Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v2] prometheus and health checks listen on localhost instead of anyhost #1359

Closed
daquinoaldo opened this issue Aug 31, 2022 · 3 comments · Fixed by #1365
Closed

[v2] prometheus and health checks listen on localhost instead of anyhost #1359

daquinoaldo opened this issue Aug 31, 2022 · 3 comments · Fixed by #1365
Assignees
@enocom
Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.

Comments

@daquinoaldo
Copy link

daquinoaldo commented Aug 31, 2022
edited
Loading

Bug Description

When started with "--prometheus and --health-check, the HTTP server listens for requests on localhost, but it should listen on anyhost. Otherwise, it cannon be accessed using the Pod IP (from Prometheus, kubelet, and Istio).

How to reproduce

  1. Run the Pod with --health-check
  2. Create an ephemeral container with debug and run curl localhost:9090/readiness and curl <pod IP>:9090/readiness. The latter won't work.

Environment

  • GKE 1.23 with COS containerd nodes
  • Cloud SQL Proxy version: docker container built from the v2.0.0.preview.0 tag, targeting Linux amd64

EDIT: I can open a pull request if you want. I tested it, and it worked by replacing localhost with 0.0.0.0 in the HTTP server.
@daquinoaldo daquinoaldo added the type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. label Aug 31, 2022
@daquinoaldo daquinoaldo changed the title Brief summary of what bug or error was observed [v2] prometheus and health checks listen on localhost instead of anyhost Aug 31, 2022
@enocom enocom added the priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. label Aug 31, 2022
@enocom
Copy link
Member

enocom commented Aug 31, 2022

Thanks for the bug report. I think defaulting to localhost but letting people change the host with a flag is the way to go here. What do you think @daquinoaldo?

@enocom
Copy link
Member

enocom commented Aug 31, 2022

I’m thinking mostly about supporting this feature on GCE where any host could be a security problem.

enocom added a commit that referenced this issue Aug 31, 2022
@enocom
fix: support configuration of HTTP server address
a9c95e6 
Fixes #1359.
@enocom enocom mentioned this issue Aug 31, 2022
Merged
@daquinoaldo
Copy link
Author

Sorry for the late reply. Sure, a flag does the job!
I added a couple of comments in the PR. Thank you for taking care of it!

enocom added a commit that referenced this issue Sep 6, 2022
@enocom
fix: support configuration of HTTP server address (#1365)
b53d77f 
In Kubernetes, the convention is to bind HTTP probes and Prometheus endpoints to
0.0.0.0 (both lo and eth0). Since people might want to run this code on a GCE
VM, default to localhost, but otherwise support binding to both interfaces.

Fixes #1359.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@enocom enocom

Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: support configuration of HTTP server address GoogleCloudPlatform/cloud-sql-proxy
2 participants
@enocom @daquinoaldo