open-telemetry · TylerHelmuth · Jan 24, 2023 · Jan 17, 2023 · Jan 17, 2023 · Jan 17, 2023
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: opentelemetry-collector
-version: 0.45.1
+version: 0.46.0
 description: OpenTelemetry Collector Helm chart for Kubernetes
 type: application
 home: https://opentelemetry.io/

@@ -28,10 +28,9 @@ See [UPGRADING.md](UPGRADING.md).
 
 ## Security Considerations
 
-OpenTelemetry Collector recommends to bind receivers' servers to addresses that limit connections to authorized users. This is typically not needed in containerized environments, although the Open Telemetry Collector logs the following:
-```
-Using the 0.0.0.0 address exposes this server to every network interface, which may facilitate Denial of Service attacks
-```
+OpenTelemetry Collector recommends to bind receivers' servers to addresses that limit connections to authorized users.
+For this reason, by default the chart binds all the Collector's endpoints to the pod's IP.
+
 More info is available in the [Security Best Practices docummentation](https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md#safeguards-against-denial-of-service-attacks)
 
 Some care must be taken when using `hostNetwork: true`, as then OpenTelemetry Collector will listen on all the addresses in the host network namespace.

@@ -1,5 +1,16 @@
 # Upgrade guidelines
 
+## 0.45.0 to 0.46.0
+
+[Update Collector Endpoints to use Pod IP Instead of 0.0.0.0](https://github.com/open-telemetry/opentelemetry-helm-charts/pull/603)
+
+The [Collector's security guidelines were updated](https://github.com/open-telemetry/opentelemetry-collector/pull/6959) to include containerized environments when discussing safeguards against denial of service attacks.
+To be in compliance with the Collector's security best practices the chart has been updated to use the Collector's pod IP in place of `0.0.0.0`.
+
+The chart will continue to allow complete configuration of the Collector via the `config` field in the values.yaml.  If pod IP does not suite your needs you can use `config` to set something different.
+
+See [Security Best Practices docummentation](https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md#safeguards-against-denial-of-service-attacks) for more details.
+
 ## 0.40.7 to 0.41.0
 
 [Require Kubernetes version 1.23 or later](https://github.com/open-telemetry/opentelemetry-helm-charts/pull/541)

@@ -5,7 +5,7 @@ kind: ConfigMap
 metadata:
   name: example-opentelemetry-collector-agent
   labels:
-    helm.sh/chart: opentelemetry-collector-0.45.1
+    helm.sh/chart: opentelemetry-collector-0.46.0
     app.kubernetes.io/name: opentelemetry-collector
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: "0.69.0"
@@ -32,17 +32,17 @@ data:
       jaeger:
         protocols:
           grpc:
-            endpoint: 0.0.0.0:14250
+            endpoint: ${MY_POD_IP}:14250
           thrift_compact:
-            endpoint: 0.0.0.0:6831
+            endpoint: ${MY_POD_IP}:6831
           thrift_http:
-            endpoint: 0.0.0.0:14268
+            endpoint: ${MY_POD_IP}:14268
       otlp:
         protocols:
           grpc:
-            endpoint: 0.0.0.0:4317
+            endpoint: ${MY_POD_IP}:4317
           http:
-            endpoint: 0.0.0.0:4318
+            endpoint: ${MY_POD_IP}:4318
       prometheus:
         config:
           scrape_configs:
@@ -52,7 +52,7 @@ data:
             - targets:
               - ${MY_POD_IP}:8888
       zipkin:
-        endpoint: 0.0.0.0:9411
+        endpoint: ${MY_POD_IP}:9411
     service:
       extensions:
       - health_check
@@ -90,4 +90,4 @@ data:
           - zipkin
       telemetry:
         metrics:
-          address: 0.0.0.0:8888
+          address: ${MY_POD_IP}:8888
@@ -5,7 +5,7 @@ kind: ConfigMap
 metadata:
   name: example-opentelemetry-collector
   labels:
-    helm.sh/chart: opentelemetry-collector-0.45.1
+    helm.sh/chart: opentelemetry-collector-0.46.0
     app.kubernetes.io/name: opentelemetry-collector
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: "0.69.0"
@@ -28,17 +28,17 @@ data:
       jaeger:
         protocols:
           grpc:
-            endpoint: 0.0.0.0:14250
+            endpoint: ${MY_POD_IP}:14250
           thrift_compact:
-            endpoint: 0.0.0.0:6831
+            endpoint: ${MY_POD_IP}:6831
           thrift_http:
-            endpoint: 0.0.0.0:14268
+            endpoint: ${MY_POD_IP}:14268
       otlp:
         protocols:
           grpc:
-            endpoint: 0.0.0.0:4317
+            endpoint: ${MY_POD_IP}:4317
           http:
-            endpoint: 0.0.0.0:4318
+            endpoint: ${MY_POD_IP}:4318
       prometheus:
         config:
           scrape_configs:
@@ -48,7 +48,7 @@ data:
             - targets:
               - ${MY_POD_IP}:8888
       zipkin:
-        endpoint: 0.0.0.0:9411
+        endpoint: ${MY_POD_IP}:9411
     service:
       extensions:
       - health_check
@@ -83,4 +83,4 @@ data:
           - zipkin
       telemetry:
         metrics:
-          address: 0.0.0.0:8888
+          address: ${MY_POD_IP}:8888
@@ -5,7 +5,7 @@ kind: DaemonSet
 metadata:
   name: example-opentelemetry-collector-agent
   labels:
-    helm.sh/chart: opentelemetry-collector-0.45.1
+    helm.sh/chart: opentelemetry-collector-0.46.0
     app.kubernetes.io/name: opentelemetry-collector
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: "0.69.0"
@@ -21,7 +21,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config: cbe25daa1f846c4dd8bb8fe767768e26ff4c3ff5bf8f529b2e9ec7b351c3f631
+        checksum/config: 41438bcf288a36d7b323afc10869c30152905551cea74e62bf58d5eda3e038a6
 
