Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[collector] Update collector to use pod ip #603

Merged
merged 12 commits into from
Jan 24, 2023
Merged

[collector] Update collector to use pod ip #603

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
c84cda9
Update collector to use pod ip
TylerHelmuth Jan 17, 2023
17fdbfe
bump chart
TylerHelmuth Jan 17, 2023
8ff3c3b
Merge remote-tracking branch 'upstream/main' into update-security-gui…
TylerHelmuth Jan 17, 2023
ddb0226
Update UPGRADING.md
TylerHelmuth Jan 17, 2023
6f376e7
Merge remote-tracking branch 'upstream/main' into update-security-gui…
TylerHelmuth Jan 18, 2023
2db9e30
Merge remote-tracking branch 'upstream/main' into update-security-gui…
TylerHelmuth Jan 19, 2023
dab5484
Add endpoint note in NOTES.txt
TylerHelmuth Jan 23, 2023
9a8aaa9
Merge branch 'main' into update-security-guidance
TylerHelmuth Jan 23, 2023
101ecef
Merge remote-tracking branch 'upstream/main' into update-security-gui…
TylerHelmuth Jan 24, 2023
31c0282
bump chart
TylerHelmuth Jan 24, 2023
604f33f
Merge branch 'update-security-guidance' of https://github.com/TylerHe…
TylerHelmuth Jan 24, 2023
51e5e8f
fix bump
TylerHelmuth Jan 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/opentelemetry-collector/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v2
name: opentelemetry-collector
version: 0.45.2
version: 0.46.0
description: OpenTelemetry Collector Helm chart for Kubernetes
type: application
home: https://opentelemetry.io/
Expand Down
7 changes: 3 additions & 4 deletions charts/opentelemetry-collector/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,9 @@ See [UPGRADING.md](UPGRADING.md).

## Security Considerations

OpenTelemetry Collector recommends to bind receivers' servers to addresses that limit connections to authorized users. This is typically not needed in containerized environments, although the Open Telemetry Collector logs the following:
```
Using the 0.0.0.0 address exposes this server to every network interface, which may facilitate Denial of Service attacks
```
OpenTelemetry Collector recommends to bind receivers' servers to addresses that limit connections to authorized users.
For this reason, by default the chart binds all the Collector's endpoints to the pod's IP.

More info is available in the [Security Best Practices docummentation](https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md#safeguards-against-denial-of-service-attacks)

Some care must be taken when using `hostNetwork: true`, as then OpenTelemetry Collector will listen on all the addresses in the host network namespace.
Expand Down
11 changes: 11 additions & 0 deletions charts/opentelemetry-collector/UPGRADING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,16 @@
# Upgrade guidelines

## 0.45.2 to 0.46.0

[Update Collector Endpoints to use Pod IP Instead of 0.0.0.0](https://github.com/open-telemetry/opentelemetry-helm-charts/pull/603)

The [Collector's security guidelines were updated](https://github.com/open-telemetry/opentelemetry-collector/pull/6959) to include containerized environments when discussing safeguards against denial of service attacks.
To be in compliance with the Collector's security best practices the chart has been updated to use the Collector's pod IP in place of `0.0.0.0`.

The chart will continue to allow complete configuration of the Collector via the `config` field in the values.yaml. If pod IP does not suite your needs you can use `config` to set something different.

See [Security Best Practices docummentation](https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md#safeguards-against-denial-of-service-attacks) for more details.

