Monitoring Microservices with Spring Boot Admin and Spring Cloud
Spring Boot Admin provides a web-based management interface for Spring Boot applications. Built on top of Spring Boot Actuator, it offers a visual dashboard for monitoring application health, metrics, and configurations. Key capabilities include:
- Application status and version tracking
- Log level management
- JMX bean interaction
- Thread and session monitoring
- HTTP request tracing
- System properties, environment variables, and memory usage inspection
Setting Up the Admin Server
The Admin Server requires registration with a Eureka Server for service discovery. Create a new module named monitoring-server with the following Maven configuration:
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<dependency>
<groupId>de.codecentric</groupId>
<artifactId>spring-boot-admin-starter-server</artifactId>
<version>2.0.1</version>
</dependency>
</dependencies>Enable the Admin Server in the main application class:
@EnableAdminServer
@SpringBootApplication
public class MonitoringServerApplication {
public static void main(String[] args) {
SpringApplication.run(MonitoringServerApplication.class, args);
}
}Configure the server in application.yml:
server:
port: 5000
spring:
application:
name: monitoring-server
eureka:
client:
service-url:
defaultZone: ${EUREKA_URI:http://localhost:8761}/eureka/Client Registration Options
Option 1: Admin Client Dependency
For direct registration without Eureka discovery, add the Admin Client dependency along with Actuator:
<dependency>
<groupId>de.codecentric</groupId>
<artifactId>spring-boot-admin-starter-client</artifactId>
<version>2.0.1</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>The client configuration specifies the Admin Server URL and exposes Actuator endpoints:
server:
port: 8762
spring:
application:
name: user-service
boot:
admin:
client:
url: http://localhost:5000
eureka:
instance:
leaseRenewalIntervalInSeconds: 10
health-check-url-path: /actuator/health
client:
registryFetchIntervalSeconds: 5
service-url:
defaultZone: ${EUREKA_URI:http://localhost:8761}/eureka/
management:
endpoints:
web:
exposure:
include: '*'
endpoint:
health:
show-details: ALWAYSOption 2: Spring Cloud Discovery
When using Eureka, the Admin Server can automatically discover registered services. Replace the Admin Client dependency with Eureka Client:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>This approach requires no additional configuration on the client side for registration.
Securing the Admin Server
Given access to sensitive endpoints, securing the Admin Server is recommended. Add Spring Security:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>Define credentials and configure the security context path:
server:
port: 5000
spring:
application:
name: monitoring-server
security:
user:
name: admin
password: secret123
eureka:
instance:
metadata-map:
user.name: ${spring.security.user.name}
user.password: ${spring.security.user.password}
management:
endpoints:
web:
exposure:
include: "*"Create a security configuration class:
@Configuration
public class AdminSecurityConfig extends WebSecurityConfigurerAdapter {
private final String contextPath;
public AdminSecurityConfig(AdminServerProperties properties) {
this.contextPath = properties.getContextPath();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
SavedRequestAwareAuthenticationSuccessHandler handler =
new SavedRequestAwareAuthenticationSuccessHandler();
handler.setTargetUrlParameter("redirectTo");
http.authorizeRequests()
.antMatchers(contextPath + "/assets/**").permitAll()
.antMatchers(contextPath + "/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage(contextPath + "/login").successHandler(handler)
.and()
.logout().logoutUrl(contextPath + "/logout")
.and()
.httpBasic()
.and()
.csrf().disable();
}
}Client-Side Security Configuration
When the Admin Server is secured, clients using direct registration must include credentials:
spring:
boot:
admin:
client:
url: http://localhost:5000
username: admin
password: secret123For clients using Spring Cloud Discovery, provide credentials through Eureka metadata:
spring:
security:
user:
name: service-user
password: service-pass
eureka:
instance:
metadata-map:
user.name: ${spring.security.user.name}
user.password: ${spring.security.user.password}The Eureka metadata-map allows the Admin Server to retrieve authentication credentials for accessing secured Actuator endpoints on registered services. When a service registers with Eureka, the Admin Server reads these metadata values and includes them in the request headers when querying the service's monitoring endpoints.
