dapr
/
kubernetes-operator
mirror of https://github.com/dapr/kubernetes-operator.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #109 from lburgazzoli/dapr-1.13 

Dapr 1.13 Operator Upgrade
This commit is contained in:
Luca Burgazzoli 2024-03-30 17:30:03 +01:00 committed by GitHub
parent 3fd7d55fdb 55d09b0bfd
commit dc96e1a358
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
43 changed files with 478 additions and 277 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.github/workflows/e2e-olm.yml vendored
View File

@ -55,8 +55,9 @@ jobs:
strategy:
matrix:
kubernetes-version:
- "1.27.3"
- "1.28.0"
- "1.27.11"
- "1.28.7"
- "1.29.2"
steps:
- name: "Checkout"
uses: actions/checkout@v4
@ -66,9 +67,9 @@ jobs:
go-version-file: 'go.mod'
check-latest: true
- name: 'SetUp KinD'
uses: container-tools/kind-action@v2
uses: container-tools/kind-action@v2.0.4
with:
version: "v0.20.0"
version: "v0.22.0"
kubectl_version: v${{ matrix.kubernetes-version }}
registry: false
node_image: kindest/node:v${{ matrix.kubernetes-version }}

20
.github/workflows/e2e-operator.yml vendored
View File

@ -35,8 +35,9 @@ jobs:
strategy:
matrix:
kubernetes-version:
- "1.27.3"
- "1.28.0"
- "1.27.11"
- "1.28.7"
- "1.29.2"
steps:
- name: "Checkout"
uses: actions/checkout@v4
@ -46,9 +47,9 @@ jobs:
go-version-file: 'go.mod'
check-latest: true
- name: 'SetUp KinD'
uses: container-tools/kind-action@v2
uses: container-tools/kind-action@v2.0.4
with:
version: "v0.20.0"
version: "v0.22.0"
kubectl_version: v${{ matrix.kubernetes-version }}
registry: false
node_image: kindest/node:v${{ matrix.kubernetes-version }}
@ -57,15 +58,8 @@ jobs:
run: |
./hack/scripts/deploy_ingress.sh
- name: "SetUp Dapr Kubernetes Operator"
run: |
make deploy/e2e
kubectl wait \
--namespace=dapr-system \
--for=condition=ready \
pod \
--selector=control-plane=dapr-control-plane \
--timeout=90s
run: |
./hack/scripts/deploy_e2e.sh
- name: "Run Dapr Kubernetes Operator e2e"
run: |
make test/e2e/operator

2
Dockerfile
View File

@ -1,5 +1,5 @@
# Build the manager binary
FROM golang:1.21 as builder
FROM golang:1.22 as builder
ARG TARGETOS
ARG TARGETARCH

26
Makefile
View File

@ -14,7 +14,7 @@ CATALOG_VERSION ?= latest
CATALOG_CONTAINER_IMAGE ?= $(CONTAINER_REGISTRY)/$(CONTAINER_REGISTRY_ORG)/$(PROJECT_NAME)-catalog:$(CATALOG_VERSION)
LINT_GOGC ?= 10
LINT_DEADLINE ?= 10m
LINT_TIMEOUT ?= 10m
MKFILE_PATH := $(abspath $(lastword $(MAKEFILE_LIST)))
PROJECT_PATH := $(patsubst %/,%,$(dir $(MKFILE_PATH)))
@ -22,17 +22,17 @@ LOCALBIN := $(PROJECT_PATH)/bin
HELM_CHART_REPO ?= https://dapr.github.io/helm-charts
HELM_CHART ?= dapr
HELM_CHART_VERSION ?= 1.12.0
HELM_CHART_VERSION ?= 1.13.1
HELM_CHART_URL ?= https://raw.githubusercontent.com/dapr/helm-charts/master/dapr-$(HELM_CHART_VERSION).tgz
## Tool Versions
CODEGEN_VERSION ?= v0.28.3
KUSTOMIZE_VERSION ?= v5.2.1
CONTROLLER_TOOLS_VERSION ?= v0.13.0
KIND_VERSION ?= v0.20.0
LINTER_VERSION ?= v1.55.1
OPERATOR_SDK_VERSION ?= v1.32.0
OPM_VERSION ?= v1.30.1
CODEGEN_VERSION ?= v0.28.8
KUSTOMIZE_VERSION ?= v5.3.0
CONTROLLER_TOOLS_VERSION ?= v0.14.0
KIND_VERSION ?= v0.22.0
LINTER_VERSION ?= v1.57.2
OPERATOR_SDK_VERSION ?= v1.34.1
OPM_VERSION ?= v1.38.0
GOVULNCHECK_VERSION ?= latest
## Tool Binaries
@ -164,8 +164,8 @@ check/lint: golangci-lint
@$(LINTER) run \
--config .golangci.yml \
--out-format tab \
--skip-dirs etc \
--deadline $(LINT_DEADLINE) \
--exclude-dirs etc \
--timeout $(LINT_TIMEOUT) \
--verbose
.PHONY: check/lint/fix
@ -173,8 +173,8 @@ check/lint/fix: golangci-lint
@$(LINTER) run \
--config .golangci.yml \
--out-format tab \
--skip-dirs etc \
--deadline $(LINT_DEADLINE) \
--exclude-dirs etc \
--timeout $(LINT_TIMEOUT) \
--fix
.PHONY: check/vuln

84
config/crd/bases/operator.dapr.io_daprcontrolplanes.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.13.0
controller-gen.kubebuilder.io/version: v0.14.0
name: daprcontrolplanes.operator.dapr.io
spec:
group: operator.dapr.io
@ -47,23 +47,28 @@ spec:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
values:
description: 'JSON represents any valid JSON value. These types are
supported: bool, int64, float64, string, []interface{}, map[string]interface{}
and nil.'
description: |-
JSON represents any valid JSON value.
These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil.
x-kubernetes-preserve-unknown-fields: true
type: object
status:
@ -80,42 +85,42 @@ spec:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@ -129,11 +134,12 @@ spec:
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string

78
config/crd/bases/operator.dapr.io_daprcruiscontrols.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.13.0
controller-gen.kubebuilder.io/version: v0.14.0
name: daprcruiscontrols.operator.dapr.io
spec:
group: operator.dapr.io
@ -45,14 +45,19 @@ spec:
description: DaprCruiseControl is the Schema for the daprcruisecontrols API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@ -74,42 +79,42 @@ spec:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@ -123,11 +128,12 @@ spec:
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string

