As of now, we do not have a way to SSH into the container to take the Thread or Heap dumps manually. However, we do have a way to collect the dumps of our Java Microservices running on Azure Spring Cloud using Actuators.

The way you would do it quite simple:

  • Create a Spring Boot Project with the following dependencies:

    • Spring Web
    • Config Client (If required)
    • Eureka Client
    • Actuator

  • Add the following configuration to application.properties:

management.endpoints.web.exposure.include=*

This will expose all the endpoints of actuators that MAY contain sensitive information. So, it is recommended to keep these endpoints secured. You could also expose only the endpoints you require and which do not contain any sensitive information: DOCUMENTATION

  • Add the cloud profile, which is required for Azure Spring Cloud:
<profiles>
<profile>
    <id>cloud</id>
    <dependencies>
        <dependency>
            <groupId>com.microsoft.azure</groupId>
            <artifactId>spring-cloud-starter-azure-spring-cloud-client</artifactId>
            <version>2.2.0</version>
        </dependency>
    </dependencies>
</profile>
</profiles>
  • Build and deploy your application:
mvn clean package -DskipTests -Pcloud
az spring-cloud app deploy -n mymicroservice --jar-path <JAR_FILE>

Once the application is deployed, you can access the Actuators endpoints /actuator/threaddump and /actuator/headpdump to collect the Thread Dump and Heap Dump respectively.

There are other really helpful endpoints available which you can explore by going to /actuators endpoint.

Now, you would also want to secure these endpoints and this can be done using Spring Security dependency:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

Configure the username, password and role via application.properties:

management.endpoints.web.exposure.include=*
spring.security.user.name=admin
spring.security.user.password=HelloWorld123
spring.security.user.roles=ENDPOINT_ADMIN

Create a new Java Class called ActuatorSecurity:

package com.example.demo;

import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration(proxyBeanMethods = false)
public class ActuatorSecurity extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests((requests) ->
                requests.anyRequest().hasRole("ENDPOINT_ADMIN"));
        http.httpBasic();
    }

}

To use Basic Authentication, we would need to also convert our username and password to base64 encoding.

Go to: https://www.base64encode.org/

In the text box enter:

admin:HelloWorld

Copy the encoded output and use that in the curl command below for Basic Authentication:

curl -X GET http://localhost:8080/actuator/health -H 'Authorization: Basic YWRtaW46SGVsbG9Xb3JsZDEyMw=='

{"status":"UP"}

NOTE: If you are using Windows Terminal try using double quotes.

SAMPLE APPLICATION ON GITHUB

That’s it! :v: