Uploaded image for project: 'Percona Monitoring and Management'
  1. Percona Monitoring and Management
  2. PMM-5947

Bind services to internal address for containers

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Done
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: 2.6.0
    • Fix Version/s: 2.10.0
    • Component/s: None
    • Labels:
    • Story Points:
      0
    • Sprint:
      Platform Sprint 22
    • Needs Review:
      Yes
    • Needs QA:
      No
    • Needs Packaging:
      No
    • Needs Doc:
      No

      Description

      The services running in the container do 2 things that can affect running a container as a non-privileged user with host networking:

      • reserved ports are used
      • wildcard bind addresses are allowed

      The latter allows for IPv6 addresses, which may be unexpected too in terms of firewalls.
      Specifically, the internal Alertmanager binds to a wildcard, IPv6 address:
      web.listen-address=: vs web.listen-address=127.0.0.1: etc


      Update Prometheus and Alertmanager addresses in https://github.com/percona/pmm-managed/blob/PMM-2.0/services/supervisord/supervisord.go to 127.0.0.1
      After that change, Prometheus and internal Alertmanager (including STT features) should work as before.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            ceri.williams Ceri Williams
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Smart Checklist