Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[collector] Update collector to use pod ip #603

Merged
merged 12 commits into from
Jan 24, 2023
Merged

[collector] Update collector to use pod ip #603

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
c84cda9
Update collector to use pod ip
TylerHelmuth Jan 17, 2023
17fdbfe
bump chart
TylerHelmuth Jan 17, 2023
8ff3c3b
Merge remote-tracking branch 'upstream/main' into update-security-gui…
TylerHelmuth Jan 17, 2023
ddb0226
Update UPGRADING.md
TylerHelmuth Jan 17, 2023
6f376e7
Merge remote-tracking branch 'upstream/main' into update-security-gui…
TylerHelmuth Jan 18, 2023
2db9e30
Merge remote-tracking branch 'upstream/main' into update-security-gui…
TylerHelmuth Jan 19, 2023
dab5484
Add endpoint note in NOTES.txt
TylerHelmuth Jan 23, 2023
9a8aaa9
Merge branch 'main' into update-security-guidance
TylerHelmuth Jan 23, 2023
101ecef
Merge remote-tracking branch 'upstream/main' into update-security-gui…
TylerHelmuth Jan 24, 2023
31c0282
bump chart
TylerHelmuth Jan 24, 2023
604f33f
Merge branch 'update-security-guidance' of https://github.com/TylerHe…
TylerHelmuth Jan 24, 2023
51e5e8f
fix bump
TylerHelmuth Jan 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/opentelemetry-collector/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v2
name: opentelemetry-collector
version: 0.46.0
version: 0.47.0
description: OpenTelemetry Collector Helm chart for Kubernetes
type: application
home: https://opentelemetry.io/
Expand Down
7 changes: 3 additions & 4 deletions charts/opentelemetry-collector/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,9 @@ See [UPGRADING.md](UPGRADING.md).

## Security Considerations

OpenTelemetry Collector recommends to bind receivers' servers to addresses that limit connections to authorized users. This is typically not needed in containerized environments, although the Open Telemetry Collector logs the following:
```
Using the 0.0.0.0 address exposes this server to every network interface, which may facilitate Denial of Service attacks
```
OpenTelemetry Collector recommends to bind receivers' servers to addresses that limit connections to authorized users.
For this reason, by default the chart binds all the Collector's endpoints to the pod's IP.

More info is available in the [Security Best Practices docummentation](https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md#safeguards-against-denial-of-service-attacks)

Some care must be taken when using `hostNetwork: true`, as then OpenTelemetry Collector will listen on all the addresses in the host network namespace.
Expand Down
11 changes: 11 additions & 0 deletions charts/opentelemetry-collector/UPGRADING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,16 @@
# Upgrade guidelines

## 0.46.0 to 0.47.0

[Update Collector Endpoints to use Pod IP Instead of 0.0.0.0](https://github.com/open-telemetry/opentelemetry-helm-charts/pull/603)

The [Collector's security guidelines were updated](https://github.com/open-telemetry/opentelemetry-collector/pull/6959) to include containerized environments when discussing safeguards against denial of service attacks.
To be in compliance with the Collector's security best practices the chart has been updated to use the Collector's pod IP in place of `0.0.0.0`.

The chart will continue to allow complete configuration of the Collector via the `config` field in the values.yaml. If pod IP does not suite your needs you can use `config` to set something different.

See [Security Best Practices docummentation](https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md#safeguards-against-denial-of-service-attacks) for more details.

