trident icon indicating copy to clipboard operation
trident copied to clipboard
verified publisher icon NetApp

bind on ::1 for linux and 127.0.0.1 for windows for the probe

Open Cellebyte opened this issue 5 months ago • 5 comments

Change description

I am updating the bind-address for the probePort of the DaemonSet from :: to be ::1 for linux and 127.0.0.1 for windows. This secures the port from being accidentally exposed on kube-proxy Services and additional Network Interfaces which are not managed by K8s NetworkPolicy.

Project tracking

  • #1044

Do any added TODOs have an issue in the backlog?

  • #1044

Did you add unit tests? Why not?

I don't added a Unit-Test as it does not change code but only deployment behaviour.

Does this code need functional testing?

Yeah It would need to check if the basic installation still works of the DaemonSet in Windows and Linux clusters.

Is a code review walkthrough needed? why or why not?

Not really.

Should additional test coverage be executed in addition to pre-merge?

No

Does this code need a note in the changelog?

Yes, as it binds the healthz port to localhost instead of all available IP addresses.

Does this code require documentation changes?

No, as it does not add any configuration parameter.

Additional Information

Cellebyte avatar Aug 04 '25 14:08 Cellebyte

Have you completed the CCLA?

torirevilla avatar Sep 02 '25 20:09 torirevilla

@torirevilla I will sign it on Monday. Thx :)

Cellebyte avatar Sep 05 '25 21:09 Cellebyte

@Cellebyte We have not received the signed CCLA, did you get a chance to complete it?

torirevilla avatar Oct 15 '25 13:10 torirevilla

@torirevilla sadly my company is still in the process.

Cellebyte avatar Oct 15 '25 13:10 Cellebyte

@torirevilla my company signed now the CCLA. I don't know if it is visible to you.

Cellebyte avatar Oct 27 '25 09:10 Cellebyte