Parameterize listen host and override when in container (#6231)

## Which problem is this PR solving? - Resolves #6209 - In #6226 we changed the all-in-one config to always use 0.0.0.0, which is not a secure option when running the binary directly on host (vs. running in container) ## Description of the changes - Introduce `JAEGER_LISTEN_HOST` env var used from all-in-one/v2 config - Default it to `localhost` suitable for running directly on host - Override it to 0.0.0.0 in the Dockerfile for v2 ## How was this change tested? - ran the binary without env var, no security warnings - ran with JAEGER_LISTEN_HOST=0.0.0.0 - warnings are displayed as expected (pending open-telemetry/opentelemetry-collector#11713) Signed-off-by: Yuri Shkuro <[email protected]>
jaegertracing · Nov 21, 2024 · 48cf1ba · 48cf1ba
1 parent 8c2340c
commit 48cf1ba
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 9 deletions.
diff --git a/cmd/jaeger/Dockerfile b/cmd/jaeger/Dockerfile
@@ -10,6 +10,8 @@ FROM $base_image AS release
 ARG TARGETARCH
 ARG USER_UID=10001
 
+ENV JAEGER_LISTEN_HOST=0.0.0.0
+
 # Sampling config HTTP
 EXPOSE 5778
 
@@ -53,6 +55,8 @@ FROM $debug_image AS debug
 ARG TARGETARCH=amd64
 ARG USER_UID=10001
 
+ENV JAEGER_LISTEN_HOST=0.0.0.0
+
 # Sampling config HTTP
 EXPOSE 5778
 

diff --git a/cmd/jaeger/internal/all-in-one.yaml b/cmd/jaeger/internal/all-in-one.yaml
@@ -10,7 +10,7 @@ service:
       service.name: jaeger
     metrics:
       level: detailed
-      address: 0.0.0.0:8888
+      address: "${env:JAEGER_LISTEN_HOST:-localhost}:8888"
     logs:
       level: info
     # TODO Initialize telemetery tracer once OTEL released new feature.
@@ -35,14 +35,14 @@ extensions:
     #   sampling_store: some_store
     #   initial_sampling_probability: 0.1
     http:
-      endpoint: "0.0.0.0:5778"
+      endpoint: "${env:JAEGER_LISTEN_HOST:-localhost}:5778"
     grpc:
-      endpoint: "0.0.0.0:5779"
+      endpoint: "${env:JAEGER_LISTEN_HOST:-localhost}:5779"
 
   healthcheckv2:
     use_v2: true
     http:
-      endpoint: "0.0.0.0:13133"
+      endpoint: "${env:JAEGER_LISTEN_HOST:-localhost}:13133"
     grpc:
 
   expvar:
@@ -52,19 +52,19 @@ receivers:
   otlp:
     protocols:
       grpc:
-        endpoint: "0.0.0.0:4317"
+        endpoint: "${env:JAEGER_LISTEN_HOST:-localhost}:4317"
       http:
-        endpoint: "0.0.0.0:4318"
+        endpoint: "${env:JAEGER_LISTEN_HOST:-localhost}:4318"
 
   jaeger:
     protocols:
       grpc:
-        endpoint: "0.0.0.0:14250"
+        endpoint: "${env:JAEGER_LISTEN_HOST:-localhost}:14250"
       thrift_http:
-        endpoint: "0.0.0.0:14268"
+        endpoint: "${env:JAEGER_LISTEN_HOST:-localhost}:14268"
 
   zipkin:
-    endpoint: "0.0.0.0:9411"
+    endpoint: "${env:JAEGER_LISTEN_HOST:-localhost}:9411"
 
 processors:
   batch: