fix: disable probe and metrics endpoints by default

[kvaps]

Summary

Change the defaults for --health-probe-bind-address and --metrics-bind-address from ":0" (bind to a random free port) to "0" (disabled), which is the controller-runtime convention for turning off the server.

Why

netstat on a node running cozy-proxy showed two unexpected high-port listeners:

tcp6  0  0 :::40267  :::*  LISTEN  109979/cozy-proxy
tcp6  0  0 :::33869  :::*  LISTEN  109979/cozy-proxy

Because the chart runs cozy-proxy with hostNetwork: true, those ports were exposed directly on the host. Users who want health probes or metrics can still opt in by passing an explicit bind address via flag.

Verified against controller-runtime v0.20.1:

• Metrics (pkg/metrics/server/server.go): BindAddress == "0" skips server creation entirely.
• Probe (pkg/manager/manager.go): addr == "" || addr == "0" returns a nil listener, so no probe server is started.
• The previous ":0" value instead fell through to net.Listen("tcp", ":0"), which is exactly what produced the random high ports.

Test plan

• Build and deploy; verify netstat -ltnp on the node shows no cozy-proxy listeners
• Pass --health-probe-bind-address=:8081 and confirm the probe endpoint comes up on that port
• Pass --metrics-bind-address=:8080 and confirm metrics are served

Fixes #5

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d1887629-871f-4944-8914-58754c68e2cf

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/disable-default-bind-addresses

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request updates the default bind addresses for the health probe and metrics endpoints to "0", allowing them to be disabled. The review feedback suggests improving the help text by providing example address formats and ensuring consistent pluralization for the metrics endpoint description.

[gemini-code-assist]

Consider adding an example of the expected address format (e.g., :8081) to the help text. Since the default is now the special value "0", providing an example helps users understand that they should provide a :port string to enable the endpoint.

Suggested change

	flag.StringVar(&probeAddr, "health-probe-bind-address", "0", "The address the probe endpoint binds to. Set to \"0\" to disable.")
	flag.StringVar(&probeAddr, "health-probe-bind-address", "0", "The address the probe endpoint binds to (e.g., :8081). Set to \"0\" to disable.")

[gemini-code-assist]

Consider adding an example of the expected address format (e.g., :8080) and using the plural 'metrics' in the help text to maintain consistency with the flag name (--metrics-bind-address).

Suggested change

	flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metric endpoint binds to. Set to \"0\" to disable.")
	flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metrics endpoint binds to (e.g., :8080). Set to \"0\" to disable.")