OTEL-070: Telemetry metrics address bound to `0.0.0.0`

Severity: warn (advisory)

Rule Details

The Collector's internal metrics endpoint exposes operational details (pipeline names, exporter queue lengths, retry counts, internal version). Binding it to 0.0.0.0 makes that reachable from every network the host is on. Bind it to localhost and let a side-loaded scrape job (a Prometheus pod on the same node, a sidecar) read it privately.

This rule fires when service.telemetry.metrics.address contains 0.0.0.0.

Options

This rule has no options.

Examples

Avoid

service:
  telemetry:
    metrics:
      address: "0.0.0.0:8888"

Prefer

service:
  telemetry:
    metrics:
      address: "localhost:8888"

When Not To Use It

Never — there is a safer alternative.

OTEL-010 — receivers should not bind to 0.0.0.0
OTEL-060 — zpages endpoint bound to 0.0.0.0
OTEL-069 — telemetry metrics level set to none
OTEL-074 — service.telemetry.metrics.address deprecated

Version

Available since augur v0.1.0.

Resources

Rule source: policy/main/lifecycle.rego

Rule Details​

Options​

Examples​

When Not To Use It​

Related Rules​

Version​

Further Reading​

Resources​

Rule Details

Options

Examples

When Not To Use It

Related Rules

Version

Further Reading

Resources