Sending client security username and password to Spring Boot Admin via Spring Cloud Kubernetes Service Discovery

1

votes

I am able to discover all services in my namespace and display them on spring boot admin but some of the clients have username/pass protection on some of the actuator endpoints. How can I get this information to spring boot admin via the kubernetes service discovery?

spring-boot-admin

0

votes

I was able to pass the client username and password by adding a tag in kubernetes service discovery of user.name and user.password for each client.

This isn't secure though because anyone with read access can read the metadata.

Is there a way to set a global user name and password for all clients?

0

votes

This configuration will define a default user for the actuator. This default user and password is passed to each actuator call:

spring:
  boot:
    admin:
      # AdminServerProperties used by basicAuthHttpHeadersProvider
      instance-auth:
        default-user-name: myactuatoruser
        default-password: myactuatorpw

Remark: You need at least spring-boot-admin:2.2.3. Check for the appearance of these properties the ConfigurationClass AdminServerProperties.

Otherwise you might define your own HttpHeaderProvider. This is a copy of the 2.2.3 spring-boot-admin Code:

@Bean
@ConditionalOnMissingBean
public BasicAuthHttpHeaderProvider basicAuthHttpHeadersProvider(AdminServerProperties adminServerProperties) {
    AdminServerProperties.InstanceAuthProperties instanceAuth = adminServerProperties.getInstanceAuth();

    if (instanceAuth.isEnabled()) {
        return new BasicAuthHttpHeaderProvider(instanceAuth.getDefaultUserName(),
                instanceAuth.getDefaultPassword(), instanceAuth.getServiceMap());
    }
    else {
        return new BasicAuthHttpHeaderProvider();
    }
}

Sending client security username and password to Spring Boot Admin via Spring Cloud Kubernetes Service Discovery

2 Answers