       labels:
         app.kubernetes.io/name: opentelemetry-collector

@@ -5,7 +5,7 @@ kind: Deployment
 metadata:
   name: example-opentelemetry-collector
   labels:
-    helm.sh/chart: opentelemetry-collector-0.45.1
+    helm.sh/chart: opentelemetry-collector-0.46.0
     app.kubernetes.io/name: opentelemetry-collector
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: "0.69.0"
@@ -22,7 +22,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config: 60124d303a04a532c7ef74b31db648ce927b5b9c36b4ebbfdcafa092ad585c22
+        checksum/config: 884adbf823d753896b994e61163def5e86a27566466a40d696fa26ce0ea71cb7
 
       labels:
         app.kubernetes.io/name: opentelemetry-collector

@@ -5,7 +5,7 @@ kind: Service
 metadata:
   name: example-opentelemetry-collector
   labels:
-    helm.sh/chart: opentelemetry-collector-0.45.1
+    helm.sh/chart: opentelemetry-collector-0.46.0
     app.kubernetes.io/name: opentelemetry-collector
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: "0.69.0"

@@ -5,7 +5,7 @@ kind: ServiceAccount
 metadata:
   name: example-opentelemetry-collector
   labels:
-    helm.sh/chart: opentelemetry-collector-0.45.1
+    helm.sh/chart: opentelemetry-collector-0.46.0
     app.kubernetes.io/name: opentelemetry-collector
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: "0.69.0"

@@ -5,7 +5,7 @@ kind: ConfigMap
 metadata:
   name: example-opentelemetry-collector-agent
   labels:
-    helm.sh/chart: opentelemetry-collector-0.45.1
+    helm.sh/chart: opentelemetry-collector-0.46.0
     app.kubernetes.io/name: opentelemetry-collector
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: "0.69.0"
@@ -91,17 +91,17 @@ data:
       jaeger:
         protocols:
           grpc:
-            endpoint: 0.0.0.0:14250
+            endpoint: ${MY_POD_IP}:14250
           thrift_compact:
-            endpoint: 0.0.0.0:6831
+            endpoint: ${MY_POD_IP}:6831
           thrift_http:
-            endpoint: 0.0.0.0:14268
+            endpoint: ${MY_POD_IP}:14268
       otlp:
         protocols:
           grpc:
-            endpoint: 0.0.0.0:4317
+            endpoint: ${MY_POD_IP}:4317
           http:
-            endpoint: 0.0.0.0:4318
+            endpoint: ${MY_POD_IP}:4318
       prometheus:
         config:
           scrape_configs:
@@ -111,7 +111,7 @@ data:
             - targets:
               - ${MY_POD_IP}:8888
       zipkin:
-        endpoint: 0.0.0.0:9411
+        endpoint: ${MY_POD_IP}:9411
     service:
       extensions:
       - health_check
@@ -147,4 +147,4 @@ data:
           - zipkin
       telemetry:
         metrics:
-          address: 0.0.0.0:8888
+          address: ${MY_POD_IP}:8888
@@ -5,7 +5,7 @@ kind: DaemonSet
 metadata:
   name: example-opentelemetry-collector-agent
   labels:
-    helm.sh/chart: opentelemetry-collector-0.45.1
+    helm.sh/chart: opentelemetry-collector-0.46.0
     app.kubernetes.io/name: opentelemetry-collector
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: "0.69.0"
@@ -21,7 +21,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config: 5c747ad861bfa2b910c435acf7182ccfb7ba78706b659a100cb9bb805ca1def2
+        checksum/config: 4ca14515859737a7e49899b48c0cefa820f2338efc34e469c9d7e817dc8dc07f
 
       labels:
         app.kubernetes.io/name: opentelemetry-collector

@@ -5,7 +5,7 @@ kind: ServiceAccount
 metadata:
   name: example-opentelemetry-collector
   labels:
-    helm.sh/chart: opentelemetry-collector-0.45.1
+    helm.sh/chart: opentelemetry-collector-0.46.0
     app.kubernetes.io/name: opentelemetry-collector
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: "0.69.0"

