From 6bbd4333e82d119cbe0a74e4d5678da66d91512d Mon Sep 17 00:00:00 2001 From: Ankit Bhardwaj Date: Fri, 27 Oct 2023 13:03:46 +0530 Subject: [PATCH] INFRA-2148 | Ankit Bhardwaj | whitelisted Actuator endpoint, add elastic apm, add 4xx and 5xx alerts --- Dockerfile | 5 ++++- deployment_manifest.json | 20 +++++++++++++++++++ .../configuration/SecurityConfiguration.java | 2 +- src/main/resources/elasticapm.properties | 2 ++ 4 files changed, 27 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 52f8e2d3..6789623b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,6 +9,7 @@ COPY templates /build/src/templates COPY gocd-templates /build/src/gocd-templates COPY scripts /build/src/scripts COPY entrypoint.sh /build/entrypoint.sh +RUN wget -O elastic-apm.jar https://repo1.maven.org/maven2/co/elastic/apm/elastic-apm-agent/1.42.0/elastic-apm-agent-1.42.0.jar RUN mvn -Dhttps.protocols=TLSv1.2 -B dependency:resolve dependency:resolve-plugins RUN mvn clean verify -DskipTests -Dartifact.version=${ARTIFACT_VERSION} @@ -16,6 +17,8 @@ FROM 193044292705.dkr.ecr.ap-south-1.amazonaws.com/common/openjdk:11.0.5-jre-sli ARG ARTIFACT_VERSION=0.0.1-SNAPSHOT RUN mkdir -p /usr/local WORKDIR /usr/local/ +COPY --from=builder /build/elastic-apm.jar /usr/local/elastic-apm.jar +COPY --from=builder /build/src/main/resources/elasticapm.properties /usr/local/elasticapm.properties COPY --from=builder /build/target/deployment-portal-backend-${ARTIFACT_VERSION}.jar /usr/local/deployment-portal-backend.jar COPY --from=builder /build/src/templates /usr/local/templates COPY --from=builder /build/src/gocd-templates /usr/local/gocd-templates @@ -38,4 +41,4 @@ RUN chmod +x ./kubectl-argo-rollouts-linux-amd64 && cp ./kubectl-argo-rollouts-l ENTRYPOINT ["/usr/local/entrypoint.sh"] USER 4000 -CMD ["sh", "-c", "java ${JVM_OPTS} -jar /usr/local/deployment-portal-backend.jar"] +CMD ["sh", "-c", "java ${JVM_OPTS} -javaagent:/usr/local/elastic-apm.jar -jar /usr/local/deployment-portal-backend.jar"] \ No newline at end of file diff --git a/deployment_manifest.json b/deployment_manifest.json index a27aa16e..8cc1ab37 100644 --- a/deployment_manifest.json +++ b/deployment_manifest.json @@ -145,6 +145,26 @@ "failureThreshold": 3, "httpHeaders": [] } + }, + "alerts": { + "kafka": [], + "custom": [], + "database": [], + "loadBalancer": [ + { + "type": "elb4xx", + "duration": "3m", + "severity": "critical", + "threshold": 1 + }, + { + "type": "elb5xx", + "duration": "3m", + "severity": "critical", + "threshold": 1 + } + ], + "prometheusRecordingRule": [] } }, "extraResources": { diff --git a/src/main/java/com/navi/infra/portal/configuration/SecurityConfiguration.java b/src/main/java/com/navi/infra/portal/configuration/SecurityConfiguration.java index fe8a8d1e..34c863c4 100644 --- a/src/main/java/com/navi/infra/portal/configuration/SecurityConfiguration.java +++ b/src/main/java/com/navi/infra/portal/configuration/SecurityConfiguration.java @@ -52,7 +52,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter { .and().cors() .and().authorizeRequests() .antMatchers("/**/*.{js,html,css}").permitAll() - .antMatchers("/", "/api/user", "/health", "/actuator/health").permitAll() + .antMatchers("/", "/api/user", "/health", "/actuator/**").permitAll() .anyRequest().authenticated(); http.sessionManagement().invalidSessionUrl("/dashboard"); diff --git a/src/main/resources/elasticapm.properties b/src/main/resources/elasticapm.properties index e69de29b..6ee3499c 100644 --- a/src/main/resources/elasticapm.properties +++ b/src/main/resources/elasticapm.properties @@ -0,0 +1,2 @@ +application_packages=com.navi.infra.portal +service_name=deployment-portal-backend \ No newline at end of file