server
pom.xml
<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.3.2.RELEASE</version><relativePath /></parent><groupId>com.qizai</groupId><artifactId>ops-admin-server</artifactId><version>0.0.1-SNAPSHOT</version><name>ops-admin-server</name><description>spring-boot-admin on k8s</description><properties><java.version>1.8</java.version></properties><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>de.codecentric</groupId><artifactId>spring-boot-admin-starter-server</artifactId><version>2.3.1</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><!-- 需要在k8s环境下才能使用 --><!-- <dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-kubernetes-discovery</artifactId><version>1.1.6.RELEASE</version></dependency> --></dependencies><build><plugins><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId><executions><execution><id>repackage</id><goals><goal>repackage</goal></goals></execution></executions></plugin></plugins></build></project>
ServerApplication.java
package com.qizai.opsserver;import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication;import org.springframework.scheduling.annotation.EnableScheduling;import de.codecentric.boot.admin.server.config.EnableAdminServer;@EnableAdminServer//@org.springframework.cloud.client.discovery.EnableDiscoveryClient //开启k8s@EnableScheduling // 开启定时任务,不加此注解服务发现不会执行定时刷新@SpringBootApplicationpublic class ServerApplication {public static void main(String[] args) {SpringApplication.run(ZcOpsServerApplication.class, args);}}
SecuritySecureConfig.java
package com.qizai.opsserver;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;import org.springframework.security.web.csrf.CookieCsrfTokenRepository;import de.codecentric.boot.admin.server.config.AdminServerProperties;@Configurationpublic class SecuritySecureConfig extends WebSecurityConfigurerAdapter {private final String adminContextPath;public SecuritySecureConfig(AdminServerProperties adminServerProperties) {this.adminContextPath = adminServerProperties.getContextPath();}@Overrideprotected void configure(HttpSecurity http) throws Exception {SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();successHandler.setTargetUrlParameter("redirectTo");successHandler.setDefaultTargetUrl(adminContextPath + "/");http.authorizeRequests()// 1.配置所有静态资源和登录页可以公开访问.antMatchers(adminContextPath + "/assets/**").permitAll().antMatchers(adminContextPath + "/login").permitAll().antMatchers(adminContextPath + "/actuator/health").permitAll().anyRequest().authenticated().and()// 2.配置登录和登出路径.formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and().logout().logoutUrl(adminContextPath + "/logout").and()// 3.开启http basic支持,admin-client注册时需要使用.httpBasic().and().csrf()// 4.开启基于cookie的csrf保护.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())// 5.忽略这些路径的csrf保护以便admin-client注册.ignoringAntMatchers(adminContextPath + "/instances", adminContextPath + "/actuator/**");}}
application.properties
server.port=8080management.endpoints.web.exposure.include=*# 不配权限不需要spring.security.user.name=opsspring.security.user.password=opsPsw# client 的用户名和密码spring.boot.admin.client.instance.metadata.user.name=${spring.security.user.name}spring.boot.admin.client.instance.metadata.user.password=${spring.security.user.password}#----以下在k8s下需要设置# 按设要监控 Service 的端口名称spring.cloud.kubernetes.discovery.primaryPortName=management# 设置要监控 Service 的 Label 标签spring.cloud.kubernetes.discovery.serviceLabels.admin=enabled
client
pom.xml
<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.3.2.RELEASE</version><relativePath /></parent><groupId>com.qizai</groupId><artifactId>ops-admin-client</artifactId><version>0.0.1-SNAPSHOT</version><name>ops-admin-client</name><description>spring-boot-client on k8s</description><properties><java.version>1.8</java.version></properties><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>de.codecentric</groupId><artifactId>spring-boot-admin-starter-client</artifactId><version>2.3.1</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-actuator</artifactId></dependency><dependency><groupId>io.micrometer</groupId><artifactId>micrometer-registry-prometheus</artifactId></dependency></dependencies><build><plugins><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId><executions><execution><id>repackage</id><goals><goal>repackage</goal></goals></execution></executions></plugin></plugins></build></project>
ClientApplication.java
package com.qizai.opsclient;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class ClientApplication {
public static void main(String[] args) {
SpringApplication.run(OpsAdminClientApplication.class, args);
}
}
SpringSecurityActuatorConfig.java
package com.qizai.opsclient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class SpringSecurityActuatorConfig extends WebSecurityConfigurerAdapter {
private static Logger log = LoggerFactory.getLogger(SpringSecurityActuatorConfig.class);
public SpringSecurityActuatorConfig() {
log.info("SpringSecurityActuatorConfig... start");
}
@Override
public void configure(WebSecurity web) throws Exception {
// 排除
web.ignoring().antMatchers("/actuator/health");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// 这个配置只针对 /actuator/** 的请求生效
http.antMatcher("/actuator/**")
// /actuator/下所有请求都要认证
.authorizeRequests().anyRequest().authenticated()
// 启用httpBasic认证模式,当springboot admin-client 配置了密码时,
// admin-server走httpbasic的认证方式来拉取client的信息
.and().httpBasic()
// 禁用csrf
.and().csrf().disable();
}
}
application.properties
server.port=8082
spring.application.name=ops-client-k8s
management.endpoints.web.exposure.include=*
# client 的用户名和密码
spring.security.user.name=saAdmin
spring.security.user.password=saPsw
spring.boot.admin.client.instance.metadata.user.name=${spring.security.user.name}
spring.boot.admin.client.instance.metadata.user.password=${spring.security.user.password}
# server 配置
spring.boot.admin.client.url=http://10.0.2.69:8080
spring.boot.admin.client.username=saAdmin
spring.boot.admin.client.password=saPsw
#----以下在k8s下需要设置
# 按设要监控 Service 的端口名称
spring.cloud.kubernetes.discovery.primaryPortName=management
# 设置要监控 Service 的 Label 标签
spring.cloud.kubernetes.discovery.serviceLabels.admin=enabled
https://ica10888.com/2019/01/03/%E5%9C%A8kubernetes%E9%9B%86%E7%BE%A4%E4%B8%AD%E4%BD%BF%E7%94%A8prometheus%E5%AE%9E%E7%8E%B0%E5%AF%B9SpringCloud%E7%9A%84HPA.html
https://github.com/stefanprodan/k8s-prom-hpa
https://zhuanlan.zhihu.com/p/34555654
https://github.com/prometheus-operator/kube-prometheus
若有收获,就点个赞吧
0 人点赞
