From c7ba0467d4ee48bf1590009ecefddbae4293d80a Mon Sep 17 00:00:00 2001 From: Yousung Jung Date: Fri, 19 Sep 2025 15:46:06 +0900 Subject: [PATCH] =?UTF-8?q?Spring=20actuator=20-=20grafana=20=EC=97=B0?= =?UTF-8?q?=EB=8F=99=20(#134)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy-java.yml | 13 +++++++++ apps/user-service/build.gradle | 1 + .../config/security/SecurityConfig.java | 12 +++++++++ .../src/main/resources/application.yml | 18 +++++++++++++ docker/production/agent-config.yml | 27 +++++++++++++++++++ docker/production/docker-compose.yml | 15 ++++++++++- 6 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 docker/production/agent-config.yml diff --git a/.github/workflows/deploy-java.yml b/.github/workflows/deploy-java.yml index e28c159d..8d472520 100644 --- a/.github/workflows/deploy-java.yml +++ b/.github/workflows/deploy-java.yml @@ -31,6 +31,9 @@ jobs: echo "LOKI_PASSWORD=${{ secrets.LOKI_PASSWORD }}" >> .env.prod echo "ENV_NAME=${{ secrets.ENV_NAME }}" >> .env.prod echo "FASTAPI_SERVER_HOST=${{ secrets.FASTAPI_SERVER_HOST }}" >> .env.prod + echo "GRAFANA_CLOUD_PROMETHEUS_URL=${{ secrets.GRAFANA_CLOUD_PROMETHEUS_URL }}" >> .env.prod + echo "GRAFANA_CLOUD_PROMETHEUS_USER=${{ secrets.GRAFANA_CLOUD_PROMETHEUS_USER }}" >> .env.prod + echo "GRAFANA_CLOUD_API_KEY=${{ secrets.GRAFANA_CLOUD_API_KEY }}" >> .env.prod - name: Set repo lowercase run: echo "REPO_LC=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV @@ -74,6 +77,16 @@ jobs: source: "docker/production/promtail-config.yml" target: "~/app" + - name: Copy promtail-config to EC2 + uses: appleboy/scp-action@v0.1.7 + with: + host: ${{ secrets.SERVER_HOST }} + username: ubuntu + key: ${{ secrets.SERVER_SSH_KEY }} + source: "docker/production/agent-config.yml" + target: "~/app" + overwrite: true + - name: Deploy on EC2 uses: appleboy/ssh-action@v1.0.3 with: diff --git a/apps/user-service/build.gradle b/apps/user-service/build.gradle index 096e6d65..23c23124 100644 --- a/apps/user-service/build.gradle +++ b/apps/user-service/build.gradle @@ -61,6 +61,7 @@ dependencies { implementation "io.micrometer:micrometer-tracing-bridge-brave" implementation "io.micrometer:micrometer-tracing" + implementation 'io.micrometer:micrometer-registry-prometheus' implementation "org.springframework.boot:spring-boot-starter-actuator" // Lombok diff --git a/apps/user-service/src/main/java/site/icebang/global/config/security/SecurityConfig.java b/apps/user-service/src/main/java/site/icebang/global/config/security/SecurityConfig.java index 61d668cc..8b5dd63c 100644 --- a/apps/user-service/src/main/java/site/icebang/global/config/security/SecurityConfig.java +++ b/apps/user-service/src/main/java/site/icebang/global/config/security/SecurityConfig.java @@ -4,6 +4,7 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.core.annotation.Order; import org.springframework.core.env.Environment; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationProvider; @@ -56,6 +57,17 @@ public SecureRandom secureRandom() { return new SecureRandom(); } + @Bean + @Order(1) // 높은 우선순위로 설정 + public SecurityFilterChain actuatorSecurityFilterChain(HttpSecurity http) throws Exception { + return http.securityMatcher("/actuator/**") // actuator 경로만 적용 + .authorizeHttpRequests( + auth -> auth.anyRequest().permitAll() // 모든 actuator 요청 허용 + ) + .csrf(csrf -> csrf.disable()) + .build(); + } + @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { return http.authorizeHttpRequests( diff --git a/apps/user-service/src/main/resources/application.yml b/apps/user-service/src/main/resources/application.yml index b3b2dcba..c689ab1a 100644 --- a/apps/user-service/src/main/resources/application.yml +++ b/apps/user-service/src/main/resources/application.yml @@ -13,6 +13,24 @@ mybatis: mapper-locations: classpath:mapper/**/*.xml type-handlers-package: site.icebang.global.config.mybatis.typehandler +management: + endpoints: + web: + exposure: + include: health,info,prometheus + base-path: /actuator + endpoint: + health: + show-details: always + prometheus: + metrics: + export: + enabled: true + server: + address: 127.0.0.1 # localhost에서만 접근 + port: 8081 + security: + enabled: false # 외부 API 연동을 위한 설정 섹션 api: fastapi: diff --git a/docker/production/agent-config.yml b/docker/production/agent-config.yml new file mode 100644 index 00000000..296b2054 --- /dev/null +++ b/docker/production/agent-config.yml @@ -0,0 +1,27 @@ +server: + log_level: info + +prometheus: + wal_directory: /tmp/grafana-agent-wal + global: + scrape_interval: 15s + external_labels: + cluster: production + service: user-service + + configs: + - name: user-service-metrics + remote_write: + - url: ${GRAFANA_CLOUD_PROMETHEUS_URL} + basic_auth: + username: ${GRAFANA_CLOUD_PROMETHEUS_USER} + password: ${GRAFANA_CLOUD_API_KEY} + + scrape_configs: + - job_name: 'user-service' + static_configs: + - targets: ['user-service:8081'] # 컨테이너 간 통신은 가능 + metrics_path: '/actuator/prometheus' + scrape_interval: 15s + params: + format: ['prometheus'] \ No newline at end of file diff --git a/docker/production/docker-compose.yml b/docker/production/docker-compose.yml index 544b4355..9f0a72ad 100644 --- a/docker/production/docker-compose.yml +++ b/docker/production/docker-compose.yml @@ -23,6 +23,7 @@ services: - promtail ports: - "8080:8080" + - "127.0.0.1:8081:8081" # actuator만 localhost 접근 networks: - app-network env_file: @@ -32,13 +33,25 @@ services: volumes: - logs_volume:/logs + # Grafana Agent만으로 메트릭 수집 + 전송 + grafana-agent: + image: grafana/agent:latest + container_name: grafana-agent + restart: unless-stopped + volumes: + - ./agent-config.yml:/etc/agent/agent.yml:ro + networks: + - app-network + env_file: + - .env.prod + promtail: image: grafana/promtail:2.9.0 container_name: promtail restart: unless-stopped volumes: - ./promtail-config.yml:/etc/promtail/config.yml:ro - - logs_volume:/logs # Spring 로그 읽기 + - logs_volume:/logs command: - -config.file=/etc/promtail/config.yml - -config.expand-env=true