Include ports for networkpolicy or ciliumnetworkpolicy for OTLP ingest #1452
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
When
global.networkPolicy.create
and OTLP is enabled, enables the necessary ingress ports in the NetworkPolicy or CiliumNetworkPolicy for OTLP ingest depending on the flavor that is configured inglobal.networkPolicy.flavor
. Currently this is only supported for APM features.Also refined the logic on the OTLP ports for the local service depending if the user has configured
features.otlp.receiver.protocols.grpc/http.hostPortConfig.enabled
and/orfeatures.otlp.receiver.protocols.grpc/http.hostPortConfig.hostPort
. This is in an effort to make it so that NetworkPolicy's ingress ports correspond with the local service (vice-versa) whenever the abovehostPortConfig
's are configured, a follow-up to this PR: #1440Motivation
CECO-1468
Generally to alleviate connectivity issues with OTLP ingest for clusters have restrictive NetworkPolicy rules.
Describe your test plan
Create a kind cluster, and follow this guide to install Cilium in your cluster: https://docs.cilium.io/en/stable/installation/kind/
Test the
"kubernetes"
flavor:Deploy the following
DatadogAgent
configurations:The operator should deploy the
NetworkPolicy
object with ingress ports4317
and4318
.For instance if you named the
DatadogAgent
asdatadog
, you can runkubectl describe networkpolicy datadog-agent
to check if the ports are present.Can also include the configurations
features.otlp.receiver.protocols.grpc.hostPortConfig.hostPort
andfeatures.otlp.receiver.protocols.http.hostPortConfig.hostPort
to configure custom ports and check if it reflects in theNetworkPolicy
Test the
"cilium"
flavor:The operator should deploy the
CiliumNetworkPolicy
object with ingress ports4317
and4318
.For instance if you named the
DatadogAgent
asdatadog
, you can runkubectl describe ciliumnetworkpolicy datadog-agent
to check if the ports are present.Can also include the configurations
features.otlp.receiver.protocols.grpc.hostPortConfig.hostPort
andfeatures.otlp.receiver.protocols.http.hostPortConfig.hostPort
to configure custom ports and check if it reflects in theCiliumNetworkPolicy
.Checklist
bug
,enhancement
,refactoring
,documentation
,tooling
, and/ordependencies
qa/skip-qa
label