NotificationsYou must be signed in to change notification settings
Fork927
Star10.1k

Commitc62a8b0

authored

fix(helm)!: remove prometheus-http port declaration from coderd service spec (#12214)

This PR removes the prometheus-http port entirely from the coder service specification (originally added in#10448). It also removes the Helm value coder.service.prometheusNodePort.Rationale: some cloud providers will helpfully expose all ports on a LoadBalancer service for you. The net effect of this is that setting CODER_PROMETHEUS_ENABLE will end up exposing port 2112 on your coderd service to the internet, which is likely undesired behaviour.

1 parentb1c0b39 commitc62a8b0Copy full SHA for c62a8b0

File tree

4 files changed

+22

-34

lines changed

docs/admin
- prometheus.md
helm/coder
- templates
  - service.yaml
- tests/testdata
  - prometheus.golden
- values.yaml

4 files changed

+22

-34

lines changed

`‎docs/admin/prometheus.md`

Lines changed: 22 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -35,8 +35,28 @@ The Prometheus endpoint can be enabled in the`
`35`	`35`	[Helm chart's](https://github.com/coder/coder/tree/main/helm)`values.yml` by
`36`	`36`	setting the environment variable`CODER_PROMETHEUS_ADDRESS` to`0.0.0.0:2112`.
`37`	`37`	The environment variable`CODER_PROMETHEUS_ENABLE` will be enabled
`38`		`-automatically. A Service Endpoint will also be exposed allowing Prometheus`
`39`		`-Service Monitors to be used.`
	`38`	`+automatically. A Service Endpoint will not be exposed; if you need to expose the`
	`39`	+Prometheus port on a Service, (for example, to use a`ServiceMonitor`), create a
	`40`	`+separate headless service instead:`
	`41`	`+`
	`42`	+```yaml
	`43`	`+apiVersion:v1`
	`44`	`+kind:Service`
	`45`	`+metadata:`
	`46`	`+name:coder-prom`
	`47`	`+namespace:coder`
	`48`	`+spec:`
	`49`	`+clusterIP:None`
	`50`	`+ports:`
	`51`	`+ -name:prom-http`
	`52`	`+port:2112`
	`53`	`+protocol:TCP`
	`54`	`+targetPort:2112`
	`55`	`+selector:`
	`56`	`+app.kubernetes.io/instance:coder`
	`57`	`+app.kubernetes.io/name:coder`
	`58`	`+type:ClusterIP`
	`59`	+```
`40`	`60`
`41`	`61`	`### Prometheus configuration`
`42`	`62`

`‎helm/coder/templates/service.yaml`

Lines changed: 0 additions & 19 deletions

Original file line number	Diff line number	Diff line change
`@@ -28,25 +28,6 @@ spec:`
`28`	`28`	`nodePort:{{ .Values.coder.service.httpsNodePort }}`
`29`	`29`	`{{ end }}`
`30`	`30`	`{{- end }}`
`31`		`-{{- range .Values.coder.env }}`
`32`		`-{{- if eq .name "CODER_PROMETHEUS_ENABLE" }}`
`33`		`-{{/*`
`34`		`-This sadly has to be nested to avoid evaluating the second part`
`35`		`-of the condition too early and potentially getting type errors if`
`36`		-the value is not a string (like a `valueFrom`). We do not support
`37`		-`valueFrom`for this env var specifically.
`38`		`-*/}}`
`39`		`-{{- if eq .value "true" }}`
`40`		`- -name:"prometheus-http"`
`41`		`-port:2112`
`42`		`-targetPort:"prometheus-http"`
`43`		`-protocol:TCP`
`44`		`-{{ if eq $.Values.coder.service.type "NodePort" }}`
`45`		`-nodePort:{{ $.Values.coder.service.prometheusNodePort }}`
`46`		`-{{ end }}`
`47`		`-{{- end }}`
`48`		`-{{- end }}`
`49`		`-{{- end }}`
`50`	`31`	`{{- if eq "LoadBalancer" .Values.coder.service.type }}`
`51`	`32`	`{{- with .Values.coder.service.loadBalancerIP }}`
`52`	`33`	`loadBalancerIP:{{ . \| quote }}`

`‎helm/coder/tests/testdata/prometheus.golden`

Lines changed: 0 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -93,14 +93,6 @@ spec:`
`93`	`93`
`94`	`94`	`nodePort:`
`95`	`95`
`96`		`-`
`97`		`- - name: "prometheus-http"`
`98`		`- port: 2112`
`99`		`- targetPort: "prometheus-http"`
`100`		`- protocol: TCP`
`101`		`-`
`102`		`- nodePort: 31112`
`103`		`-`
`104`	`96`	`selector:`
`105`	`97`	`app.kubernetes.io/name: coder`
`106`	`98`	`app.kubernetes.io/instance: release-name`

`‎helm/coder/values.yaml`

Lines changed: 0 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -282,11 +282,6 @@ coder:`
`282`	`282`	`# NodePort. If not set, Kubernetes will allocate a port from the default`
`283`	`283`	`# range, 30000-32767.`
`284`	`284`	`httpsNodePort:""`
`285`		`-# coder.service.prometheusNodePort -- Enabled if coder.service.type is set`
`286`		`-# to NodePort. If not set, Kubernetes will allocate a port from the default`
`287`		`-# range, 30000-32767. The "prometheus-http" port on the coder service is`
`288`		`-# only exposed if CODER_PROMETHEUS_ENABLE is set to true.`
`289`		`-prometheusNodePort:""`
`290`	`285`
`291`	`286`	`# coder.ingress -- The Ingress object to expose for Coder.`
`292`	`287`	`ingress:`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitc62a8b0

File tree

4 files changed

4 files changed

`‎docs/admin/prometheus.md`

`‎helm/coder/templates/service.yaml`

`‎helm/coder/tests/testdata/prometheus.golden`

`‎helm/coder/values.yaml`

0 commit comments