curl_from_external.txt

Is this a bug report or feature request?
Feature request

• Feature Request
  We have issue that Ceph Manager pods are binding to 0.0.0.0 or "::". (dualstack and prefered IPV6 family) And because we use host networking we then expose the monitoring data to all interfaces. This includes external networks where we should have strict access control and no extra ports can be exposed.

What should the feature do:

What is use case behind this feature:

Environment:
Tested with ceph 19.2.2 and rook v1.16.9

node# sudo lsof -P -n -i | grep 9283
ceph-mgr 109721 167 28u IPv6 800545 0t0 TCP *:9283 (LISTEN)

Pod

:~> kubectl describe pod rook-ceph-mgr-a-568d7fc8c-f2nh4 -n rook-ceph
Name: rook-ceph-mgr-a-568d7fc8c-f2nh4
Namespace: rook-ceph
Priority: 2000000000
Priority Class Name: system-cluster-critical
Service Account: rook-ceph-mgr
Node: node/fd00:eccd:b18b:a1a::8
Labels: app=rook-ceph-mgr
app.kubernetes.io/component=cephclusters.ceph.rook.io
app.kubernetes.io/created-by=rook-ceph-operator
app.kubernetes.io/instance=a
app.kubernetes.io/managed-by=rook-ceph-operator
app.kubernetes.io/name=ceph-mgr
app.kubernetes.io/part-of=rook-ceph-cluster
ceph_daemon_id=a
ceph_daemon_type=mgr
instance=a
mgr=a
mgr_role=active
pod-template-hash=568d7fc8c
rook.io/operator-namespace=rook-ceph
rook_cluster=rook-ceph
Annotations:
prometheus.io/port: 9283
prometheus.io/scheme: https
prometheus.io/scrape: true
Status: Running
IP: fd00:eccd:b18b:a1a::8
IPs:
IP: fd00:eccd:b18b:a1a::8
IP: 10.2.1.8

Service:

kubectl get svc -n rook-ceph rook-ceph-mgr
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
rook-ceph-mgr ClusterIP fd00:eccd:17:ffff::5555:f449 9283/TCP 88m