Closed coperni closed 2 years ago
google-cla[bot]
commented
2 years ago Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).
View this failed invocation of the CLA check for more information.
For the most up to date status, view the checks section at the bottom of the pull request.
max-vogler
commented
2 years ago Thansk for your patch! It's hard to estimate the security implications of binding the StatsServer to a public interface for all existing GRR installations.
We'd love to accept a configuration option for this, similar to the existing AdminUI.bind and Frontend.bind_address. In addition to specifying Monitoring.http_port in a YAML config file, admins could specify Monitoring.http_address to be :: to bind publicly. If they don't, we provide a default value of 127.0.0.1 to not change existing behavior.
coperni
commented
2 years ago Hi @max-vogler. Any updates on the review?
max-vogler
commented
2 years ago LGTM, thanks for your contribution!
Summary
Added configuration option to specify the stats server IP address to bind to. Default option will remain 127.0.0.1 loopback.
I use separate containers (Pods) for the GRR components and need the ability to expose the Prometheus metric endpoints to Kubernetes Services which forwards the results to a Prometheus operator. With the current setup the metrics are only accessible from within the container's local loopback device (localhost).
Edit:
Taking @max-vogler