[prometheus-node-exporter] HostNetwork defaults to true

[cperreaut]

Describe the bug a clear and concise description of what the bug is.

In the node-exporter Helm Chart the "hostNetwork" value is configurable but defaults to true.

What's your helm version?

3.13.2

What's your kubectl version?

v1.15.5

Which chart?

prometheus-node-exporter

What's the chart version?

4.25.0

What happened?

I have tracked multiple issues where people ask about why this is necessary ( #1986 , #3554 for example) and never got an answer. If your Cluster is CIS compliant, chances are, you have a default firewall blocking all connections to hostnet exept the well known Kubernetes ports and so having hostNetwork to true will not work. Furthermore, it doesn't seem to be a good security practice. Is there any reason hostNetwork does have to be true per Default?

What you expected to happen?

hostNetwork should be false per default

How to reproduce it?

No response

Enter the changed values of values.yaml?

No response

Enter the command that you execute and failing/misfunctioning.

helm install node-exporter-release prometheus-community/prometheus-node-exporter

Anything else we need to know?

No response

[Sheikh-Abubaker]

@cperreaut I did my research and found no reason to default hostNetwork to true, it could lead to issues or conflicts and running a pod in the hostNetwork mode means it has access to the network interfaces of the host machine, this might not be secured, there could also be potential port conflicts, if the port that Node Exporter uses is already in use on the host, so I also think hostNetwork should default to false and if user wants they can override it as per their requirements.

[SuperQ]

hostNetwork is required because the node_exporter is meant to monitor the host network interfaces. If you disable hostNetwork, the exporter will only see the container network namespace. This would make it nonfunctional for the intended use.