K
Q

SprintBoot - Unable to disable sensitive metrics

5/24/2017

I am currently working inside a K8S cluster and I have the following end point exposed.

http://172.16.46.16:8080/websocket/metrics

Now the application that I have is Sprint Boot related. In order to hit this URL, it is currently sensitive meaning that it requires a user/name password.

As per documentation , I can turn off the sensitive feature on metrics so that I don't need username/pass to authorize myself. Since I do not want to hard code this in my configuration, I am passing the required parameter at runtime.

My K8S controller file is ::

# cat websocket-replication-controller.yaml 
apiVersion: v1
kind: ReplicationController
metadata:
  name: websocket-backend-controller
spec:
  replicas: 2
  selector:
    name: websocket-backend
  template:
    metadata:
      labels:
        name: websocket-backend
      annotations:
        prometheus.io/scrape: 'true'
        prometheus.io/path: /websocket/metrics
        prometheus.io/port: '8080'
    spec:
      containers:
      - name: websocket-backend
        image: armdocker.rnd.ericsson.se/proj_csdp/websocket_backend:3.0.6
        imagePullPolicy: IfNotPresent
        ports:
          - containerPort: 8080
        livenessProbe:
          httpGet:
            port: 8080
            path: /websocket/health
          initialDelaySeconds: 300
          timeoutSeconds: 30
        volumeMounts:
          - name: nfs
            mountPath: "/vault"
        command:
          - java
          - -Duser.timezone=UTC
          - -jar
          - -Dspring.profiles.active=clustered
          - websocket.jar
          - --endpoints.metrics.sensitive=false
      volumes:
        - name: nfs
          nfs:
            server: kube-nfs
            path: "/kubenfs/vault"
            readOnly: true

The final command looks like :

java -Duser.timezone=UTC -jar -Dspring.profiles.active=clustered websocket.jar --endpoints.metrics.sensitive=false

Starting the application this way does not seem to be over riding the metric sensitive behavior. I still get server returned HTTP status 401 Unauthorized

enter image description here

I was able to access my pod and look for any ERROR but I do not see any.

Is there something I am missing here ?

--
kubernetes
prometheus
spring
spring-boot
spring-boot-actuator

Similar Questions

Kubernetes statefulsets in a GCE multiple zone deployment
Kubernetes clean slate
GKE & Stackdriver: Java logback logging format?
Mounting NFS volume in Google Container Engine with Container OS (COS)

1 Answer

1/16/2018

Try to disable Spring Security for management too --management.security.enabled=false, command:

java -Duser.timezone=UTC -jar -Dspring.profiles.active=clustered websocket.jar 
     --endpoints.metrics.sensitive=false
     --management.security.enabled=false

In this case is good idea to expose management endpoints on custom port e.g.: management.port=9081

You can also enable security and provide default user and password:

management.security.enabled=true
security.user.name=user
security.user.password=pa55word

Please read Spring Documentation: Monitoring and management over HTTP

-- kinjelom
Source: StackOverflow