## 0.40.7 to 0.41.0

[Require Kubernetes version 1.23 or later](https://github.com/open-telemetry/opentelemetry-helm-charts/pull/541)
Expand Down
16 changes: 8 additions & 8 deletions ...s/opentelemetry-collector/examples/daemonset-and-deployment/rendered/configmap-agent.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: ConfigMap
metadata:
name: example-opentelemetry-collector-agent
labels:
helm.sh/chart: opentelemetry-collector-0.46.0
helm.sh/chart: opentelemetry-collector-0.47.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.70.0"
Expand All @@ -32,17 +32,17 @@ data:
jaeger:
protocols:
grpc:
endpoint: 0.0.0.0:14250
endpoint: ${MY_POD_IP}:14250
thrift_compact:
endpoint: 0.0.0.0:6831
endpoint: ${MY_POD_IP}:6831
thrift_http:
endpoint: 0.0.0.0:14268
endpoint: ${MY_POD_IP}:14268
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
endpoint: ${MY_POD_IP}:4317
http:
endpoint: 0.0.0.0:4318
endpoint: ${MY_POD_IP}:4318
prometheus:
config:
scrape_configs:
Expand All @@ -52,7 +52,7 @@ data:
- targets:
- ${MY_POD_IP}:8888
zipkin:
endpoint: 0.0.0.0:9411
endpoint: ${MY_POD_IP}:9411
service:
extensions:
- health_check
Expand Down Expand Up @@ -90,4 +90,4 @@ data:
- zipkin
telemetry:
metrics:
address: 0.0.0.0:8888
address: ${MY_POD_IP}:8888
16 changes: 8 additions & 8 deletions charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: ConfigMap
metadata:
name: example-opentelemetry-collector
labels:
helm.sh/chart: opentelemetry-collector-0.46.0
helm.sh/chart: opentelemetry-collector-0.47.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.70.0"
Expand All @@ -28,17 +28,17 @@ data:
jaeger:
protocols:
grpc:
endpoint: 0.0.0.0:14250
endpoint: ${MY_POD_IP}:14250
thrift_compact:
endpoint: 0.0.0.0:6831
endpoint: ${MY_POD_IP}:6831
thrift_http:
endpoint: 0.0.0.0:14268
endpoint: ${MY_POD_IP}:14268
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
endpoint: ${MY_POD_IP}:4317
http:
endpoint: 0.0.0.0:4318
endpoint: ${MY_POD_IP}:4318
prometheus:
config:
scrape_configs:
Expand All @@ -48,7 +48,7 @@ data:
- targets:
- ${MY_POD_IP}:8888
zipkin:
endpoint: 0.0.0.0:9411
endpoint: ${MY_POD_IP}:9411
service:
extensions:
- health_check
Expand Down Expand Up @@ -83,4 +83,4 @@ data:
- zipkin
telemetry:
metrics:
address: 0.0.0.0:8888
address: ${MY_POD_IP}:8888
4 changes: 2 additions & 2 deletions charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/daemonset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: DaemonSet
metadata:
name: example-opentelemetry-collector-agent
labels:
helm.sh/chart: opentelemetry-collector-0.46.0
helm.sh/chart: opentelemetry-collector-0.47.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.70.0"
Expand All @@ -21,7 +21,7 @@ spec:
template:
metadata:
annotations:
checksum/config: 0b96743da5cd5740a8063f8b92bb6860ed710495e680251a50571336fd3c07de
checksum/config: 78c19387765675847130e72a7c960ec26352d91902de9be32b65736b42fc4087

labels:
app.kubernetes.io/name: opentelemetry-collector
Expand Down
4 changes: 2 additions & 2 deletions charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: Deployment
metadata:
name: example-opentelemetry-collector
labels:
helm.sh/chart: opentelemetry-collector-0.46.0
helm.sh/chart: opentelemetry-collector-0.47.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.70.0"
Expand All @@ -22,7 +22,7 @@ spec:
template:
metadata:
annotations:
checksum/config: ba8a23c366836d2a9bcc5303a1149f1bdf3564710a1000b63f26bbdf607c85d9
checksum/config: 3002b94531ad9701402779d72014f5a9edc30c18dfc2eb4db9196f10701372df

