mirror of https://github.com/coder/coder.git
fix(helm)!: remove prometheus-http port declaration from coderd service spec (#12214)
This PR removes the prometheus-http port entirely from the coder service specification (originally added in #10448). It also removes the Helm value coder.service.prometheusNodePort. Rationale: some cloud providers will helpfully expose all ports on a LoadBalancer service for you. The net effect of this is that setting CODER_PROMETHEUS_ENABLE will end up exposing port 2112 on your coderd service to the internet, which is likely undesired behaviour.
This commit is contained in:
parent
b1c0b39d88
commit
c62a8b0bee
|
@ -35,8 +35,28 @@ The Prometheus endpoint can be enabled in the
|
|||
[Helm chart's](https://github.com/coder/coder/tree/main/helm) `values.yml` by
|
||||
setting the environment variable `CODER_PROMETHEUS_ADDRESS` to `0.0.0.0:2112`.
|
||||
The environment variable `CODER_PROMETHEUS_ENABLE` will be enabled
|
||||
automatically. A Service Endpoint will also be exposed allowing Prometheus
|
||||
Service Monitors to be used.
|
||||
automatically. A Service Endpoint will not be exposed; if you need to expose the
|
||||
Prometheus port on a Service, (for example, to use a `ServiceMonitor`), create a
|
||||
separate headless service instead:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: coder-prom
|
||||
namespace: coder
|
||||
spec:
|
||||
clusterIP: None
|
||||
ports:
|
||||
- name: prom-http
|
||||
port: 2112
|
||||
protocol: TCP
|
||||
targetPort: 2112
|
||||
selector:
|
||||
app.kubernetes.io/instance: coder
|
||||
app.kubernetes.io/name: coder
|
||||
type: ClusterIP
|
||||
```
|
||||
|
||||
### Prometheus configuration
|
||||
|
||||
|
|
|
@ -28,25 +28,6 @@ spec:
|
|||
nodePort: {{ .Values.coder.service.httpsNodePort }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
{{- range .Values.coder.env }}
|
||||
{{- if eq .name "CODER_PROMETHEUS_ENABLE" }}
|
||||
{{/*
|
||||
This sadly has to be nested to avoid evaluating the second part
|
||||
of the condition too early and potentially getting type errors if
|
||||
the value is not a string (like a `valueFrom`). We do not support
|
||||
`valueFrom` for this env var specifically.
|
||||
*/}}
|
||||
{{- if eq .value "true" }}
|
||||
- name: "prometheus-http"
|
||||
port: 2112
|
||||
targetPort: "prometheus-http"
|
||||
protocol: TCP
|
||||
{{ if eq $.Values.coder.service.type "NodePort" }}
|
||||
nodePort: {{ $.Values.coder.service.prometheusNodePort }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if eq "LoadBalancer" .Values.coder.service.type }}
|
||||
{{- with .Values.coder.service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ . | quote }}
|
||||
|
|
|
@ -93,14 +93,6 @@ spec:
|
|||
|
||||
nodePort:
|
||||
|
||||
|
||||
- name: "prometheus-http"
|
||||
port: 2112
|
||||
targetPort: "prometheus-http"
|
||||
protocol: TCP
|
||||
|
||||
nodePort: 31112
|
||||
|
||||
selector:
|
||||
app.kubernetes.io/name: coder
|
||||
app.kubernetes.io/instance: release-name
|
||||
|
|
|
@ -282,11 +282,6 @@ coder:
|
|||
# NodePort. If not set, Kubernetes will allocate a port from the default
|
||||
# range, 30000-32767.
|
||||
httpsNodePort: ""
|
||||
# coder.service.prometheusNodePort -- Enabled if coder.service.type is set
|
||||
# to NodePort. If not set, Kubernetes will allocate a port from the default
|
||||
# range, 30000-32767. The "prometheus-http" port on the coder service is
|
||||
# only exposed if CODER_PROMETHEUS_ENABLE is set to true.
|
||||
prometheusNodePort: ""
|
||||
|
||||
# coder.ingress -- The Ingress object to expose for Coder.
|
||||
ingress:
|
||||
|
|
Loading…
Reference in New Issue