
                .roles("ADMIN"); // 设置角色
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder(); // 使用 BCrypt 密码加密
    }
}

5.验证(登录admin/admin)

浏览器访问:
就绪探针(决定流量是否发送):http://localhost:8688/actor/healthcheck/readiness
存活探针(决定容器是否重启):http://localhost:8688/actor/healthcheck/liveness
prometheus指标地址:http://localhost:8688/actor/prometheusMetrics

posted on 2025-01-15 00:22  少年攻城狮  阅读(127)  评论(0)    收藏  举报

导航