labels:
app.kubernetes.io/name: opentelemetry-collector
Expand Down
2 changes: 1 addition & 1 deletion charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: Service
metadata:
name: example-opentelemetry-collector
labels:
helm.sh/chart: opentelemetry-collector-0.46.0
helm.sh/chart: opentelemetry-collector-0.47.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.70.0"
Expand Down
2 changes: 1 addition & 1 deletion ...ts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/serviceaccount.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: ServiceAccount
metadata:
name: example-opentelemetry-collector
labels:
helm.sh/chart: opentelemetry-collector-0.46.0
helm.sh/chart: opentelemetry-collector-0.47.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.70.0"
Expand Down
16 changes: 8 additions & 8 deletions ...s/opentelemetry-collector/examples/daemonset-collector-logs/rendered/configmap-agent.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: ConfigMap
metadata:
name: example-opentelemetry-collector-agent
labels:
helm.sh/chart: opentelemetry-collector-0.46.0
helm.sh/chart: opentelemetry-collector-0.47.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.70.0"
Expand Down Expand Up @@ -91,17 +91,17 @@ data:
jaeger:
protocols:
grpc:
endpoint: 0.0.0.0:14250
endpoint: ${MY_POD_IP}:14250
thrift_compact:
endpoint: 0.0.0.0:6831
endpoint: ${MY_POD_IP}:6831
thrift_http:
endpoint: 0.0.0.0:14268
endpoint: ${MY_POD_IP}:14268
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
endpoint: ${MY_POD_IP}:4317
http:
endpoint: 0.0.0.0:4318
endpoint: ${MY_POD_IP}:4318
prometheus:
config:
scrape_configs:
Expand All @@ -111,7 +111,7 @@ data:
- targets:
- ${MY_POD_IP}:8888
zipkin:
endpoint: 0.0.0.0:9411
endpoint: ${MY_POD_IP}:9411
service:
extensions:
- health_check
Expand Down Expand Up @@ -147,4 +147,4 @@ data:
- zipkin
telemetry:
metrics:
address: 0.0.0.0:8888
address: ${MY_POD_IP}:8888
4 changes: 2 additions & 2 deletions charts/opentelemetry-collector/examples/daemonset-collector-logs/rendered/daemonset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: DaemonSet
metadata:
name: example-opentelemetry-collector-agent
labels:
helm.sh/chart: opentelemetry-collector-0.46.0
helm.sh/chart: opentelemetry-collector-0.47.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.70.0"
Expand All @@ -21,7 +21,7 @@ spec:
template:
metadata:
annotations:
checksum/config: 56d523705698b5a92328c5a5f72c18093bbe7c9f40245cf879103ce5140b727e
checksum/config: 79989873ece3d11fbd70e7e14d31e6e9269dbd3f4b4f5a95f850613be1258fbd

labels:
app.kubernetes.io/name: opentelemetry-collector
Expand Down
2 changes: 1 addition & 1 deletion ...ts/opentelemetry-collector/examples/daemonset-collector-logs/rendered/serviceaccount.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: ServiceAccount
metadata:
name: example-opentelemetry-collector
labels:
helm.sh/chart: opentelemetry-collector-0.46.0
helm.sh/chart: opentelemetry-collector-0.47.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.70.0"
Expand Down
16 changes: 8 additions & 8 deletions charts/opentelemetry-collector/examples/daemonset-hostmetrics/rendered/configmap-agent.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: ConfigMap
metadata:
name: example-opentelemetry-collector-agent
labels:
helm.sh/chart: opentelemetry-collector-0.46.0
helm.sh/chart: opentelemetry-collector-0.47.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.70.0"
Expand Down Expand Up @@ -74,17 +74,17 @@ data:
jaeger:
protocols:
grpc:
endpoint: 0.0.0.0:14250
endpoint: ${MY_POD_IP}:14250
thrift_compact:
endpoint: 0.0.0.0:6831
endpoint: ${MY_POD_IP}:6831
thrift_http:
endpoint: 0.0.0.0:14268
endpoint: ${MY_POD_IP}:14268
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
endpoint: ${MY_POD_IP}:4317
http:
endpoint: 0.0.0.0:4318
endpoint: ${MY_POD_IP}:4318
prometheus:
config:
scrape_configs:
Expand All @@ -94,7 +94,7 @@ data:
- targets:
- ${MY_POD_IP}:8888
zipkin:
endpoint: 0.0.0.0:9411
endpoint: ${MY_POD_IP}:9411
service:
extensions:
- health_check
Expand Down Expand Up @@ -130,4 +130,4 @@ data:
- zipkin
telemetry:
metrics:
address: 0.0.0.0:8888
address: ${MY_POD_IP}:8888
4 changes: 2 additions & 2 deletions charts/opentelemetry-collector/examples/daemonset-hostmetrics/rendered/daemonset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: DaemonSet
metadata:
name: example-opentelemetry-collector-agent
labels:
helm.sh/chart: opentelemetry-collector-0.46.0
helm.sh/chart: opentelemetry-collector-0.47.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.70.0"
Expand All @@ -21,7 +21,7 @@ spec:
template:
metadata:
annotations:
checksum/config: 36ead224aa32acc78d483fdb6affd1c2a70c7d7df1bc0a4045c97ceab1cb829e
checksum/config: 13c2e635e9a3a677b4754fe2a512078b690ef73bd5ce0cc32341bda6f12783af