@@ -5,7 +5,7 @@ kind: ConfigMap
 metadata:
   name: example-opentelemetry-collector-agent
   labels:
-    helm.sh/chart: opentelemetry-collector-0.45.1
+    helm.sh/chart: opentelemetry-collector-0.46.0
     app.kubernetes.io/name: opentelemetry-collector
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: "0.69.0"
@@ -74,17 +74,17 @@ data:
       jaeger:
         protocols:
           grpc:
-            endpoint: 0.0.0.0:14250
+            endpoint: ${MY_POD_IP}:14250
           thrift_compact:
-            endpoint: 0.0.0.0:6831
+            endpoint: ${MY_POD_IP}:6831
           thrift_http:
-            endpoint: 0.0.0.0:14268
+            endpoint: ${MY_POD_IP}:14268
       otlp:
         protocols:
           grpc:
-            endpoint: 0.0.0.0:4317
+            endpoint: ${MY_POD_IP}:4317
           http:
-            endpoint: 0.0.0.0:4318
+            endpoint: ${MY_POD_IP}:4318
       prometheus:
         config:
           scrape_configs:
@@ -94,7 +94,7 @@ data:
             - targets:
               - ${MY_POD_IP}:8888
       zipkin:
-        endpoint: 0.0.0.0:9411
+        endpoint: ${MY_POD_IP}:9411
     service:
       extensions:
       - health_check
@@ -130,4 +130,4 @@ data:
           - zipkin
       telemetry:
         metrics:
-          address: 0.0.0.0:8888
+          address: ${MY_POD_IP}:8888
@@ -5,7 +5,7 @@ kind: DaemonSet
 metadata:
   name: example-opentelemetry-collector-agent
   labels:
-    helm.sh/chart: opentelemetry-collector-0.45.1
+    helm.sh/chart: opentelemetry-collector-0.46.0
     app.kubernetes.io/name: opentelemetry-collector
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: "0.69.0"
@@ -21,7 +21,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config: 55b2e74668b76f95f152e0942cff05b04a3368452b33477c29b6b1e3fd7cf0b2
+        checksum/config: 3c04aec5dfe4561ccb0cf887643c515346e6c8b31ee719bbfa5c0656db8a5660
 
       labels:
         app.kubernetes.io/name: opentelemetry-collector

@@ -5,7 +5,7 @@ kind: ServiceAccount
 metadata:
   name: example-opentelemetry-collector
   labels:
-    helm.sh/chart: opentelemetry-collector-0.45.1
+    helm.sh/chart: opentelemetry-collector-0.46.0
     app.kubernetes.io/name: opentelemetry-collector
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: "0.69.0"

@@ -5,7 +5,7 @@ kind: ConfigMap
 metadata:
   name: example-opentelemetry-collector-agent
   labels:
-    helm.sh/chart: opentelemetry-collector-0.45.1
+    helm.sh/chart: opentelemetry-collector-0.46.0
     app.kubernetes.io/name: opentelemetry-collector
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: "0.69.0"
@@ -28,17 +28,17 @@ data:
       jaeger:
         protocols:
           grpc:
-            endpoint: 0.0.0.0:14250
+            endpoint: ${MY_POD_IP}:14250
           thrift_compact:
-            endpoint: 0.0.0.0:6831
+            endpoint: ${MY_POD_IP}:6831
           thrift_http:
-            endpoint: 0.0.0.0:14268
+            endpoint: ${MY_POD_IP}:14268
       otlp:
         protocols:
           grpc:
-            endpoint: 0.0.0.0:4317
+            endpoint: ${MY_POD_IP}:4317
           http:
-            endpoint: 0.0.0.0:4318
+            endpoint: ${MY_POD_IP}:4318
       prometheus:
         config:
           scrape_configs:
@@ -48,7 +48,7 @@ data:
             - targets:
               - ${MY_POD_IP}:8888
       zipkin:
-        endpoint: 0.0.0.0:9411
+        endpoint: ${MY_POD_IP}:9411
     service:
       extensions:
       - health_check
@@ -83,4 +83,4 @@ data:
           - zipkin
       telemetry:
         metrics:
-          address: 0.0.0.0:8888
+          address: ${MY_POD_IP}:8888
@@ -5,7 +5,7 @@ kind: DaemonSet
 metadata:
   name: example-opentelemetry-collector-agent
   labels:
-    helm.sh/chart: opentelemetry-collector-0.45.1
+    helm.sh/chart: opentelemetry-collector-0.46.0
     app.kubernetes.io/name: opentelemetry-collector
     app.kubernetes.io/instance: example
     app.kubernetes.io/version: "0.69.0"
@@ -21,7 +21,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config: 6c4e5157feaaca3def8d302e4cfed0aa6188824ac3289e6b8eadc66ecf206c00
+        checksum/config: 0ae8fa2ea641187d3b7c3277c1710f72951937b6b5ffdb18401fdbd08053f581
 
       labels:
         app.kubernetes.io/name: opentelemetry-collector