Add a property to disable HTTP Observations for actuator endpoints #34801
Comments
jonatan-ivanov
added
type: enhancement
jonatan-ivanov
changed the title
scottfrederick
removed
the
status: waiting-for-triage
|
Connected issue in Framework: spring-projects/spring-framework#29210 |
|
I implemented this solution in our services and it makes things worse than better because there is also Spring Security Observation. The security observation is not affected (because) this predicate disables only Of course I can disable Spring Security Observation but it does not make sense because then there can be for example Spring Data Observation. |
|
There are a few connected issues to this, let me try to collect them here:
What you described as an issue can be a valid use-case for other users (ignoring parent observation but keeping children) but there is a solution/workaround to disable every Observation that was triggered through a specific HTTP endpoint (e.g.: |
|
Ohh thanks. It is a nice summary. I was totally blind 🤦. Now it makes more sense to me. It is pretty hard to follow everything regarding observation because you need to follow/search multiple projects. I believe that most of these issues will be resolved in the Spring Boot 3.1. I really appreciate your work 👍. |
|
@jonatan-ivanov Do you have working workarounds to disable every Observation that was triggered through a specific HTTP endpoint for WebFlux as well? |
|
I might have something that could work for you but I have never tried with webflux and I did not test it a lot for webmvc, I threw it out because of the I think you might be able to write a private Observation.Context getRoot(Observation.Context current) {
ObservationView parent = current.getParentObservation();
if (parent == null) {
return current;
}
else {
return getRoot((Context) parent.getContextView());
}
}And if you got the root, you can check if it is an "HTTP context" and the path so you can ignore actuator, something like this: @Bean
ObservationPredicate noActuatorServerObservations() {
return (name, context) ->
Context root = getRoot(context);
if (root instanceof ServerRequestObservationContext serverContext) {
return !serverContext.getCarrier().getRequestURI().startsWith("/actuator");
}
else {
return true;
}
};
}I guess another workaround could be getting the current request from Reactor somehow, maybe @chemicL or @bclozel could help in that. |
|
From Reactor's perspective, I think not much can be done, aside from clearing the ObservationThreadLocalAccessor.KEY from the Reactor |
|
I may not be in the right place, but I think my issue is related to this. I migrated a project from spring boot 2.7.x to 3.1.0, and the application always failed to start due to this error I don't have any custom metric in the application, it is not due to any custom code. I ended up adding this bean that solves the issue, but there should not be a null metric trying to be registered! |
|
@saulgiordani can you create a new issue in the Spring Framework project with a sample application reproducing the problem? Thanks! |
jonatan-ivanov
changed the title
There's something weird with test using WebTestClient, see the two failing tests in WebFluxObservationAutoConfigurationTests: - whenActuatorObservationsDisabledObservationsShouldNotBeRecordedUsingCustomWebfluxBasePath - whenActuatorObservationsDisabledObservationsShouldNotBeRecordedUsingCustomWebfluxBasePathAndCustomEndpointBasePath Closes spring-projectsgh-34801
There's something weird with test using WebTestClient, see the two failing tests in WebFluxObservationAutoConfigurationTests: - whenActuatorObservationsDisabledObservationsShouldNotBeRecordedUsingCustomWebfluxBasePath - whenActuatorObservationsDisabledObservationsShouldNotBeRecordedUsingCustomWebfluxBasePathAndCustomEndpointBasePath Closes spring-projectsgh-34801
mhalbritter
changed the title
There's something weird with test using WebTestClient, see the two failing tests in WebFluxObservationAutoConfigurationTests: - whenActuatorObservationsDisabledObservationsShouldNotBeRecordedUsingCustomWebfluxBasePath - whenActuatorObservationsDisabledObservationsShouldNotBeRecordedUsingCustomWebfluxBasePathAndCustomEndpointBasePath Closes spring-projectsgh-34801
Hi @bclozel, the issue was on my side. I implemented the interface ServerRequestObservationConvention without overriding the getName() method, this is why it was returning null |
There's something weird with test using WebTestClient, see the two failing tests in WebFluxObservationAutoConfigurationTests: - whenActuatorObservationsDisabledObservationsShouldNotBeRecordedUsingCustomWebfluxBasePath - whenActuatorObservationsDisabledObservationsShouldNotBeRecordedUsingCustomWebfluxBasePathAndCustomEndpointBasePath Closes spring-projectsgh-34801
This comment was marked as off-topic.
This comment was marked as off-topic.
|
if it helps progress this, I would suggest peeling off the health endpoint as something easier to land maybe? Use in docker and k8s fills up trace repositories with traces named like This is a bad experience for those migrating from sleuth or anything else that skips health by default |
|
A workaround for docker is to configure the HEALTHCHECK to add the header 'b3: 0' (if using brave, as even when outbound propagation is set to b3 multi, inbound leniently accepts this). k8s is more complicated because some define liveness and readiness in a deployment (e.g. helm) and that variant doesn't seem to accept http headers 😢 Note this won't work for w3c, as they intentionally decided to not define a way to say "never sample" |
|
@codefromthecrypt You might be able to do this as a workaround: @Bean
ObservationPredicate noActuatorServerObservations() {
return (name, context) -> {
if (name.equals("http.server.requests") && context instanceof ServerRequestObservationContext serverContext) {
return !serverContext.getCarrier().getRequestURI().startsWith("/actuator");
}
else {
return true;
}
};
} |
|
note @nidhi-nair seemed to need to look up a root context to implement this, though I don't know if it was project-specific appsmithorg/appsmith#24758 |
|
@jonatan-ivanov thanks I was able to get something similar working openzipkin/brave-example#120 |
|
one thing that became apparent in this exercise is that this is the perfect thing to normalize in a property at least until there's a generic HTTP path accessor. Depending on if you are reactive or not, you have to define this predicate with different types. I think that's not ideal especially for something that used to work via property. |
Yes, you need to find the root in some use-cases. I would say it is use-case specific: if you have more than one spans and you don't have access to the original request (or something that the root has), you need to look the root up, here's another use case with some possible shortcuts in Spring Security: spring-projects/spring-security#12854
👍🏼
I agree, I also think that this could be more generic (not actuator-only) where the users are able to define the path prefix. |
|
We run our Spring Boot apps on Kubernetes. Our typical configuration looks like (see management:
server:
port: 8081
endpoint:
health:
probes.enabled: true
group:
liveness:
include: livenessState
additional-path: server:/livez
readiness:
include: readinessState
additional-path: server:/readyzIt would be nice to automatically disable observations for additional endpoints as well (according to |
It seems there is a good amount of users who are registering an
ObservationPredicatein order to disable Observations for/actuator/**endpoints, something like this:I think this common use-case could be simplified by creating a similar bean (for mvc and webflux) and let the users to configure this using a single property.
The text was updated successfully, but these errors were encountered: