Skip to content

fix(helm)!: remove prometheus-http port declaration from coderd service spec #12214

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Feb 20, 2024
Merged

fix(helm)!: remove prometheus-http port declaration from coderd service spec #12214

merged 5 commits into from
Feb 20, 2024

Conversation

johnstcn
Copy link
Member

@johnstcn johnstcn commented Feb 19, 2024
edited
Loading

This PR removes the prometheus-http port entirely from the coder service specification (originally added in #10448). It also removes the Helm value coder.service.prometheusNodePort.

Rationale: some cloud providers will helpfully expose all ports on a LoadBalancer service for you. The net effect of this is that setting CODER_PROMETHEUS_ENABLE will end up exposing port 2112 on your coderd service to the internet, which is likely undesired behaviour.

cc @bpmct for visibility, this will need to be called out in release notes

@johnstcn johnstcn self-assigned this Feb 19, 2024
deansheather
deansheather reviewed Feb 19, 2024
View reviewed changes
Copy link
Member

@deansheather deansheather left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is probably a breaking change. I don't think we should provide an alternative though, customers can create their own service (if they really need a service) or they can use annotations/labels on the pod which we already support

@johnstcn
Copy link
Member Author

This is probably a breaking change.

/s/probably/definitely

@johnstcn johnstcn marked this pull request as ready for review February 19, 2024 17:35
@johnstcn johnstcn changed the title fix!(helm): remove prometheus-http port declaration from coderd service spec fix(helm)!: remove prometheus-http port declaration from coderd service spec Feb 19, 2024
@github-actions github-actions bot added the release/breaking This label is applied to PRs to detect breaking changes as part of the release process label Feb 19, 2024
@johnstcn johnstcn added the security Area: security label Feb 19, 2024
spikecurtis
spikecurtis reviewed Feb 20, 2024
View reviewed changes
spikecurtis
spikecurtis reviewed Feb 20, 2024
View reviewed changes
mtojek
mtojek approved these changes Feb 20, 2024
View reviewed changes
Copy link
Member

@mtojek mtojek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@johnstcn johnstcn merged commit c62a8b0 into main Feb 20, 2024
@johnstcn johnstcn deleted the cj/rm-prom-svc branch February 20, 2024 11:36
@github-actions github-actions bot locked and limited conversation to collaborators Feb 20, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@deansheather deansheather deansheather approved these changes

@mtojek mtojek mtojek approved these changes

@coadler coadler Awaiting requested review from coadler

@spikecurtis spikecurtis Awaiting requested review from spikecurtis

Assignees

@johnstcn johnstcn

Labels
release/breaking This label is applied to PRs to detect breaking changes as part of the release process security Area: security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@johnstcn @spikecurtis @deansheather @mtojek