84
config/crd/bases/operator.dapr.io_daprinstances.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.13.0
controller-gen.kubebuilder.io/version: v0.14.0
name: daprinstances.operator.dapr.io
spec:
group: operator.dapr.io
@ -45,14 +45,19 @@ spec:
description: DaprInstance is the Schema for the daprinstances API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@ -73,9 +78,9 @@ spec:
type: string
type: object
values:
description: 'JSON represents any valid JSON value. These types are
supported: bool, int64, float64, string, []interface{}, map[string]interface{}
and nil.'
description: |-
JSON represents any valid JSON value.
These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil.
x-kubernetes-preserve-unknown-fields: true
type: object
status:
@ -93,42 +98,42 @@ spec:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@ -142,11 +147,12 @@ spec:
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string

4
config/manager/kustomization.yaml
View File

@ -8,5 +8,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: controller
newName: ttl.sh/0e076f38-57ed-4b13-b67d-f19639580179-local-0
newTag: 1h
newName: ghcr.io/dapr-sandbox/dapr-kubernetes-operator
newTag: 0.0.4

2
go.mod
View File

@ -1,6 +1,6 @@
module github.com/dapr-sandbox/dapr-kubernetes-operator
go 1.21
go 1.22
require (
github.com/go-logr/logr v1.4.1

12
hack/scripts/deploy_e2e.sh Executable file
View File

@ -0,0 +1,12 @@
#!/bin/sh
set -e
make deploy/e2e
kubectl wait \
--namespace=dapr-system \
--for=condition=ready \
pod \
--selector=control-plane=dapr-control-plane \
--timeout=90s

6
hack/scripts/deploy_ingress.sh
View File

@ -2,8 +2,12 @@
set -e
kubectl apply --server-side -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
# it may take a while to have apply the
# resource, hence the kubectl wait may
# fail
sleep 5
kubectl wait \
--namespace=ingress-nginx \

4
helm-charts/dapr/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: 1.12.0
appVersion: 1.13.1
description: A Helm chart for Dapr on Kubernetes
name: dapr
version: 1.12.0
version: 1.13.1

85
helm-charts/dapr/README.md
View File

@ -103,70 +103,85 @@ The Helm chart has the follow configuration options that can be supplied:
| `global.daprControlPlaneOs` | Operating System for Dapr control plane | `linux` |
| `global.daprControlPlaneArch` | CPU Architecture for Dapr control plane | `amd64` |
| `global.nodeSelector` | Pods will be scheduled onto a node node whose labels match the nodeSelector | `{}` |
| `global.tolerations` | Pods will be allowed to schedule onto a node whose taints match the tolerations | `{}` |
| `global.tolerations` | Pods will be allowed to schedule onto a node whose taints match the tolerations | `[]` |
| `global.labels` | Custom pod labels | `{}` |
| `global.k8sLabels` | Custom metadata labels | `{}` |
| `global.issuerFilenames.ca` | Custom name of the file containing the root CA certificate inside the container | `ca.crt` |
| `global.issuerFilenames.cert` | Custom name of the file containing the leaf certificate inside the container | `issuer.crt` |
| `global.issuerFilenames.key` | Custom name of the file containing the leaf certificate's key inside the container | `issuer.key` |
| `global.actors.enabled` | Enables the Dapr actors building block. When "false", the Dapr Placement serice is not installed, and attempting to use Dapr actors will fail. | `true` |
| `global.actors.enabled` | Enables the Dapr actors building block. When "false", the Dapr Placement service is not installed, and attempting to use Dapr actors will fail. | `true` |
| `global.actors.serviceName` | Name of the service that provides actor placement services. | `placement` |
| `global.reminders.serviceName` | Name of the service that provides reminders functionality. If empty (the default), uses the built-in reminders capabilities in Dapr sidecars. | |
| `global.seccompProfile` | SeccompProfile for Dapr control plane services | `""` |
| `global.rbac.namespaced` | Removes cluster wide permissions where applicable | `false` |
| `global.argoRolloutServiceReconciler.enabled` | Enable the service reconciler for Dapr-enabled Argo Rollouts | `false` |
| `global.argoRolloutServiceReconciler.enabled` | Enable the service reconciler for Dapr-enabled Argo Rollouts | `false` |
| `global.priorityClassName` | Adds `priorityClassName` to Dapr pods | `""` |
### Dapr Operator options:
| Parameter | Description | Default |
|-------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|
| `dapr_operator.replicaCount` | Number of replicas | `1` |
| `dapr_operator.logLevel` | Log level | `info` |
| `dapr_operator.watchInterval` | Interval for polling pods' state (e.g. `2m`). Set to `0` to disable, or `once` to only run once when the operator starts | `0` |
| `dapr_operator.maxPodRestartsPerMinute` | Maximum number of pods in an invalid state that can be restarted per minute | `20` |
| `dapr_operator.image.name` | Docker image name (`global.registry/dapr_operator.image.name`) | `dapr` |
| `dapr_operator.runAsNonRoot` | Boolean value for `securityContext.runAsNonRoot`. You may have to set this to `false` when running in Minikube | `true` |
| `dapr_operator.resources` | Value of `resources` attribute. Can be used to set memory/cpu resources/limits. See the section "Resource configuration" above. Defaults to empty | `{}` |
| `dapr_operator.debug.enabled` | Boolean value for enabling debug mode | `{}` |
| `dapr_operator.serviceReconciler.enabled` | If false, disables the reconciler that creates Services for Dapr-enabled Deployments and StatefulSets.<br>Note: disabling this reconciler could prevent Dapr service invocation from working. | `true` |
| `dapr_operator.watchNamespace` | The namespace to watch for annotated Dapr resources in | `""` |
| `dapr_operator.deploymentAnnotations` | Custom annotations for Dapr Operator Deployment | `{}` |
| Parameter | Description | Default |
|--------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|
| `dapr_operator.replicaCount` | Number of replicas | `1` |
| `dapr_operator.logLevel` | Log level | `info` |
| `dapr_operator.watchInterval` | Interval for polling pods' state (e.g. `2m`). Set to `0` to disable, or `once` to only run once when the operator starts | `0` |
| `dapr_operator.maxPodRestartsPerMinute` | Maximum number of pods in an invalid state that can be restarted per minute | `20` |
| `dapr_operator.image.name` | Docker image name (`global.registry/dapr_operator.image.name`) | `dapr` |
| `dapr_operator.runAsNonRoot` | Boolean value for `securityContext.runAsNonRoot`. You may have to set this to `false` when running in Minikube | `true` |
| `dapr_operator.resources` | Value of `resources` attribute. Can be used to set memory/cpu resources/limits. See the section "Resource configuration" above. Defaults to empty | `{}` |
| `dapr_operator.debug.enabled` | Boolean value for enabling debug mode | `{}` |
| `dapr_operator.serviceReconciler.enabled` | If false, disables the reconciler that creates Services for Dapr-enabled Deployments and StatefulSets.<br>Note: disabling this reconciler could prevent Dapr service invocation from working. | `true` |
| `dapr_operator.watchNamespace` | The namespace to watch for annotated Dapr resources in | `""` |
| `dapr_operator.deploymentAnnotations` | Custom annotations for Dapr Operator Deployment | `{}` |
| `dapr_operator.apiService.annotations` | Custom annotations for "dapr-operator" Service resource | `{}` |
| `dapr_operator.apiService.type` | Type for "dapr-operator" Service resource (e.g. `ClusterIP`, `LoadBalancer`, etc) | `ClusterIP` |
| `dapr_operator.webhookService.annotations` | Custom annotations for "dapr-webhook" Service resource | `{}` |
| `dapr_operator.webhookService.type` | Type for "dapr-webhook" Service resource (e.g. `ClusterIP`, `LoadBalancer`, etc) | `ClusterIP` |
| `dapr_operator.extraEnvVars` | Map of (name, value) tuples to use as extra environment variables (e.g. `my-env-var: "my-val"`, etc) | `{}` |
### Dapr Placement options:
| Parameter | Description | Default |
|------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------|
| `dapr_placement.ha` | If set to true, deploys the Placement service with 3 nodes regardless of the value of `global.ha.enabled` | `false` |
| `dapr_placement.replicationFactor` | Number of consistent hashing virtual node | `100` |
| `dapr_placement.logLevel` | Service Log level | `info` |
| Parameter | Description | Default |
|---|---|---|
| `dapr_placement.ha`| If set to true, deploys the Placement service with 3 nodes regardless of the value of `global.ha.enabled` | `false` |
| `dapr_placement.replicationFactor` | Number of consistent hashing virtual node | `100`|
| `dapr_placement.logLevel` | Service Log level | `info`|
| `dapr_placement.image.name` | Service docker image name (`global.registry/dapr_placement.image.name`) | `dapr` |
| `dapr_placement.cluster.forceInMemoryLog` | Use in-memory log store and disable volume attach when HA is true | `false` |
| `dapr_placement.cluster.logStorePath` | Mount path for persistent volume for log store in unix-like system when HA is true | `/var/run/dapr/raft-log` |
| `dapr_placement.cluster.logStoreWinPath` | Mount path for persistent volume for log store in windows when HA is true | `C:\\raft-log` |
| `dapr_placement.volumeclaims.storageSize` | Attached volume size | `1Gi` |
| `dapr_placement.volumeclaims.storageClassName` | storage class name | |
| `dapr_placement.volumeclaims.storageSize` | Attached volume size | `1Gi` |
| `dapr_placement.volumeclaims.storageClassName` | Storage class name ||
| `dapr_placement.maxActorApiLevel` | Sets the `max-api-level` flag which prevents the Actor API level from going above this value. The Placement service reports to all connected hosts the Actor API level as the minimum value observed in all actor hosts in the cluster. Actor hosts with a lower API level than the current API level in the cluster will not be able to connect to Placement. Setting a cap helps making sure that older versions of Dapr can connect to Placement as actor hosts, but may limit the capabilities of the actor subsystem. The default value of -1 means no cap. | `-1` |
| `dapr_placement.minActorApiLevel` | Sets the `min-api-level` flag, which enforces a minimum value for the Actor API level in the cluster. | `0` |
| `dapr_placement.scaleZero` | If true, the StatefulSet is deployed with a zero scale, regardless of the values of `global.ha.enabled` or `dapr_placement.ha` | `false` |
| `dapr_placement.runAsNonRoot` | Boolean value for `securityContext.runAsNonRoot`. Does not apply unless `forceInMemoryLog` is set to `true`. You may have to set this to `false` when running in Minikube | `false` |
| `dapr_placement.resources` | Value of `resources` attribute. Can be used to set memory/cpu resources/limits. See the section "Resource configuration" above. Defaults to empty | `{}` |
| `dapr_placement.debug.enabled` | Boolean value for enabling debug mode | `{}` |
| `dapr_placement.metadataEnabled` | Boolean value for enabling placement tables metadata HTTP API | `false` |
| `dapr_placement.statefulsetAnnotations` | Custom annotations for Dapr Placement Statefulset | `{}` |
| `dapr_placement.service.annotations` | Custom annotations for "dapr-placement-server" Service resource | `{}` |
| `dapr_placement.extraEnvVars` | Dictionary (key: value pairs) to use as extra environment variables in the injected sidecar containers (e.g. `my-env-var: "my-val"`, etc) | `{}` |
### Dapr RBAC options:
| Parameter | Description | Default |
|-------------------------------------------|-------------------------------------------------------------------------|-------------------------|
| Parameter | Description | Default |
|---|---|---|
| `dapr_rbac.secretReader.enabled` | Deploys a default secret reader Role and RoleBinding | `true` |
| `dapr_rbac.secretReader.namespace` | Namespace for the default secret reader | `default` |
### Dapr Sentry options:
| Parameter | Description | Default |
|-------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------|
| Parameter | Description | Default |
|---|---|---|
| `dapr_sentry.replicaCount` | Number of replicas | `1` |
| `dapr_sentry.logLevel` | Log level | `info` |
| `dapr_sentry.image.name` | Docker image name (`global.registry/dapr_sentry.image.name`) | `dapr` |
| `dapr_sentry.tls.issuer.certPEM` | Issuer Certificate cert | `""` |
| `dapr_sentry.tls.issuer.keyPEM` | Issuer Private Key cert | `""` |
| `dapr_sentry.tls.root.certPEM` | Root Certificate cert | `""` |
| `dapr_sentry.tokenAudience` | Expected audience for tokens; multiple values can be separated by a comma. Defaults to the audience expected by the Kubernetes control plane if not set | `""` |
| `dapr_sentry.runAsNonRoot` | Boolean value for `securityContext.runAsNonRoot`. You may have to set this to `false` when running in Minikube | `true` |
| `dapr_sentry.resources` | Value of `resources` attribute. Can be used to set memory/cpu resources/limits. See the section "Resource configuration" above. Defaults to empty | `{}` |
| `dapr_sentry.debug.enabled` | Boolean value for enabling debug mode | `{}` |
| `dapr_sentry.deploymentAnnotations` | Custom annotations for Dapr Sentry Deployment | `{}` |
| `dapr_sentry.service.annotations` | Custom annotations for "dapr-sentry" Service resource | `{}` |
| `dapr_sentry.service.type` | Type for "dapr-sentry" Service resource (e.g. `ClusterIP`, `LoadBalancer`, etc) | `ClusterIP` |
| `dapr_placement.extraEnvVars` | Map of (name, value) tuples to use as extra environment variables (e.g. `my-env-var: "my-val"`, etc) | `{}` |
### Dapr Sidecar Injector options:
| Parameter | Description | Default |
@ -179,10 +194,11 @@ The Helm chart has the follow configuration options that can be supplied:
| `dapr_sidecar_injector.injectorImage.name` | Docker image name for sidecar injector service (`global.registry/dapr_sidecar_injector.injectorImage.name`) | `dapr`|
| `dapr_sidecar_injector.webhookFailurePolicy` | Failure policy for the sidecar injector | `Ignore` |
| `dapr_sidecar_injector.runAsNonRoot` | Boolean value for `securityContext.runAsNonRoot` for the Sidecar Injector container itself. You may have to set this to `false` when running in Minikube | `true` |
| `dapr_sidecar_injector.sidecarRunAsNonRoot` | When this boolean value is true (the default), the injected sidecar containers have `runAsRoot: true`. You may have to set this to `false` when running Minikube | `true` |
| `dapr_sidecar_injector.sidecarReadOnlyRootFilesystem` | When this boolean value is true (the default), the injected sidecar containers have `readOnlyRootFilesystem: true` | `true` |
| `dapr_sidecar_injector.sidecarDropALLCapabilities` | When this boolean valus is true, the injected sidecar containers have `securityContext.capabilities.drop: ["ALL"]` | `false` |
| `dapr_sidecar_injector.allowedServiceAccounts` | String value for extra allowed service accounts in the format of `namespace1:serviceAccount1,namespace2:serviceAccount2` | `""` |
| `dapr_sidecar_injector.sidecarRunAsNonRoot` | When this boolean value is true (the default), the injected sidecar containers have `runAsRoot: true`. You may have to set this to `false` when running Minikube | `true` |
| `dapr_sidecar_injector.sidecarReadOnlyRootFilesystem` | When this boolean value is true (the default), the injected sidecar containers have `readOnlyRootFilesystem: true` | `true` |
| `dapr_sidecar_injector.enableK8sDownwardAPIs` | When set to true, uses the Kubernetes downward projection APIs to inject certain environmental variables (such as pod IP) into the daprd container. (default: `false`) | `true` |
| `dapr_sidecar_injector.sidecarDropALLCapabilities` | When this boolean valus is true, the injected sidecar containers have `securityContext.capabilities.drop: ["ALL"]` | `false` |
| `dapr_sidecar_injector.allowedServiceAccounts` | String value for extra allowed service accounts in the format of `namespace1:serviceAccount1,namespace2:serviceAccount2` | `""` |
| `dapr_sidecar_injector.allowedServiceAccountsPrefixNames` | Comma-separated list of extra allowed service accounts. Each item in the list should be in the format of namespace:serviceaccount. To match service accounts by a common prefix, you can add an asterisk (`*`) at the end of the prefix. For instance, ns1*:sa2* will match any service account that starts with sa2, whose namespace starts with ns1. For example, it will match service accounts like sa21 and sa2223 in namespaces such as ns1, ns1dapr, and so on. | `""` |
| `dapr_sidecar_injector.resources` | Value of `resources` attribute. Can be used to set memory/cpu resources/limits. See the section "Resource configuration" above. Defaults to empty | `{}` |
| `dapr_sidecar_injector.debug.enabled` | Boolean value for enabling debug mode | `{}` |
@ -190,7 +206,10 @@ The Helm chart has the follow configuration options that can be supplied:
| `dapr_sidecar_injector.ignoreEntrypointTolerations` | JSON array of Kubernetes tolerations. If pod contains any of these tolerations, it will ignore the Docker image ENTRYPOINT for Dapr sidecar. | `[{\"effect\":\"NoSchedule\",\"key\":\"alibabacloud.com/eci\"},{\"effect\":\"NoSchedule\",\"key\":\"azure.com/aci\"},{\"effect\":\"NoSchedule\",\"key\":\"aws\"},{\"effect\":\"NoSchedule\",\"key\":\"huawei.com/cci\"}]` |
| `dapr_sidecar_injector.hostNetwork` | Enable hostNetwork mode. This is helpful when working with overlay networks such as Calico CNI and admission webhooks fail | `false` |
| `dapr_sidecar_injector.healthzPort` | The port used for health checks. Helpful in combination with hostNetwork to avoid port collisions | `8080` |
| `dapr_sidecar.deploymentAnnotations` | Custom annotations for Dapr sidecar Deployment | `{}` |
| `dapr_sidecar_injector.deploymentAnnotations` | Custom annotations for Dapr Sidecar Injector Deployment | `{}` |
| `dapr_sidecar_injector.service.annotations` | Custom annotations for "dapr-sidecar-injector" Service resource | `{}` |
| `dapr_sidecar_injector.service.type` | Type for "dapr-sidecar-injector" Service resource (e.g. `ClusterIP`, `LoadBalancer`, etc) | `ClusterIP` |
| `dapr_sidecar_injector.extraEnvVars` | Map of (name, value) tuples to use as extra environment variables (e.g. `my-env-var: "my-val"`, etc) | `{}` |
## Example of highly available configuration of the control plane

