You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In kube-controllers/cmd/kube-controllers/main.go, there's an import _ "net/http/pprof", this causes /debug/pprof emerges in any started http server such as server for serving /metrics (default at port 9094) even if DebugProfilePort is not set.
Expected Behavior
/debug/pprof is not enabled on Calico kube-controllers's /metrics server port
Current Behavior
/debug/pprof is enabled on Calico kube-controllers's /metrics server port
Possible Solution
Not sure if import _ "net/http/pprof" is necessary, I see currently if DebugProfilePort is not zero, github.com/pkg/profile is used to write profile data to local disk.
Steps to Reproduce (for bugs)
Deploy Calico and /metrics is enabled in kube-controllers (this is default).
In
kube-controllers/cmd/kube-controllers/main.go, there's an import_ "net/http/pprof", this causes/debug/pprofemerges in any started http server such as server for serving/metrics(default at port 9094) even ifDebugProfilePortis not set.Expected Behavior
/debug/pprofis not enabled on Calicokube-controllers's/metricsserver portCurrent Behavior
/debug/pprofis enabled on Calicokube-controllers's/metricsserver portPossible Solution
Not sure if
import _ "net/http/pprof"is necessary, I see currently ifDebugProfilePortis not zero,github.com/pkg/profileis used to write profile data to local disk.Steps to Reproduce (for bugs)
/metricsis enabled inkube-controllers(this is default).http://<calico-kube-controllers IP>:9094/debug/pprofContext
Exposing
pprofby default outside the host OS is considered a security issue by organizations which have high security requirements.Your Environment
The text was updated successfully, but these errors were encountered: