Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move metrics endpoint listener to use 127.0.0.1 as default #7714

Merged
merged 2 commits into from
Feb 1, 2024
Merged

Move metrics endpoint listener to use 127.0.0.1 as default #7714

merged 2 commits into from
Feb 1, 2024

Conversation

kwilczynski
Copy link
Member

@kwilczynski kwilczynski commented Jan 26, 2024
edited

/kind feature
/assign kwilczynski

What this PR does / why we need it:

Move the metrics endpoint listener to 127.0.0.1 as the default address if no other custom IP address or hostname has been provided. This aims to improve the default security stance in CRI-O when metrics collection is enabled.

While at it, update verbiage of documentation, configuration files and code comments around custom host and port support for metrics.

Related:

Which issue(s) this PR fixes:

None

Special notes for your reviewer:

None

Does this PR introduce a user-facing change?

Move the metrics endpoint listener to use 127.0.0.1 as the new default.

@openshift-ci openshift-ci bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. labels Jan 26, 2024
@kwilczynski kwilczynski changed the title Move metrics endpoint listener to use 127.0.0.1 as default [WIP] Move metrics endpoint listener to use 127.0.0.1 as default Jan 26, 2024
@openshift-ci openshift-ci bot added the kind/feature Categorizes issue or PR as related to a new feature. label Jan 26, 2024
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jan 26, 2024
@codecov Codecov
Copy link

codecov bot commented Jan 26, 2024
edited

Codecov Report

❗ No coverage uploaded for pull request base (main@87a309c). Click here to learn what that means.
Report is 23 commits behind head on main.
The diff coverage is 37.50%.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #7714   +/-   ##
=======================================
  Coverage        ?   47.97%           
=======================================
  Files           ?      145           
  Lines           ?    16266           
  Branches        ?        0           
=======================================
  Hits            ?     7803           
  Misses          ?     7518           
  Partials        ?      945

@kwilczynski kwilczynski force-pushed the fix/metrics-unix-socket-listener branch from 079ddb6 to 8c2614b Compare January 28, 2024 13:40
@kwilczynski
Move metrics endpoint listener to use 127.0.0.1 as default
ea75b9b 
Signed-off-by: Krzysztof Wilczyński <kwilczynski@redhat.com>
@kwilczynski kwilczynski force-pushed the fix/metrics-unix-socket-listener branch from 8c2614b to 8dbd49d Compare January 28, 2024 13:45
@kwilczynski
Copy link
Member Author

/retest-required

@kwilczynski kwilczynski force-pushed the fix/metrics-unix-socket-listener branch 5 times, most recently from fea3781 to c234f6e Compare January 28, 2024 18:35
@kwilczynski kwilczynski changed the title [WIP] Move metrics endpoint listener to use 127.0.0.1 as default Move metrics endpoint listener to use 127.0.0.1 as default Jan 28, 2024
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jan 28, 2024
@kwilczynski
Copy link
Member Author

/retest-required

3 similar comments
@kwilczynski
Copy link
Member Author

/retest-required

@kwilczynski
Copy link
Member Author

/retest-required

@kwilczynski
Copy link
Member Author

/retest-required

saschagrunert
saschagrunert reviewed Jan 29, 2024
View reviewed changes
test/metrics.bats Outdated Show resolved Hide resolved
@kwilczynski
Add integration tests
63ff1ee 
Signed-off-by: Krzysztof Wilczyński <kwilczynski@redhat.com>
@kwilczynski kwilczynski force-pushed the fix/metrics-unix-socket-listener branch from c234f6e to 63ff1ee Compare January 29, 2024 11:32
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jan 29, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jan 29, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kwilczynski, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 29, 2024
@sohankunkerkar
Copy link
Member

/retest

@kwilczynski
Copy link
Member Author

/retest-required

1 similar comment
@kwilczynski
Copy link
Member Author

/retest-required

@sohankunkerkar
Copy link
Member

/retest

1 similar comment
@sohankunkerkar
Copy link
Member

/retest

@kwilczynski
Copy link
Member Author

/retest-required

@openshift-merge-bot openshift-merge-bot bot merged commit 89c2c7a into cri-o:main Feb 1, 2024
62 checks passed
@kwilczynski kwilczynski deleted the fix/metrics-unix-socket-listener branch February 1, 2024 16:20
@kwilczynski
Copy link
Member Author

/cherry-pick release-1.29

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Feb 1, 2024
Closed
@openshift-cherrypick-robot
Copy link

@kwilczynski: new pull request created: #7725

In response to this:

/cherry-pick release-1.29

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@kwilczynski kwilczynski mentioned this pull request Feb 2, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saschagrunert saschagrunert saschagrunert approved these changes

@mrunalp mrunalp Awaiting requested review from mrunalp mrunalp is a code owner

@sohankunkerkar sohankunkerkar Awaiting requested review from sohankunkerkar

@wgahnagl wgahnagl Awaiting requested review from wgahnagl

Assignees

@kwilczynski kwilczynski

@saschagrunert saschagrunert

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@kwilczynski @sohankunkerkar @openshift-cherrypick-robot @saschagrunert