Skip to content

[RELEASE] v2.2.5 Granfana Cloud 모니터링 적용#382

Merged
pooreumjung merged 9 commits into
mainfrom
develop
Jul 1, 2026
Merged

[RELEASE] v2.2.5 Granfana Cloud 모니터링 적용#382
pooreumjung merged 9 commits into
mainfrom
develop

Conversation

@pooreumjung

@pooreumjung pooreumjung commented Jul 1, 2026

Copy link
Copy Markdown
Member

#️⃣ Issue Number

📝 요약(Summary)

💬 공유사항 to 리뷰어

✅ PR Checklist

PR이 다음 요구 사항을 충족하는지 확인하세요.

  • 커밋 메시지 컨벤션에 맞게 작성했습니다.
  • 변경 사항에 대한 테스트를 했습니다.(버그 수정/기능에 대한 테스트).

pooreumjung and others added 9 commits June 30, 2026 17:48
feat: Grafana Cloud 모니터링 연동 및 actuator 보안 강화
…in-docker

fix: management 포트 Docker publish 및 바인딩 주소 수정
- application-prod.yml: management server port 9001 분리 및 eatssu-prod 메트릭 태그 추가
- deploy.yml: prod docker run에 -p 127.0.0.1:9001:9001 포트 publish 추가

resolved #380

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@pooreumjung pooreumjung self-assigned this Jul 1, 2026
@pooreumjung pooreumjung added the feat 개발, 구현 label Jul 1, 2026
@gemini-code-assist

Copy link
Copy Markdown
Contributor

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces necessary configurations to integrate Grafana Cloud monitoring into the application. It refines security access for management endpoints and establishes environment-specific metrics tagging to ensure observability across development and production stages.

Highlights

  • Security Configuration Update: Updated the security whitelist to explicitly allow access to actuator health and prometheus endpoints instead of exposing the entire actuator path.
  • Monitoring Infrastructure Setup: Configured management server settings and metrics tags in both development and production environments to support Grafana Cloud monitoring.
New Features

🧠 You can now enable Memory (public preview) to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Ignored Files
  • Ignored by pattern: .github/workflows/** (1)
    • .github/workflows/deploy.yml
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.


Metrics flow to clouds above, / Monitoring with care and love. / Ports are open, tags are set, / The best dashboard you'll ever get.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@pooreumjung pooreumjung merged commit 37d04f5 into main Jul 1, 2026
1 check passed

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

이번 풀요청은 Actuator 및 Prometheus 메트릭 설정을 추가하고 보안 설정을 업데이트합니다. SecurityConfig에서 Actuator 화이트리스트를 구체화하고, 개발 및 운영 환경 설정에 관리 서버 포트(9001)와 IP 바인딩(0.0.0.0)을 추가했습니다. 이에 대해 리뷰어는 인증 없는 /actuator/prometheus 노출로 인한 메트릭 정보 유출 우려를 지적하며 화이트리스트 제외를 제안했고, 0.0.0.0 바인딩에 따른 보안 리스크를 방지하기 위해 9001 포트에 대한 네트워크 접근 제어를 강화할 것을 권고했습니다.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

"/", "/oauths/kakao", "/oauths/apple", "/menus/**", "/meals/**", "/admin/login", "/oauths/v2/kakao","/oauths/v2/apple",
"/reviews", "/reviews/menus/**", "/reviews/meals/**", "/v2/reviews/statistics/**",
"/v2/reviews/menus/**", "/v2/reviews/meals/**", "/actuator/**", "/error-test/**"
"/v2/reviews/menus/**", "/v2/reviews/meals/**", "/actuator/health", "/actuator/prometheus", "/error-test/**"

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-high high

[Reviewer, 2026-07-01] /actuator/prometheus 경로를 AUTH_WHITELIST에 추가하여 무인증으로 노출하면 시스템 메트릭 정보가 외부에 유출될 수 있으므로, 이를 화이트리스트에서 제외하고 별도의 인증(예: Basic Auth)이나 IP 필터링을 적용하여 보안을 강화해야 합니다.

Suggested change
"/v2/reviews/menus/**", "/v2/reviews/meals/**", "/actuator/health", "/actuator/prometheus", "/error-test/**"
"/v2/reviews/menus/**", "/v2/reviews/meals/**", "/actuator/health", "/error-test/**"

management:
server:
port: 9001
address: 0.0.0.0

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-medium medium

[Reviewer, 2026-07-01] 운영 환경(prod)에서 management.server.address를 0.0.0.0으로 설정하면 모든 네트워크 인터페이스에 바인딩되므로, 방화벽이나 보안 그룹을 통해 9001 포트로의 외부 접근을 엄격히 제한해야 합니다.

management:
server:
port: 9001
address: 0.0.0.0

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-medium medium

[Reviewer, 2026-07-01] 개발 환경(dev)에서 management.server.address를 0.0.0.0으로 설정할 경우, 외부망에 노출되지 않도록 보안 그룹 및 네트워크 접근 제어(NACL)를 통해 9001 포트를 보호해야 합니다.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

feat 개발, 구현

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant