(fix) bind metrics server to localhost interface only

Bind metrics server endpoints to 127.0.0.1 instead of all interfaces
to improve security by preventing direct external access to metrics endpoints.
This change supports downstream kube-rbac-proxy integration (see openshift/operator-framework-olm#1061 for more info)
by ensuring metrics are only accessible locally within the pod.

Signed-off-by: Anik Bhattacharjee <[email protected]>

Author: anik120

pkg/lib/server/server.go

@@ -78,9 +78,9 @@ func (sc *serverConfig) tlsEnabled() (bool, error) {
 
 func (sc *serverConfig) getAddress(tlsEnabled bool) string {
 	if tlsEnabled {
-		return ":8443"
+		return "127.0.0.1:8443"
 	}
-	return ":8080"
+	return "127.0.0.1:8080"
 }
 
 func (sc serverConfig) getListenAndServeFunc() (func() error, error) {