fix: add open telemetry netpol (#2175 )

fix(app-service): check for nil annotations before assignment (#2163 )
fix: check for nil annotations before assignment
2025-12-09 13:40:28 +08:00 · 2025-12-05 19:27:45 +08:00
3 changed files with 53 additions and 2 deletions
--- a/framework/app-service/controllers/security_controller.go
+++ b/framework/app-service/controllers/security_controller.go
@@ -387,7 +387,13 @@ func (r *SecurityReconciler) reconcileNetworkPolicy(ctx context.Context, ns *cor
 			networkPolicy.SetNamespace(ns.Name)
 			npFix = nil
 		} else if security.IsOSSystemNamespace(ns.Name) {
-			networkPolicy = security.NetworkPolicies{security.NPOSSystem.DeepCopy(), security.NSFilesPolicy.DeepCopy(), security.NPSystemProvider.DeepCopy(), security.NPSystemMiddleware.DeepCopy()}
+			networkPolicy = security.NetworkPolicies{
+				security.NPOSSystem.DeepCopy(),
+				security.NSFilesPolicy.DeepCopy(),
+				security.NPSystemProvider.DeepCopy(),
+				security.NPSystemMiddleware.DeepCopy(),
+				security.NPOpenTelemetryCollector.DeepCopy(),
+			}
 			networkPolicy.SetName("os-system-np")
 			networkPolicy.SetNamespace(ns.Name)
 			npFix = nil
--- a/framework/app-service/pkg/apiserver/handler_installer_upgrade.go
+++ b/framework/app-service/pkg/apiserver/handler_installer_upgrade.go
@@ -347,6 +347,9 @@ func (h *Handler) appUpgrade(req *restful.Request, resp *restful.Response) {

 	appCopy.Spec.Config = config
 	appCopy.Spec.OpType = appv1alpha1.UpgradeOp
+	if appCopy.Annotations == nil {
+		appCopy.Annotations = make(map[string]string)
+	}
 	appCopy.Annotations[api.AppRepoURLKey] = request.RepoURL
 	appCopy.Annotations[api.AppVersionKey] = request.Version
 	appCopy.Annotations[api.AppTokenKey] = token
--- a/framework/app-service/pkg/security/templates.go
+++ b/framework/app-service/pkg/security/templates.go
@@ -3,7 +3,10 @@ package security
 import (
 	"bytetrade.io/web3os/app-service/pkg/constants"
 	"bytetrade.io/web3os/app-service/pkg/utils"
-
+	
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/util/intstr"
+	"k8s.io/utils/pointer"
 	netv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -468,6 +471,45 @@ var (
 		},
 	} // end NPSystemMiddleware

+	NPOpenTelemetryCollector = netv1.NetworkPolicy{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "opentelemetry-collector-np",
+		},
+		Spec: netv1.NetworkPolicySpec{
+			PodSelector: metav1.LabelSelector{
+				MatchLabels: map[string]string{
+					"app.kubernetes.io/component": "opentelemetry-collector",
+					"app.kubernetes.io/instance":  "os-platform.jaeger-storage-instance",
+				},
+			},
+			Ingress: []netv1.NetworkPolicyIngressRule{
+				{
+					From: []netv1.NetworkPolicyPeer{
+						{
+							NamespaceSelector: &metav1.LabelSelector{
+								MatchLabels: map[string]string{},
+							},
+						},
+					},
+					Ports: []netv1.NetworkPolicyPort{
+						{
+							Protocol: (*corev1.Protocol)(pointer.String(string(corev1.ProtocolTCP))),
+							Port:     &intstr.IntOrString{Type: intstr.Int, IntVal: 16686},
+						},
+						{
+							Protocol: (*corev1.Protocol)(pointer.String(string(corev1.ProtocolTCP))),
+							Port:     &intstr.IntOrString{Type: intstr.Int, IntVal: 4317},
+						},
+						{
+							Protocol: (*corev1.Protocol)(pointer.String(string(corev1.ProtocolTCP))),
+							Port:     &intstr.IntOrString{Type: intstr.Int, IntVal: 4318},
+						},
+					},
+				},
+			},
+		},
+	}
+
 	NPSharedEntrance = netv1.NetworkPolicy{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "shared-entrance-np",
Author	SHA1	Message	Date
hysyeah	a11ec932ac	fix: add open telemetry netpol (#2175 )	2025-12-09 13:40:28 +08:00
dkeven	66c08d47a1	fix(app-service): check for nil annotations before assignment (#2163 ) fix: check for nil annotations before assignment	2025-12-05 19:27:45 +08:00