2
helm-charts/dapr/charts/dapr_config/Chart.yaml
View File

@ -2,4 +2,4 @@ apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Dapr configuration
name: dapr_config
version: 1.12.0
version: 1.13.1

2
helm-charts/dapr/charts/dapr_operator/Chart.yaml
View File

@ -2,4 +2,4 @@ apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Dapr Kubernetes Operator
name: dapr_operator
version: 1.12.0
version: 1.13.1

14
helm-charts/dapr/charts/dapr_operator/templates/dapr_operator_deployment.yaml
View File

@ -34,8 +34,8 @@ spec:
prometheus.io/port: "{{ .Values.global.prometheus.port }}"
prometheus.io/path: "/"
{{- end }}
{{- if .Values.deploymentAnnotations }}
{{ toYaml .Values.deploymentAnnotations | indent 4}}
{{- with .Values.deploymentAnnotations }}
{{ toYaml . | indent 8 }}
{{- end }}
spec:
containers:
@ -89,6 +89,10 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- range $name, $value := .Values.extraEnvVars }}
- name: "{{ $name }}"
value: "{{ $value }}"
{{- end }}
ports:
- containerPort: 6500
{{- if eq .Values.global.prometheus.enabled true }}
@ -219,7 +223,7 @@ spec:
{{- end }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 }}
{{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 -}}
{{- end }}
{{- if .Values.global.nodeSelector }}
nodeSelector:
@ -229,3 +233,7 @@ spec:
tolerations:
{{ toYaml .Values.global.tolerations | indent 8 }}
{{- end }}
{{- if .Values.global.priorityClassName }}
priorityClassName:
{{ toYaml .Values.global.priorityClassName | indent 8 }}
{{- end }}

22
helm-charts/dapr/charts/dapr_operator/templates/dapr_operator_service.yaml
View File

@ -7,13 +7,27 @@ metadata:
{{- range $key, $value := .Values.global.k8sLabels }}
{{ $key }}: {{ tpl $value $ }}
{{- end }}
{{- if .Values.apiService.annotations }}
{{ toYaml .Values.apiService.annotations | indent 4}}
{{- end }}
spec:
selector:
app: dapr-operator
type: {{ .Values.apiService.type }}
ports:
- protocol: TCP
port: {{ .Values.ports.port }}
port: {{ .Values.ports.port }}
targetPort: {{ .Values.ports.targetPort }}
name: grpc
# Added for backwards compatibility where previous clients will attempt to
# connect on port 80.
# TOOD: @joshvanl: remove in v1.14
{{ if (ne (int .Values.ports.port) 80) }}
- protocol: TCP
port: 80
targetPort: {{ .Values.ports.targetPort }}
name: legacy
{{ end }}
---
apiVersion: v1
kind: Service
@ -24,10 +38,14 @@ metadata:
{{- range $key, $value := .Values.global.k8sLabels }}
{{ $key }}: {{ tpl $value $ }}
{{- end }}
{{- if .Values.webhookService.annotations }}
{{ toYaml .Values.webhookService.annotations | indent 4}}
{{- end }}
spec:
type: {{ .Values.webhookService.type }}
ports:
- port: 443
targetPort: 19443
protocol: TCP
selector:
app: dapr-operator
app: dapr-operator

11
helm-charts/dapr/charts/dapr_operator/values.yaml
View File

@ -16,6 +16,13 @@ fullnameOverride: ""
deploymentAnnotations: {}
apiService:
type: ClusterIP
annotations: {}
webhookService:
type: ClusterIP
annotations: {}
runAsNonRoot: true
serviceReconciler:
@ -23,11 +30,13 @@ serviceReconciler:
ports:
protocol: TCP
port: 80
port: 443
targetPort: 6500
resources: {}
extraEnvVars: {}
livenessProbe:
initialDelaySeconds: 3
periodSeconds: 3

2
helm-charts/dapr/charts/dapr_placement/Chart.yaml
View File

@ -2,4 +2,4 @@ apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Dapr Kubernetes placement
name: dapr_placement
version: 1.12.0
version: 1.13.1

2
helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_poddisruptionbudget.yaml
View File

@ -1,4 +1,4 @@
{{- if and (eq .Values.global.ha.enabled true) (eq .Values.global.actors.enabled true) }}
{{- if and (eq .Values.global.ha.enabled true) (eq .Values.global.actors.enabled true) (eq .Values.global.actors.serviceName "placement") }}
{{- if .Capabilities.APIVersions.Has "policy/v1" }}
apiVersion: policy/v1
{{- else }}

5
helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_service.yaml
View File

@ -1,4 +1,4 @@
{{- if eq .Values.global.actors.enabled true }}
{{- if and (eq .Values.global.actors.enabled true) (eq .Values.global.actors.serviceName "placement") }}
kind: Service
apiVersion: v1
metadata:
@ -9,6 +9,9 @@ metadata:
{{- range $key, $value := .Values.global.k8sLabels }}
{{ $key }}: {{ tpl $value $ }}
{{- end }}
{{- if .Values.service.annotations }}
{{ toYaml .Values.service.annotations | indent 4}}
{{- end }}
spec:
selector:
app: dapr-placement-server

40
helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_statefulset.yaml
View File

@ -1,4 +1,4 @@
{{- if eq .Values.global.actors.enabled true }}
{{- if and (eq .Values.global.actors.enabled true) (eq .Values.global.actors.serviceName "placement") }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
@ -10,7 +10,9 @@ metadata:
{{ $key }}: {{ tpl $value $ }}
{{- end }}
spec:
{{- if or (eq .Values.global.ha.enabled true) (eq .Values.ha true) }}
{{- if eq .Values.scaleZero true }}
replicas: 0
{{- else if or (eq .Values.global.ha.enabled true) (eq .Values.ha true) }}
replicas: 3
{{- else }}
replicas: 1
@ -37,8 +39,8 @@ spec:
prometheus.io/port: "{{ .Values.global.prometheus.port }}"
prometheus.io/path: "/"
{{- end }}
{{- if .Values.statefulsetAnnotations }}
{{ toYaml .Values.statefulsetAnnotations | indent 4}}
{{- with .Values.statefulsetAnnotations }}
{{ toYaml . | indent 8 }}
{{- end }}
spec:
containers:
@ -147,6 +149,10 @@ spec:
- "--enable-metrics"
- "--replicationFactor"
- "{{ .Values.replicationFactor }}"
- "--max-api-level"
- "{{ .Values.maxActorApiLevel }}"
- "--min-api-level"
- "{{ .Values.minActorApiLevel }}"
- "--metrics-port"
- "{{ .Values.global.prometheus.port }}"
{{- else }}
@ -178,14 +184,18 @@ spec:
{{- end }}
{{- end }}
env:
- name: PLACEMENT_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: PLACEMENT_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- range $name, $value := .Values.extraEnvVars }}
- name: "{{ $name }}"
value: "{{ $value }}"
{{- end }}
serviceAccountName: dapr-placement
volumes:
- name: dapr-trust-bundle
@ -233,7 +243,7 @@ spec:
{{- end }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 }}
{{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 -}}
{{- end }}
{{- if .Values.global.nodeSelector }}
nodeSelector:
@ -259,4 +269,8 @@ spec:
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.global.priorityClassName }}
priorityClassName:
{{ toYaml .Values.global.priorityClassName | indent 8 }}
{{- end }}
{{- end }}

10
helm-charts/dapr/charts/dapr_placement/values.yaml
View File

@ -12,13 +12,20 @@ fullnameOverride: ""
statefulsetAnnotations: {}
service:
annotations: {}
ports:
protocol: TCP
apiPort: 50005
raftRPCPort: 8201
scaleZero: false
ha: false
maxActorApiLevel: 10
minActorApiLevel: 0
cluster:
forceInMemoryLog: false
logStorePath: /var/run/dapr/raft-log
@ -48,3 +55,6 @@ debug:
runAsNonRoot: true
resources: {}
extraEnvVars: {}

2
helm-charts/dapr/charts/dapr_rbac/Chart.yaml
View File

@ -2,4 +2,4 @@ apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Dapr Kubernetes RBAC components
name: dapr_rbac
version: 1.12.0
version: 1.13.1

7
helm-charts/dapr/charts/dapr_rbac/templates/injector.yaml
View File

@ -26,7 +26,7 @@ rules:
resourceNames: ["dapr-sidecar-injector"]
{{- if not .Values.global.rbac.namespaced }}
- apiGroups: ["dapr.io"]
resources: ["configurations", "components"]
resources: ["components"]
verbs: [ "get", "list"]
{{- end }}
---
@ -63,9 +63,12 @@ rules:
resourceNames: ["dapr-trust-bundle"]
{{- if eq .Values.global.rbac.namespaced true }}
- apiGroups: ["dapr.io"]
resources: ["configurations", "components"]
resources: ["components"]
verbs: [ "get", "list"]
{{- end }}
- apiGroups: ["dapr.io"]
resources: ["configurations"]
verbs: [ "get" ]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1

6
helm-charts/dapr/charts/dapr_rbac/templates/placement.yaml
View File

@ -1,3 +1,4 @@
{{- if and (eq .Values.global.actors.enabled true) (eq .Values.global.actors.serviceName "placement") }}
apiVersion: v1
kind: ServiceAccount
metadata:
@ -7,7 +8,9 @@ metadata:
{{- range $key, $value := .Values.global.k8sLabels }}
{{ $key }}: {{ tpl $value $ }}
{{- end }}
{{- end }}
---
{{- if and (eq .Values.global.actors.enabled true) (eq .Values.global.actors.serviceName "placement") }}
{{- if eq .Values.global.rbac.namespaced true }}
kind: Role
{{- else }}
@ -21,7 +24,9 @@ metadata:
{{ $key }}: {{ tpl $value $ }}
{{- end }}
rules: []
{{- end }}
---
{{- if and (eq .Values.global.actors.enabled true) (eq .Values.global.actors.serviceName "placement") }}
{{- if eq .Values.global.rbac.namespaced true }}
kind: RoleBinding
{{- else }}
@ -46,3 +51,4 @@ roleRef:
kind: ClusterRole
{{- end }}
name: dapr-placement
{{- end }}

4
helm-charts/dapr/charts/dapr_rbac/templates/sentry.yaml
View File

@ -64,11 +64,9 @@ rules:
resources: ["configmaps"]
verbs: ["get", "update", "watch", "list"]
resourceNames: ["dapr-trust-bundle"]
{{- if eq .Values.global.rbac.namespaced true }}
- apiGroups: ["dapr.io"]
resources: ["configurations"]
verbs: ["list"]
{{- end }}
verbs: ["list", "get", "watch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1

8
helm-charts/dapr/charts/dapr_rbac/values.yaml
View File

@ -1,4 +1,4 @@
secretReader:
enabled: true
namespace: default
component: rbac
secretReader:
enabled: true
namespace: default
component: rbac

2
helm-charts/dapr/charts/dapr_sentry/Chart.yaml
View File

@ -2,4 +2,4 @@ apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Dapr Sentry
name: dapr_sentry
version: 1.12.0
version: 1.13.1

19
helm-charts/dapr/charts/dapr_sentry/templates/dapr_sentry_deployment.yaml
View File

@ -19,6 +19,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: dapr-trust-bundle
namespace: {{ .Release.Namespace }}
labels:
app: dapr-sentry
{{- range $key, $value := .Values.global.k8sLabels }}
@ -65,8 +66,8 @@ spec:
prometheus.io/port: "{{ .Values.global.prometheus.port }}"
prometheus.io/path: "/"
{{- end }}
{{- if .Values.deploymentAnnotations }}
{{ toYaml .Values.deploymentAnnotations | indent 4}}
{{- with .Values.deploymentAnnotations }}
{{ toYaml . | indent 8 }}
{{- end }}
spec:
containers:
@ -120,6 +121,10 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- range $name, $value := .Values.extraEnvVars }}
- name: "{{ $name }}"
value: "{{ $value }}"
{{- end }}
ports:
- containerPort: 50001
{{- if eq .Values.global.prometheus.enabled true }}
@ -172,10 +177,6 @@ spec:
{{- end }}
- "--trust-domain"
- {{ .Values.global.mtls.controlPlaneTrustDomain }}
{{- if .Values.tokenAudience }}
- "--token-audience"
- {{ .Values.tokenAudience }}
{{- end }}
{{- with .Values.global.issuerFilenames }}
- "--issuer-ca-filename"
- "{{ .ca }}"
@ -222,7 +223,7 @@ spec:
{{- end }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 }}
{{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 -}}
{{- end }}
{{- if .Values.global.nodeSelector }}
nodeSelector:
@ -232,3 +233,7 @@ spec:
tolerations:
{{ toYaml .Values.global.tolerations | indent 8 }}
{{- end }}
{{- if .Values.global.priorityClassName }}
priorityClassName:
{{ toYaml .Values.global.priorityClassName | indent 8 }}
{{- end }}

4
helm-charts/dapr/charts/dapr_sentry/templates/dapr_sentry_service.yaml
View File

@ -7,9 +7,13 @@ metadata:
{{- range $key, $value := .Values.global.k8sLabels }}
{{ $key }}: {{ tpl $value $ }}
{{- end }}
{{- if .Values.service.annotations }}
{{ toYaml .Values.service.annotations | indent 4}}
{{- end }}
spec:
selector:
app: dapr-sentry
type: {{ .Values.service.type }}
ports:
- protocol: TCP
port: {{ .Values.ports.port }}

9
helm-charts/dapr/charts/dapr_sentry/values.yaml
View File

@ -11,10 +11,12 @@ image:
nameOverride: ""
fullnameOverride: ""
tokenAudience: ""
deploymentAnnotations: {}
service:
type: ClusterIP
annotations: {}
ports:
protocol: TCP
port: 443
@ -44,3 +46,6 @@ debug:
runAsNonRoot: true
resources: {}
extraEnvVars: {}

2
helm-charts/dapr/charts/dapr_sidecar_injector/Chart.yaml
View File

@ -2,4 +2,4 @@ apiVersion: v1
appVersion: "1.0"
description: A Helm chart for the Dapr sidecar injector
name: dapr_sidecar_injector
version: 1.12.0
version: 1.13.1

74
helm-charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_deployment.yaml
View File

