[RELEASE] v2.2.5 Granfana Cloud 모니터링 적용#382
Conversation
feat: Grafana Cloud 모니터링 연동 및 actuator 보안 강화
…in-docker fix: management 포트 Docker publish 및 바인딩 주소 수정
- application-prod.yml: management server port 9001 분리 및 eatssu-prod 메트릭 태그 추가 - deploy.yml: prod docker run에 -p 127.0.0.1:9001:9001 포트 publish 추가 resolved #380 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces necessary configurations to integrate Grafana Cloud monitoring into the application. It refines security access for management endpoints and establishes environment-specific metrics tagging to ensure observability across development and production stages. Highlights
New Features🧠 You can now enable Memory (public preview) to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Ignored Files
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Metrics flow to clouds above, / Monitoring with care and love. / Ports are open, tags are set, / The best dashboard you'll ever get. Footnotes
|
There was a problem hiding this comment.
Code Review
이번 풀요청은 Actuator 및 Prometheus 메트릭 설정을 추가하고 보안 설정을 업데이트합니다. SecurityConfig에서 Actuator 화이트리스트를 구체화하고, 개발 및 운영 환경 설정에 관리 서버 포트(9001)와 IP 바인딩(0.0.0.0)을 추가했습니다. 이에 대해 리뷰어는 인증 없는 /actuator/prometheus 노출로 인한 메트릭 정보 유출 우려를 지적하며 화이트리스트 제외를 제안했고, 0.0.0.0 바인딩에 따른 보안 리스크를 방지하기 위해 9001 포트에 대한 네트워크 접근 제어를 강화할 것을 권고했습니다.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| "/", "/oauths/kakao", "/oauths/apple", "/menus/**", "/meals/**", "/admin/login", "/oauths/v2/kakao","/oauths/v2/apple", | ||
| "/reviews", "/reviews/menus/**", "/reviews/meals/**", "/v2/reviews/statistics/**", | ||
| "/v2/reviews/menus/**", "/v2/reviews/meals/**", "/actuator/**", "/error-test/**" | ||
| "/v2/reviews/menus/**", "/v2/reviews/meals/**", "/actuator/health", "/actuator/prometheus", "/error-test/**" |
There was a problem hiding this comment.
[Reviewer, 2026-07-01] /actuator/prometheus 경로를 AUTH_WHITELIST에 추가하여 무인증으로 노출하면 시스템 메트릭 정보가 외부에 유출될 수 있으므로, 이를 화이트리스트에서 제외하고 별도의 인증(예: Basic Auth)이나 IP 필터링을 적용하여 보안을 강화해야 합니다.
| "/v2/reviews/menus/**", "/v2/reviews/meals/**", "/actuator/health", "/actuator/prometheus", "/error-test/**" | |
| "/v2/reviews/menus/**", "/v2/reviews/meals/**", "/actuator/health", "/error-test/**" |
| management: | ||
| server: | ||
| port: 9001 | ||
| address: 0.0.0.0 |
| management: | ||
| server: | ||
| port: 9001 | ||
| address: 0.0.0.0 |
#️⃣ Issue Number
📝 요약(Summary)
💬 공유사항 to 리뷰어
✅ PR Checklist
PR이 다음 요구 사항을 충족하는지 확인하세요.