From 48cf1ba18b2d45ceb4bcab5f5f3cba03c3dbcef9 Mon Sep 17 00:00:00 2001 From: Yuri Shkuro Date: Wed, 20 Nov 2024 21:32:33 -0500 Subject: [PATCH] Parameterize listen host and override when in container (#6231) ## Which problem is this PR solving? - Resolves #6209 - In #6226 we changed the all-in-one config to always use 0.0.0.0, which is not a secure option when running the binary directly on host (vs. running in container) ## Description of the changes - Introduce `JAEGER_LISTEN_HOST` env var used from all-in-one/v2 config - Default it to `localhost` suitable for running directly on host - Override it to 0.0.0.0 in the Dockerfile for v2 ## How was this change tested? - ran the binary without env var, no security warnings - ran with JAEGER_LISTEN_HOST=0.0.0.0 - warnings are displayed as expected (pending https://github.com/open-telemetry/opentelemetry-collector/issues/11713) Signed-off-by: Yuri Shkuro --- cmd/jaeger/Dockerfile | 4 ++++ cmd/jaeger/internal/all-in-one.yaml | 18 +++++++++--------- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/cmd/jaeger/Dockerfile b/cmd/jaeger/Dockerfile index 464d81413b1..8c840b7d5e3 100644 --- a/cmd/jaeger/Dockerfile +++ b/cmd/jaeger/Dockerfile @@ -10,6 +10,8 @@ FROM $base_image AS release ARG TARGETARCH ARG USER_UID=10001 +ENV JAEGER_LISTEN_HOST=0.0.0.0 + # Sampling config HTTP EXPOSE 5778 @@ -53,6 +55,8 @@ FROM $debug_image AS debug ARG TARGETARCH=amd64 ARG USER_UID=10001 +ENV JAEGER_LISTEN_HOST=0.0.0.0 + # Sampling config HTTP EXPOSE 5778 diff --git a/cmd/jaeger/internal/all-in-one.yaml b/cmd/jaeger/internal/all-in-one.yaml index 9a534d19fff..dce7f44ddd4 100644 --- a/cmd/jaeger/internal/all-in-one.yaml +++ b/cmd/jaeger/internal/all-in-one.yaml @@ -10,7 +10,7 @@ service: service.name: jaeger metrics: level: detailed - address: 0.0.0.0:8888 + address: "${env:JAEGER_LISTEN_HOST:-localhost}:8888" logs: level: info # TODO Initialize telemetery tracer once OTEL released new feature. @@ -35,14 +35,14 @@ extensions: # sampling_store: some_store # initial_sampling_probability: 0.1 http: - endpoint: "0.0.0.0:5778" + endpoint: "${env:JAEGER_LISTEN_HOST:-localhost}:5778" grpc: - endpoint: "0.0.0.0:5779" + endpoint: "${env:JAEGER_LISTEN_HOST:-localhost}:5779" healthcheckv2: use_v2: true http: - endpoint: "0.0.0.0:13133" + endpoint: "${env:JAEGER_LISTEN_HOST:-localhost}:13133" grpc: expvar: @@ -52,19 +52,19 @@ receivers: otlp: protocols: grpc: - endpoint: "0.0.0.0:4317" + endpoint: "${env:JAEGER_LISTEN_HOST:-localhost}:4317" http: - endpoint: "0.0.0.0:4318" + endpoint: "${env:JAEGER_LISTEN_HOST:-localhost}:4318" jaeger: protocols: grpc: - endpoint: "0.0.0.0:14250" + endpoint: "${env:JAEGER_LISTEN_HOST:-localhost}:14250" thrift_http: - endpoint: "0.0.0.0:14268" + endpoint: "${env:JAEGER_LISTEN_HOST:-localhost}:14268" zipkin: - endpoint: "0.0.0.0:9411" + endpoint: "${env:JAEGER_LISTEN_HOST:-localhost}:9411" processors: batch: