From 674b775f77253ec5cdffcb59cdcc4af9da72b9a1 Mon Sep 17 00:00:00 2001 From: Filip Haftek Date: Mon, 8 Jun 2026 16:17:28 +0200 Subject: [PATCH 1/2] fix: otel-collector exposes on 0.0.0.0 --- .../otel-collector/otel-collector.ConfigMap.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/charts/sourcegraph/templates/otel-collector/otel-collector.ConfigMap.yaml b/charts/sourcegraph/templates/otel-collector/otel-collector.ConfigMap.yaml index 0de56b692..4a42db653 100644 --- a/charts/sourcegraph/templates/otel-collector/otel-collector.ConfigMap.yaml +++ b/charts/sourcegraph/templates/otel-collector/otel-collector.ConfigMap.yaml @@ -14,8 +14,13 @@ data: receivers: otlp: protocols: - grpc: # port 4317 - http: # port 4318 + # Bind to all interfaces. Since v0.104.0, the collector defaults the OTLP + # receiver to 127.0.0.1 (CVE-2024-36129 hardening), which silently drops + # traffic from other pods. See https://opentelemetry.io/blog/2024/hardening-the-collector-one/ + grpc: + endpoint: "0.0.0.0:4317" + http: + endpoint: "0.0.0.0:4318" {{ if .Values.openTelemetry.gateway.config.traces.processors }} processors: {{- toYaml .Values.openTelemetry.gateway.config.traces.processors | nindent 6 }} From d87ed8d5a5b4c200fc2c316a5820408ddc8cd7c6 Mon Sep 17 00:00:00 2001 From: Filip Haftek Date: Mon, 8 Jun 2026 17:42:14 +0200 Subject: [PATCH 2/2] flag for unittest plugin --- scripts/ci/helm-unittest.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ci/helm-unittest.sh b/scripts/ci/helm-unittest.sh index 32d544f02..3ec626947 100755 --- a/scripts/ci/helm-unittest.sh +++ b/scripts/ci/helm-unittest.sh @@ -7,7 +7,7 @@ set -euf -o pipefail HELM_UNITTEST_VERSION="v1.0.2" ### Install the helm-unittest plugin -helm plugin install https://github.com/helm-unittest/helm-unittest --version "$HELM_UNITTEST_VERSION" +helm plugin install https://github.com/helm-unittest/helm-unittest --version "$HELM_UNITTEST_VERSION" --verify=false ### Run the helm tests helm unittest -q charts/sourcegraph