labels:
app.kubernetes.io/name: opentelemetry-collector
Expand Down
2 changes: 1 addition & 1 deletion charts/opentelemetry-collector/examples/daemonset-hostmetrics/rendered/serviceaccount.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: ServiceAccount
metadata:
name: example-opentelemetry-collector
labels:
helm.sh/chart: opentelemetry-collector-0.46.0
helm.sh/chart: opentelemetry-collector-0.47.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.70.0"
Expand Down
16 changes: 8 additions & 8 deletions .../opentelemetry-collector/examples/daemonset-lifecycle-hooks/rendered/configmap-agent.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: ConfigMap
metadata:
name: example-opentelemetry-collector-agent
labels:
helm.sh/chart: opentelemetry-collector-0.46.0
helm.sh/chart: opentelemetry-collector-0.47.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.70.0"
Expand All @@ -28,17 +28,17 @@ data:
jaeger:
protocols:
grpc:
endpoint: 0.0.0.0:14250
endpoint: ${MY_POD_IP}:14250
thrift_compact:
endpoint: 0.0.0.0:6831
endpoint: ${MY_POD_IP}:6831
thrift_http:
endpoint: 0.0.0.0:14268
endpoint: ${MY_POD_IP}:14268
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
endpoint: ${MY_POD_IP}:4317
http:
endpoint: 0.0.0.0:4318
endpoint: ${MY_POD_IP}:4318
prometheus:
config:
scrape_configs:
Expand All @@ -48,7 +48,7 @@ data:
- targets:
- ${MY_POD_IP}:8888
zipkin:
endpoint: 0.0.0.0:9411
endpoint: ${MY_POD_IP}:9411
service:
extensions:
- health_check
Expand Down Expand Up @@ -83,4 +83,4 @@ data:
- zipkin
telemetry:
metrics:
address: 0.0.0.0:8888
address: ${MY_POD_IP}:8888
4 changes: 2 additions & 2 deletions charts/opentelemetry-collector/examples/daemonset-lifecycle-hooks/rendered/daemonset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: DaemonSet
metadata:
name: example-opentelemetry-collector-agent
labels:
helm.sh/chart: opentelemetry-collector-0.46.0
helm.sh/chart: opentelemetry-collector-0.47.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.70.0"
Expand All @@ -21,7 +21,7 @@ spec:
template:
metadata:
annotations:
checksum/config: b19470e368618d9fd58f7491f9ce0857b760fd2a9c1775d75152ea82c72c24ef
checksum/config: a658be438c90e114ca3e8932a1ccd06f2f1085787812a2a69204740efa5e9298

labels:
app.kubernetes.io/name: opentelemetry-collector
Expand Down
Loading