## 0.40.7 to 0.41.0

[Require Kubernetes version 1.23 or later](https://github.com/open-telemetry/opentelemetry-helm-charts/pull/541)
Expand Down
16 changes: 8 additions & 8 deletions ...s/opentelemetry-collector/examples/daemonset-and-deployment/rendered/configmap-agent.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: ConfigMap
metadata:
name: example-opentelemetry-collector-agent
labels:
helm.sh/chart: opentelemetry-collector-0.45.2
helm.sh/chart: opentelemetry-collector-0.46.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.69.0"
Expand All @@ -32,17 +32,17 @@ data:
jaeger:
protocols:
grpc:
endpoint: 0.0.0.0:14250
endpoint: ${MY_POD_IP}:14250
thrift_compact:
endpoint: 0.0.0.0:6831
endpoint: ${MY_POD_IP}:6831
thrift_http:
endpoint: 0.0.0.0:14268
endpoint: ${MY_POD_IP}:14268
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
endpoint: ${MY_POD_IP}:4317
http:
endpoint: 0.0.0.0:4318
endpoint: ${MY_POD_IP}:4318
prometheus:
config:
scrape_configs:
Expand All @@ -52,7 +52,7 @@ data:
- targets:
- ${MY_POD_IP}:8888
zipkin:
endpoint: 0.0.0.0:9411
endpoint: ${MY_POD_IP}:9411
service:
extensions:
- health_check
Expand Down Expand Up @@ -90,4 +90,4 @@ data:
- zipkin
telemetry:
metrics:
address: 0.0.0.0:8888
address: ${MY_POD_IP}:8888
16 changes: 8 additions & 8 deletions charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: ConfigMap
metadata:
name: example-opentelemetry-collector
labels:
helm.sh/chart: opentelemetry-collector-0.45.2
helm.sh/chart: opentelemetry-collector-0.46.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.69.0"
Expand All @@ -28,17 +28,17 @@ data:
jaeger:
protocols:
grpc:
endpoint: 0.0.0.0:14250
endpoint: ${MY_POD_IP}:14250
thrift_compact:
endpoint: 0.0.0.0:6831
endpoint: ${MY_POD_IP}:6831
thrift_http:
endpoint: 0.0.0.0:14268
endpoint: ${MY_POD_IP}:14268
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
endpoint: ${MY_POD_IP}:4317
http:
endpoint: 0.0.0.0:4318
endpoint: ${MY_POD_IP}:4318
prometheus:
config:
scrape_configs:
Expand All @@ -48,7 +48,7 @@ data:
- targets:
- ${MY_POD_IP}:8888
zipkin:
endpoint: 0.0.0.0:9411
endpoint: ${MY_POD_IP}:9411
service:
extensions:
- health_check
Expand Down Expand Up @@ -83,4 +83,4 @@ data:
- zipkin
telemetry:
metrics:
address: 0.0.0.0:8888
address: ${MY_POD_IP}:8888
4 changes: 2 additions & 2 deletions charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/daemonset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: DaemonSet
metadata:
name: example-opentelemetry-collector-agent
labels:
helm.sh/chart: opentelemetry-collector-0.45.2
helm.sh/chart: opentelemetry-collector-0.46.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.69.0"
Expand All @@ -21,7 +21,7 @@ spec:
template:
metadata:
annotations:
checksum/config: 754e62f00829a75c4183b4f309564b0466f7235f8804ebd9630aba3394be78a6
checksum/config: 41438bcf288a36d7b323afc10869c30152905551cea74e62bf58d5eda3e038a6

labels:
app.kubernetes.io/name: opentelemetry-collector
Expand Down
4 changes: 2 additions & 2 deletions charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: Deployment
metadata:
name: example-opentelemetry-collector
labels:
helm.sh/chart: opentelemetry-collector-0.45.2
helm.sh/chart: opentelemetry-collector-0.46.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.69.0"
Expand All @@ -22,7 +22,7 @@ spec:
template:
metadata:
annotations:
checksum/config: fc84ea364eab39cb0595634057c20bce7c9b4ad2989f4ed8cadee218673aa93a
checksum/config: 884adbf823d753896b994e61163def5e86a27566466a40d696fa26ce0ea71cb7

