Open Fizzadar opened 7 months ago
ref - the various prometheus :9253
entries in the configmap:
https://github.com/rancher/rke2-charts/blob/main-source/packages/rke2-coredns/generated-changes/overlay/templates/configmap-nodelocal.yaml
As this would be a breaking change and not desired by most or all users, we probably just need to template the prometheus bind address, and have it default to :9253
.
If this is important to you, a PR would be welcome.
Sure, happy to pull that together 👍
Environmental Info: RKE2 Version: 1.26.13
Node(s) CPU architecture, OS, and Version:
Linux/AMD64
Cluster Configuration:
3 control, ~100 worker
Describe the bug:
The RKE2 coredns chart configures node local DNS instances to listen to metrics on all interfaces, meaning those metrics are retrievable without authentication via all IPs public or not.
Steps To Reproduce:
Install RKE2, configure coredns helm chart:
Expected behavior:
Corefile should be configured to listen on internal IPs only. The config already does this, example: https://github.com/rancher/rke2-charts/blob/99020db92318716e5508ef3c4f770be1b6ecf5de/packages/rke2-coredns/generated-changes/overlay/templates/configmap-nodelocal.yaml#L24-L25
Actual behavior:
CoreDNS binds to all ports.