petru/coder-server
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

fix(helm)!: remove prometheus-http port declaration from coderd service spec (#12214)

Browse Source 
This PR removes the prometheus-http port entirely from the coder service specification (originally added in #10448). It also removes the Helm value coder.service.prometheusNodePort.

Rationale: some cloud providers will helpfully expose all ports on a LoadBalancer service for you. The net effect of this is that setting CODER_PROMETHEUS_ENABLE will end up exposing port 2112 on your coderd service to the internet, which is likely undesired behaviour.
This commit is contained in:
Cian Johnston
2024-02-20 11:36:17 +00:00
committed by GitHub
parent b1c0b39d88
commit c62a8b0bee
4 changed files with 22 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files
helm/coder/templates/service.yaml
-19
View File
@@ -28,25 +28,6 @@ spec:
nodePort: {{ .Values.coder.service.httpsNodePort }}
{{ end }}
{{- end }}
{{- range .Values.coder.env }}
{{- if eq .name "CODER_PROMETHEUS_ENABLE" }}
{{/*
This sadly has to be nested to avoid evaluating the second part
of the condition too early and potentially getting type errors if
the value is not a string (like a `valueFrom`). We do not support
`valueFrom` for this env var specifically.
*/}}
{{- if eq .value "true" }}
- name: "prometheus-http"
port: 2112
targetPort: "prometheus-http"
protocol: TCP
{{ if eq $.Values.coder.service.type "NodePort" }}
nodePort: {{ $.Values.coder.service.prometheusNodePort }}
{{ end }}
{{- end }}
{{- end }}
{{- end }}
{{- if eq "LoadBalancer" .Values.coder.service.type }}
{{- with .Values.coder.service.loadBalancerIP }}
loadBalancerIP: {{ . | quote }}
helm/coder/tests/testdata/prometheus.golden
Vendored
-8
View File
@@ -93,14 +93,6 @@ spec:
nodePort:
- name: "prometheus-http"
port: 2112
targetPort: "prometheus-http"
protocol: TCP
nodePort: 31112
selector:
app.kubernetes.io/name: coder
app.kubernetes.io/instance: release-name
helm/coder/values.yaml
-5
View File
@@ -282,11 +282,6 @@ coder:
# NodePort. If not set, Kubernetes will allocate a port from the default
# range, 30000-32767.
httpsNodePort: ""
# coder.service.prometheusNodePort -- Enabled if coder.service.type is set
# to NodePort. If not set, Kubernetes will allocate a port from the default
# range, 30000-32767. The "prometheus-http" port on the coder service is
# only exposed if CODER_PROMETHEUS_ENABLE is set to true.
prometheusNodePort: ""
# coder.ingress -- The Ingress object to expose for Coder.
ingress: