When started for the first time, Influx allows any unauthenticated user
to perform initial database setup. An instance that is reachable from
the public internet thus has a race window for initial setup.
Close the window by starting Influx listening only on localhost,
performing setup, and only then running a reverse proxy on the external
interface to forward external traffic to influx. We must do this on
every startup just to see if this instance has already been set up or
not.
For golang/go#48803.
Change-Id: Iea41b01f61199101eb59686f1e6a3e9dab059a0e
Reviewed-on: https://go-review.googlesource.com/c/build/+/394357
Reviewed-by: Heschi Kreinick <heschi@google.com>
Trust: Michael Pratt <mpratt@google.com>
Run-TryBot: Michael Pratt <mpratt@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
This CL creates a Docker image for running an InfluxDB instance for the
Go performance monitoring dashboard.
The image is based on the Google-maintained GCP InfluxDB 2 image, with
an additional small program to perform initial database setup and push
access credentials to Google Secret Manager.
See README.md for instructions on running the image locally or on GCP.
This CL is based on CL 392635 after we decided it belongs better in
x/build. It drop the custom module, using the standard x/build/go.mod
instead. Plus it adds a Makefile and and expectation of `docker build`
running from the repository.
For golang/go#48803
Change-Id: Ib79242311acee9529073cd68c9754e6459a49319
Reviewed-on: https://go-review.googlesource.com/c/build/+/394354
Reviewed-by: Heschi Kreinick <heschi@google.com>
Trust: Michael Pratt <mpratt@google.com>
Run-TryBot: Michael Pratt <mpratt@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Michael Pratt