labels:
app.kubernetes.io/name: opentelemetry-collector
Expand Down
2 changes: 1 addition & 1 deletion charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: Service
metadata:
name: example-opentelemetry-collector
labels:
helm.sh/chart: opentelemetry-collector-0.45.2
helm.sh/chart: opentelemetry-collector-0.46.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.69.0"
Expand Down
2 changes: 1 addition & 1 deletion ...ts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/serviceaccount.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: ServiceAccount
metadata:
name: example-opentelemetry-collector
labels:
helm.sh/chart: opentelemetry-collector-0.45.2
helm.sh/chart: opentelemetry-collector-0.46.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.69.0"
Expand Down
16 changes: 8 additions & 8 deletions ...s/opentelemetry-collector/examples/daemonset-collector-logs/rendered/configmap-agent.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: ConfigMap
metadata:
name: example-opentelemetry-collector-agent
labels:
helm.sh/chart: opentelemetry-collector-0.45.2
helm.sh/chart: opentelemetry-collector-0.46.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.69.0"
Expand Down Expand Up @@ -91,17 +91,17 @@ data:
jaeger:
protocols:
grpc:
endpoint: 0.0.0.0:14250
endpoint: ${MY_POD_IP}:14250
thrift_compact:
endpoint: 0.0.0.0:6831
endpoint: ${MY_POD_IP}:6831
thrift_http:
endpoint: 0.0.0.0:14268
endpoint: ${MY_POD_IP}:14268
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
endpoint: ${MY_POD_IP}:4317
http:
endpoint: 0.0.0.0:4318
endpoint: ${MY_POD_IP}:4318
prometheus:
config:
scrape_configs:
Expand All @@ -111,7 +111,7 @@ data:
- targets:
- ${MY_POD_IP}:8888
zipkin:
endpoint: 0.0.0.0:9411
endpoint: ${MY_POD_IP}:9411
service:
extensions:
- health_check
Expand Down Expand Up @@ -147,4 +147,4 @@ data:
- zipkin
telemetry:
metrics:
address: 0.0.0.0:8888
address: ${MY_POD_IP}:8888
4 changes: 2 additions & 2 deletions charts/opentelemetry-collector/examples/daemonset-collector-logs/rendered/daemonset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: DaemonSet
metadata:
name: example-opentelemetry-collector-agent
labels:
helm.sh/chart: opentelemetry-collector-0.45.2
helm.sh/chart: opentelemetry-collector-0.46.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.69.0"
Expand All @@ -21,7 +21,7 @@ spec:
template:
metadata:
annotations:
checksum/config: 00c879b79a24f092497da5258dae03b5760ea882c21461a3f1761ba99ef55af8
checksum/config: 4ca14515859737a7e49899b48c0cefa820f2338efc34e469c9d7e817dc8dc07f

labels:
app.kubernetes.io/name: opentelemetry-collector
Expand Down
2 changes: 1 addition & 1 deletion ...ts/opentelemetry-collector/examples/daemonset-collector-logs/rendered/serviceaccount.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: ServiceAccount
metadata:
name: example-opentelemetry-collector
labels:
helm.sh/chart: opentelemetry-collector-0.45.2
helm.sh/chart: opentelemetry-collector-0.46.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.69.0"
Expand Down
16 changes: 8 additions & 8 deletions charts/opentelemetry-collector/examples/daemonset-hostmetrics/rendered/configmap-agent.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: ConfigMap
metadata:
name: example-opentelemetry-collector-agent
labels:
helm.sh/chart: opentelemetry-collector-0.45.2
helm.sh/chart: opentelemetry-collector-0.46.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.69.0"
Expand Down Expand Up @@ -74,17 +74,17 @@ data:
jaeger:
protocols:
grpc:
endpoint: 0.0.0.0:14250
endpoint: ${MY_POD_IP}:14250
thrift_compact:
endpoint: 0.0.0.0:6831
endpoint: ${MY_POD_IP}:6831
thrift_http:
endpoint: 0.0.0.0:14268
endpoint: ${MY_POD_IP}:14268
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
endpoint: ${MY_POD_IP}:4317
http:
endpoint: 0.0.0.0:4318
endpoint: ${MY_POD_IP}:4318
prometheus:
config:
scrape_configs:
Expand All @@ -94,7 +94,7 @@ data:
- targets:
- ${MY_POD_IP}:8888
zipkin:
endpoint: 0.0.0.0:9411
endpoint: ${MY_POD_IP}:9411
service:
extensions:
- health_check
Expand Down Expand Up @@ -130,4 +130,4 @@ data:
- zipkin
telemetry:
metrics:
address: 0.0.0.0:8888
address: ${MY_POD_IP}:8888
4 changes: 2 additions & 2 deletions charts/opentelemetry-collector/examples/daemonset-hostmetrics/rendered/daemonset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: DaemonSet
metadata:
name: example-opentelemetry-collector-agent
labels:
helm.sh/chart: opentelemetry-collector-0.45.2
helm.sh/chart: opentelemetry-collector-0.46.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.69.0"
Expand All @@ -21,7 +21,7 @@ spec:
template:
metadata:
annotations:
checksum/config: f6b3921cd0be24b3f84cabc3a5e26636579c89a1c68aa89c85fbb616c643bef4
checksum/config: 3c04aec5dfe4561ccb0cf887643c515346e6c8b31ee719bbfa5c0656db8a5660

