Revert "fix: app clone failed"

This reverts commit a8a14ab9d6.

framework/app-service/.olares/config/cluster/deploy/appservice_deploy.yaml

@@ -170,7 +170,7 @@ spec:
       priorityClassName: "system-cluster-critical"
       containers:
       - name: app-service
-        image: beclab/app-service:0.4.59
+        image: beclab/app-service:0.4.60
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsUser: 0

framework/app-service/pkg/apiserver/handler_service.go

@@ -212,7 +212,7 @@ func (h *Handler) listBackend(req *restful.Request, resp *restful.Response) {
 				Appid:           appv1alpha1.AppName(am.Spec.AppName).GetAppID(),
 				IsSysApp:        appv1alpha1.AppName(am.Spec.AppName).IsSysApp(),
 				Namespace:       am.Spec.AppNamespace,
-				Owner:           owner,
+				Owner:           am.Spec.AppOwner,
 				Entrances:       appconfig.Entrances,
 				SharedEntrances: appconfig.SharedEntrances,
 				Icon:            appconfig.Icon,

framework/app-service/pkg/apiserver/handler_webhook.go

@@ -570,36 +570,9 @@ func (h *Handler) validateArgoResources(ctx context.Context, req *admissionv1.Ad
 		return h.sidecarWebhook.AdmissionError(req.UID, err)
 	}
 
-	labels := object.GetLabels()
-	if labels != nil && labels[constants.ApplicationAuthorLabel] == constants.ByteTradeAuthor {
-		return resp
-	}
-
 	appNamespace := req.Namespace
-	if strings.HasSuffix(req.Namespace, "-shared") {
-		var ns corev1.Namespace
-		err := h.ctrlClient.Get(ctx, types.NamespacedName{Name: req.Namespace}, &ns)
-		if err != nil {
-			klog.Errorf("failed to get ns %s %v", req.Namespace, err)
-			return h.sidecarWebhook.AdmissionError(req.UID, err)
-		}
-		if ns.Labels != nil {
-			installUser := ns.Labels[constants.ApplicationInstallUserLabel]
-			appName := ns.Labels[constants.ApplicationNameLabel]
-			appNamespace = fmt.Sprintf("%s-%s", appName, installUser)
-		}
-	}
-
-	// Ensure the namespace matches some ApplicationManager.Spec.AppNamespace
-	var amList v1alpha1.ApplicationManagerList
-	if err := h.ctrlClient.List(ctx, &amList, &client.ListOptions{}); err != nil {
-		klog.Errorf("Failed to list application managers for argo resources validation err=%v", err)
-		return h.sidecarWebhook.AdmissionError(req.UID, err)
-	}
-	for _, am := range amList.Items {
-		if am.Spec.AppNamespace == appNamespace {
-			return resp
-		}
+	if !apputils.IsProtectedNamespace(appNamespace) {
+		return resp
 	}
 
 	resp.Allowed = false

framework/app-service/pkg/sandbox/sidecar/envoy.go

@@ -329,6 +329,7 @@ func generateIptablesCommands(appCfg *appcfg.ApplicationConfig) string {
 -A OUTPUT -p tcp -j PROXY_OUTBOUND
 -A PROXY_INBOUND -p tcp --dport %d -j RETURN
 -A PROXY_INBOUND -s 20.20.20.21 -j RETURN
+-A PROXY_INBOUND -s 172.30.0.0/16 -j RETURN
 `, constants.EnvoyAdminPort)
 	if appCfg != nil {
 		for _, port := range appCfg.Ports {