@ -35,8 +35,8 @@ spec:
prometheus.io/port: "{{ .Values.global.prometheus.port }}"
prometheus.io/path: "/"
{{- end }}
{{- if .Values.deploymentAnnotations }}
{{ toYaml .Values.deploymentAnnotations | indent 4}}
{{- with .Values.deploymentAnnotations }}
{{ toYaml . | indent 8 }}
{{- end }}
spec:
{{- if .Values.hostNetwork }}
@ -123,55 +123,71 @@ spec:
- "--enable-metrics=false"
{{- end }}
- "--healthz-port"
- "{{ .Values.healthzPort }}"
- {{ .Values.healthzPort | toString | toYaml }}
env:
- name: DAPR_TRUST_ANCHORS_FILE
value: /var/run/secrets/dapr.io/tls/ca.crt
- name: DAPR_CONTROL_PLANE_TRUST_DOMAIN
value: {{ .Values.global.mtls.controlPlaneTrustDomain }}
value: {{ .Values.global.mtls.controlPlaneTrustDomain | toYaml }}
- name: DAPR_SENTRY_ADDRESS
value: {{ if .Values.global.mtls.sentryAddress }}{{ .Values.global.mtls.sentryAddress }}{{ else }}dapr-sentry.{{ .Release.Namespace }}.svc.cluster.local:443{{ end }}
value: {{ with .Values.global.mtls.sentryAddress }}{{ . }}{{ else }}dapr-sentry.{{ .Release.Namespace }}.svc.cluster.local:443{{ end }}
{{- range $name, $value := .Values.extraEnvVars }}
- name: {{ $name | toYaml }}
value: {{ $value | toString | toYaml }}
{{- end }}
{{- if .Values.kubeClusterDomain }}
- name: KUBE_CLUSTER_DOMAIN
value: "{{ .Values.kubeClusterDomain }}"
value: {{ .Values.kubeClusterDomain | toYaml }}
{{- end }}
- name: SIDECAR_IMAGE
{{- if contains "/" .Values.image.name }}
value: "{{ .Values.image.name }}"
value: {{ .Values.image.name | toYaml }}
{{- else }}
value: "{{ .Values.global.registry }}/{{ .Values.image.name }}:{{ .Values.global.tag }}"
{{- end }}
- name: SIDECAR_IMAGE_PULL_POLICY
value: "{{ .Values.sidecarImagePullPolicy }}"
value: {{ .Values.sidecarImagePullPolicy | toYaml }}
# Configuration for injected sidecars
- name: SIDECAR_RUN_AS_NON_ROOT
value: {{ .Values.sidecarRunAsNonRoot | toString | toYaml }}
- name: ENABLE_K8S_DOWNWARD_APIS
value: {{ .Values.enableK8sDownwardAPIs | toString | toYaml }}
- name: SIDECAR_DROP_ALL_CAPABILITIES
value: {{ .Values.sidecarDropALLCapabilities | toString | toYaml }}
- name: SIDECAR_READ_ONLY_ROOT_FILESYSTEM
value: {{ .Values.sidecarReadOnlyRootFilesystem | toString | toYaml }}
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.ignoreEntrypointTolerations }}
- name: IGNORE_ENTRYPOINT_TOLERATIONS
value: "{{ .Values.ignoreEntrypointTolerations }}"
value: {{ .Values.ignoreEntrypointTolerations | toYaml }}
{{- end }}
{{- if not .Values.global.actors.enabled }}
- name: SKIP_PLACEMENT
value: "true"
# Configuration for actors and reminders
- name: ACTORS_ENABLED
value: {{ .Values.global.actors.enabled | toString | toYaml }}
- name: ACTORS_SERVICE_NAME
value: {{ .Values.global.actors.serviceName | toString | toYaml }}
- name: ACTORS_SERVICE_ADDRESS
value: {{ include (print "address." .Values.global.actors.serviceName) . | toString | toYaml }}
{{- with .Values.global.reminders.serviceName }}
- name: REMINDERS_SERVICE_NAME
value: {{ . | toString | toYaml }}
- name: REMINDERS_SERVICE_ADDRESS
value: {{ include (print "address." .) . | toString | toYaml }}
{{- end }}
- name: SIDECAR_RUN_AS_NON_ROOT
value: "{{ .Values.sidecarRunAsNonRoot }}"
- name: SIDECAR_DROP_ALL_CAPABILITIES
value: "{{ .Values.sidecarDropALLCapabilities }}"
- name: SIDECAR_READ_ONLY_ROOT_FILESYSTEM
value: "{{ .Values.sidecarReadOnlyRootFilesystem }}"
{{- if .Values.allowedServiceAccounts }}
- name: ALLOWED_SERVICE_ACCOUNTS
value: "{{ .Values.allowedServiceAccounts }}"
{{- end }}
{{- if .Values.allowedServiceAccounts }}
- name: ALLOWED_SERVICE_ACCOUNTS
value: "{{ .Values.allowedServiceAccounts }}"
value: {{ .Values.allowedServiceAccounts | toYaml }}
{{- end }}
{{- if .Values.allowedServiceAccountsPrefixNames }}
- name: ALLOWED_SERVICE_ACCOUNTS_PREFIX_NAMES
value: "{{ .Values.allowedServiceAccountsPrefixNames }}"
value: {{ .Values.allowedServiceAccountsPrefixNames | toYaml }}
{{- end }}
ports:
- name: https
@ -225,12 +241,12 @@ spec:
- key: kubernetes.io/os
operator: In
values:
- {{ .Values.global.daprControlPlaneOs }}
- {{ .Values.global.daprControlPlaneOs }}
{{- if .Values.global.daprControlPlaneArch }}
- key: kubernetes.io/arch
operator: In
values:
- {{ .Values.global.daprControlPlaneArch }}
- {{ .Values.global.daprControlPlaneArch }}
{{- end }}
{{- if .Values.global.ha.enabled }}
podAntiAffinity:
@ -247,7 +263,7 @@ spec:
{{- end }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 }}
{{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 -}}
{{- end }}
{{- if .Values.global.nodeSelector }}
nodeSelector:
@ -257,4 +273,8 @@ spec:
tolerations:
{{ toYaml .Values.global.tolerations | indent 8 }}
{{- end }}
{{- if .Values.global.priorityClassName }}
priorityClassName:
{{ toYaml .Values.global.priorityClassName | indent 8 }}
{{- end }}
{{- end }}

9
helm-charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_service.yaml
View File

@ -8,13 +8,16 @@ metadata:
{{- range $key, $value := .Values.global.k8sLabels }}
{{ $key }}: {{ tpl $value $ }}
{{- end }}
{{- if .Values.service.annotations }}
{{ toYaml .Values.service.annotations | indent 4}}
{{- end }}
spec:
type: ClusterIP
selector:
app: dapr-sidecar-injector
type: {{ .Values.service.type }}
ports:
- port: 443
targetPort: https
protocol: TCP
name: https
selector:
app: dapr-sidecar-injector
{{- end }}

8
helm-charts/dapr/charts/dapr_sidecar_injector/values.yaml
View File

@ -16,6 +16,11 @@ injectorImage:
name: "injector"
deploymentAnnotations: {}
service:
type: ClusterIP
annotations: {}
nameOverride: ""
fullnameOverride: ""
webhookFailurePolicy: Ignore
@ -24,6 +29,7 @@ runAsNonRoot: true
sidecarRunAsNonRoot: true
sidecarReadOnlyRootFilesystem: true
sidecarDropALLCapabilities: false
enableK8sDownwardAPIs: false
allowedServiceAccounts: ""
allowedServiceAccountsPrefixNames: ""
resources: {}
@ -45,3 +51,5 @@ debug:
enabled: false
port: 40000
initialDelaySeconds: 30000
extraEnvVars: {}

