fix(helm): allow overriding CODER_PPROF_ADDRESS and CODER_PROMETHEUS_ADDRESS by blinkagent[bot] · Pull Request #21714 · coder/coder
…ADDRESS
Previously, these environment variables were hardcoded in the Helm chart
template and could not be overridden via coder.env values. This was a
security concern because binding to 0.0.0.0 exposes these endpoints to
any pod in the cluster.
This change:
- Checks if the user has set CODER_PPROF_ADDRESS or CODER_PROMETHEUS_ADDRESS
in coder.env before applying the default values
- Updates values.yaml documentation to reflect that these can now be
overridden (and recommends 127.0.0.1 for security)
- Adds test cases for both override scenarios
Users can now restrict pprof and prometheus to localhost only:
```yaml
coder:
env:
- name: CODER_PPROF_ADDRESS
value: "127.0.0.1:6060"
- name: CODER_PROMETHEUS_ADDRESS
value: "127.0.0.1:2112"
```
Fixes #21713
uzair-coder07
deleted the
fix/helm-pprof-prometheus-address-override
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters