Replace or add loopback address in Collector OTLP examples

[theletterf]

Fixes #3839

To check:

• Do we want to add a comment to all YAML edits? What should it say?
• Do we need to change this in instrumentation settings examples?
• Do we need to change localhost to 0.0.0.0 elsewhere in Collector configs?

---

Preview, e.g., see: https://deploy-preview-3847--opentelemetry.netlify.app/docs/collector/configuration/#endpoint-0.0.0.0-warning

[svrnm]

If I understand the issue correctly this is only for receivers

[mx-psi]

This is only on servers exposed by the OpenTelemetry Collector (the vast majority of which are receivers, we also have a couple extensions that may be featured in the docs). The intent is to mitigate https://cwe.mitre.org/data/definitions/1327.html

[theletterf]

@svrnm @mx-psi I reverted all changes applied to things that are not receivers. Other than OTLP addresses I couldn't find other instances of receiver listening on localhost in the Collector docs.

I'm also unsure about adding a long note at all. I think this change can be transparent until the new standard comes into effect.

[svrnm]

I'm also unsure about adding a long note at all. I think this change can be transparent until the new standard comes into effect.

My suggestion is that we have something like this:

  otlp:
    protocols:
      grpc:
        # This will tell the collector to listen on all interfaces & addresses, 
        # make sure that you set this configuration to the value that is appropriate for your environment
        endpoint: 0.0.0.0:4317

Rational: The problem that we are facing is that the new default of the collector is implemented for security reasons, now we tell people to re-configure their collector again to that less secure setting, so we have to give them an indication that this setting has implications they need to be aware of, although this makes our documentation "ugly"

[theletterf]

@svrnm I've reverted the changes you pointed out as wrong and added a compact note to the rest. PTAL

[svrnm]

a few more things to fix, but overall LGTM

[theletterf]

Comments addressed! PTAL

[mx-psi]

Makes sense to me 👍 As I said above, fine for me to leave this to a different PR, but also fine to keep it here if okay with others :)

[theletterf]

@chalin I echo @mx-psi. If you'd add the note with that same wording, that'd work for me.

[chalin]

@chalin I echo @mx-psi. If you'd add the note with that same wording, that'd work for me.

Added, see https://deploy-preview-3847--opentelemetry.netlify.app/docs/collector/configuration/#endpoint-0.0.0.0-warning.

[chalin]

If y'all agree with the added note, then the rest LGTM ✨

[theletterf]

@chalin LGTM! Let's roll!

[swiatekm]

👍 on the operator examples.

[svrnm]

awesome, this looks really good now. @mx-psi if you are happy as well we can merge :-)

[mx-psi]

Looks good to me! :)