20
helm-charts/dapr/crds/configuration.yaml
View File

@ -248,6 +248,16 @@ spec:
properties:
enabled:
type: boolean
http:
description: MetricHTTP defines configuration for metrics for
the HTTP server
properties:
increasedCardinality:
description: 'If true, metrics for the HTTP server are collected
with increased cardinality. The default is true in Dapr 1.13,
but will be changed to false in 1.14+'
type: boolean
type: object
rules:
items:
description: MetricsRule defines configuration options for a
@ -286,6 +296,16 @@ spec:
properties:
enabled:
type: boolean
http:
description: MetricHTTP defines configuration for metrics for
the HTTP server
properties:
increasedCardinality:
description: 'If true, metrics for the HTTP server are collected
with increased cardinality. The default is true in Dapr 1.13,
but will be changed to false in 1.14+'
type: boolean
type: object
rules:
items:
description: MetricsRule defines configuration options for a

7
helm-charts/dapr/templates/_address_placement.tpl Normal file
View File

@ -0,0 +1,7 @@
{{/*
Returns the address and port of the placement service
The returned value is a string in the format "<name>:<port>"
*/}}
{{- define "address.placement" -}}
{{- "dapr-placement-server:50005" }}
{{- end -}}

18
helm-charts/dapr/templates/_helpers.tpl
View File

@ -35,15 +35,15 @@ Create chart name and version as used by the chart label.
Formats imagePullSecrets. Input is dict( "imagePullSecrets" .{specific imagePullSecrets}).
*/}}
{{- define "dapr.imagePullSecrets" -}}
{{- if eq (typeOf .imagePullSecrets) "string" }}
{{- if eq (typeOf .imagePullSecrets) "string" -}} {{- /* Single string value */ -}}
- name: {{ .imagePullSecrets }}
{{- else }}
{{- range .imagePullSecrets }}
{{- if eq (typeOf .) "map[string]interface {}" }}
{{- else -}} {{- /* Not a string value, iterate */ -}}
{{- range .imagePullSecrets -}}
{{- if eq (typeOf .) "map[string]interface {}" -}} {{- /* k8s style */ -}}
- {{ toYaml (dict "name" .name) | trim }}
{{- else }}
{{ else }} {{- /* helm style */ -}}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{ end }} {{- /* End of inner if */ -}}
{{- end -}}
{{- end -}}
{{- end -}}

15
helm-charts/dapr/values.yaml
View File

@ -1,6 +1,6 @@
global:
registry: docker.io/daprio
tag: '1.12.0'
registry: ghcr.io/dapr
tag: '1.13.1'
dnsSuffix: ".cluster.local"
logAsJson: false
imagePullPolicy: IfNotPresent
@ -21,6 +21,7 @@ global:
# - pullSecret2
imagePullSecrets: ""
priorityClassName: ""
nodeSelector: {}
tolerations: []
rbac:
@ -57,8 +58,18 @@ global:
# placement:
# operator:
# injector:
actors:
# Enables actor functionality in the cluster
enabled: true
# Name of the service that provides actor placement services
serviceName: "placement"
reminders:
# Name of the service that provides reminders
# If empty, uses the built-in reminders capabilities in Dapr sidecars
serviceName: ""
daprControlPlaneOs: linux
labels: {}
seccompProfile: ""

3
pkg/utils/maputils/maps.go
View File

@ -1,6 +1,7 @@
package maputils
import (
"errors"
"fmt"
"maps"
)
@ -25,7 +26,7 @@ func Merge(dst map[string]interface{}, source map[string]interface{}) map[string
func Lookup(m map[string]interface{}, ks ...string) (interface{}, error) {
if len(ks) == 0 { // degenerate input
return nil, fmt.Errorf("lookup needs at least one key")
return nil, errors.New("lookup needs at least one key")
}
if rval, ok := m[ks[0]]; !ok {
return nil, fmt.Errorf("key not found; remaining keys: %v", ks)

10
test/e2e/operator/dapr_instance_test.go
View File

@ -46,7 +46,7 @@ func TestDaprInstanceDeployWithDefaults(t *testing.T) {
WithTransform(AsJSON(), And(
MatchJQ(`.status.chart.name == "dapr"`),
MatchJQ(`.status.chart.repo == "embedded"`),
MatchJQ(`.status.chart.version == "1.12.0"`),
MatchJQ(`.status.chart.version == "1.13.1"`),
)),
)
}
@ -58,7 +58,7 @@ func TestDaprInstanceDeployWithCustomChart(t *testing.T) {
test,
daprAc.DaprInstanceSpec().
WithChart(daprAc.ChartSpec().
WithVersion("1.11.3")).
WithVersion("1.13.0")).
WithValues(nil),
)
@ -79,7 +79,7 @@ func TestDaprInstanceDeployWithCustomChart(t *testing.T) {
WithTransform(AsJSON(), And(
MatchJQ(`.status.chart.name == "dapr"`),
MatchJQ(`.status.chart.repo == "https://dapr.github.io/helm-charts"`),
MatchJQ(`.status.chart.version == "1.11.3"`),
MatchJQ(`.status.chart.version == "1.13.0"`),
)),
)
}
@ -116,7 +116,7 @@ func TestDaprInstanceDeployWithCustomSidecarImage(t *testing.T) {
WithTransform(AsJSON(), And(
MatchJQ(`.status.chart.name == "dapr"`),
MatchJQ(`.status.chart.repo == "embedded"`),
MatchJQ(`.status.chart.version == "1.12.0"`),
MatchJQ(`.status.chart.version == "1.13.1"`),
)),
)
@ -162,7 +162,7 @@ func TestDaprInstanceDeployWithApp(t *testing.T) {
WithTransform(AsJSON(), And(
MatchJQ(`.status.chart.name == "dapr"`),
MatchJQ(`.status.chart.repo == "embedded"`),
MatchJQ(`.status.chart.version == "1.12.0"`),
MatchJQ(`.status.chart.version == "1.13.1"`),
)),
)

2
test/support/matchers/match_support.go
View File

@ -11,7 +11,7 @@ func formattedMessage(comparisonMessage string, failurePath []interface{}) strin
if len(failurePath) == 0 {
diffMessage = ""
} else {
diffMessage = fmt.Sprintf("\n\nfirst mismatched key: %s", formattedFailurePath(failurePath))
diffMessage = "\n\nfirst mismatched key: " + formattedFailurePath(failurePath)
}
return fmt.Sprintf("%s%s", comparisonMessage, diffMessage)
}