-
Notifications
You must be signed in to change notification settings - Fork 138
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: default ADDRESS env var on deploy #1837
Conversation
Requests that deployed functions listen on all interfaces by default by providing an ADDRESS environment variable.
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## main #1837 +/- ##
==========================================
+ Coverage 62.51% 63.53% +1.02%
==========================================
Files 107 107
Lines 13732 13749 +17
==========================================
+ Hits 8585 8736 +151
+ Misses 4331 4172 -159
- Partials 816 841 +25
Flags with carried forward coverage won't be shown. Click here to find out more.
☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/hold for others
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: lkingland, zroubalik The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall lgtm, although I wonder if ADDRESS
might be too generic and potentially suffer from overlap. Just a thought.
/unhold |
Runtimes should, by default, only listen on the loopback interface for security (they may be
func run
locally).The ADDRESS environment variable added here on deploy requests the runtime to listen on all interfaces (0.0.0.0) when deployed, since they will need to listen for client requests and for health readiness/liveness probes.
Additionally, now a user who wishes to securely open their function to only receive requests on a specific interface, such as a WireGuard-encrypted mesh network which presents as a specific interface; that can be achieved by explicitly setting the ADDRESS on their function.
NOTE this env variable is only a suggestion, and it is up to the runtimes to read and use. This is currently respected by scaffolded Go functions (
func-runtime-go
library), with other runtimes expected to implement as they are updated to support scaffolding./kind enhancement