labels:
app.kubernetes.io/name: opentelemetry-collector
Expand Down
2 changes: 1 addition & 1 deletion charts/opentelemetry-collector/examples/daemonset-hostmetrics/rendered/serviceaccount.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: ServiceAccount
metadata:
name: example-opentelemetry-collector
labels:
helm.sh/chart: opentelemetry-collector-0.45.2
helm.sh/chart: opentelemetry-collector-0.46.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.69.0"
Expand Down
16 changes: 8 additions & 8 deletions .../opentelemetry-collector/examples/daemonset-lifecycle-hooks/rendered/configmap-agent.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: ConfigMap
metadata:
name: example-opentelemetry-collector-agent
labels:
helm.sh/chart: opentelemetry-collector-0.45.2
helm.sh/chart: opentelemetry-collector-0.46.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.69.0"
Expand All @@ -28,17 +28,17 @@ data:
jaeger:
protocols:
grpc:
endpoint: 0.0.0.0:14250
endpoint: ${MY_POD_IP}:14250
thrift_compact:
endpoint: 0.0.0.0:6831
endpoint: ${MY_POD_IP}:6831
thrift_http:
endpoint: 0.0.0.0:14268
endpoint: ${MY_POD_IP}:14268
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
endpoint: ${MY_POD_IP}:4317
http:
endpoint: 0.0.0.0:4318
endpoint: ${MY_POD_IP}:4318
prometheus:
config:
scrape_configs:
Expand All @@ -48,7 +48,7 @@ data:
- targets:
- ${MY_POD_IP}:8888
zipkin:
endpoint: 0.0.0.0:9411
endpoint: ${MY_POD_IP}:9411
service:
extensions:
- health_check
Expand Down Expand Up @@ -83,4 +83,4 @@ data:
- zipkin
telemetry:
metrics:
address: 0.0.0.0:8888
address: ${MY_POD_IP}:8888
4 changes: 2 additions & 2 deletions charts/opentelemetry-collector/examples/daemonset-lifecycle-hooks/rendered/daemonset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kind: DaemonSet
metadata:
name: example-opentelemetry-collector-agent
labels:
helm.sh/chart: opentelemetry-collector-0.45.2
helm.sh/chart: opentelemetry-collector-0.46.0
app.kubernetes.io/name: opentelemetry-collector
app.kubernetes.io/instance: example
app.kubernetes.io/version: "0.69.0"
Expand All @@ -21,7 +21,7 @@ spec:
template:
metadata:
annotations:
checksum/config: 6a3cc04893d112e04030e7cddaca74f96b2844d4a02b1b5c0ede6a4999b8d8d9
checksum/config: 0ae8fa2ea641187d3b7c3277c1710f72951937b6b5ffdb18401fdbd08053f581

labels:
app.kubernetes.io/name: opentelemetry-collector
Expand Down
Loading