diff --git a/.github/workflows/e2e-olm.yml b/.github/workflows/e2e-olm.yml
index 567783b..23aef3c 100644
--- a/.github/workflows/e2e-olm.yml
+++ b/.github/workflows/e2e-olm.yml
@@ -55,8 +55,9 @@ jobs:
strategy:
matrix:
kubernetes-version:
- - "1.27.3"
- - "1.28.0"
+ - "1.27.11"
+ - "1.28.7"
+ - "1.29.2"
steps:
- name: "Checkout"
uses: actions/checkout@v4
@@ -66,9 +67,9 @@ jobs:
go-version-file: 'go.mod'
check-latest: true
- name: 'SetUp KinD'
- uses: container-tools/kind-action@v2
+ uses: container-tools/kind-action@v2.0.4
with:
- version: "v0.20.0"
+ version: "v0.22.0"
kubectl_version: v${{ matrix.kubernetes-version }}
registry: false
node_image: kindest/node:v${{ matrix.kubernetes-version }}
diff --git a/.github/workflows/e2e-operator.yml b/.github/workflows/e2e-operator.yml
index e601ded..06a3f94 100644
--- a/.github/workflows/e2e-operator.yml
+++ b/.github/workflows/e2e-operator.yml
@@ -35,8 +35,9 @@ jobs:
strategy:
matrix:
kubernetes-version:
- - "1.27.3"
- - "1.28.0"
+ - "1.27.11"
+ - "1.28.7"
+ - "1.29.2"
steps:
- name: "Checkout"
uses: actions/checkout@v4
@@ -46,9 +47,9 @@ jobs:
go-version-file: 'go.mod'
check-latest: true
- name: 'SetUp KinD'
- uses: container-tools/kind-action@v2
+ uses: container-tools/kind-action@v2.0.4
with:
- version: "v0.20.0"
+ version: "v0.22.0"
kubectl_version: v${{ matrix.kubernetes-version }}
registry: false
node_image: kindest/node:v${{ matrix.kubernetes-version }}
@@ -57,15 +58,8 @@ jobs:
run: |
./hack/scripts/deploy_ingress.sh
- name: "SetUp Dapr Kubernetes Operator"
- run: |
- make deploy/e2e
-
- kubectl wait \
- --namespace=dapr-system \
- --for=condition=ready \
- pod \
- --selector=control-plane=dapr-control-plane \
- --timeout=90s
+ run: |
+ ./hack/scripts/deploy_e2e.sh
- name: "Run Dapr Kubernetes Operator e2e"
run: |
make test/e2e/operator
diff --git a/Dockerfile b/Dockerfile
index 58ce12c..eaa4bb0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
# Build the manager binary
-FROM golang:1.21 as builder
+FROM golang:1.22 as builder
ARG TARGETOS
ARG TARGETARCH
diff --git a/Makefile b/Makefile
index 2bdf6e9..7174c89 100644
--- a/Makefile
+++ b/Makefile
@@ -14,7 +14,7 @@ CATALOG_VERSION ?= latest
CATALOG_CONTAINER_IMAGE ?= $(CONTAINER_REGISTRY)/$(CONTAINER_REGISTRY_ORG)/$(PROJECT_NAME)-catalog:$(CATALOG_VERSION)
LINT_GOGC ?= 10
-LINT_DEADLINE ?= 10m
+LINT_TIMEOUT ?= 10m
MKFILE_PATH := $(abspath $(lastword $(MAKEFILE_LIST)))
PROJECT_PATH := $(patsubst %/,%,$(dir $(MKFILE_PATH)))
@@ -22,17 +22,17 @@ LOCALBIN := $(PROJECT_PATH)/bin
HELM_CHART_REPO ?= https://dapr.github.io/helm-charts
HELM_CHART ?= dapr
-HELM_CHART_VERSION ?= 1.12.0
+HELM_CHART_VERSION ?= 1.13.1
HELM_CHART_URL ?= https://raw.githubusercontent.com/dapr/helm-charts/master/dapr-$(HELM_CHART_VERSION).tgz
## Tool Versions
-CODEGEN_VERSION ?= v0.28.3
-KUSTOMIZE_VERSION ?= v5.2.1
-CONTROLLER_TOOLS_VERSION ?= v0.13.0
-KIND_VERSION ?= v0.20.0
-LINTER_VERSION ?= v1.55.1
-OPERATOR_SDK_VERSION ?= v1.32.0
-OPM_VERSION ?= v1.30.1
+CODEGEN_VERSION ?= v0.28.8
+KUSTOMIZE_VERSION ?= v5.3.0
+CONTROLLER_TOOLS_VERSION ?= v0.14.0
+KIND_VERSION ?= v0.22.0
+LINTER_VERSION ?= v1.57.2
+OPERATOR_SDK_VERSION ?= v1.34.1
+OPM_VERSION ?= v1.38.0
GOVULNCHECK_VERSION ?= latest
## Tool Binaries
@@ -164,8 +164,8 @@ check/lint: golangci-lint
@$(LINTER) run \
--config .golangci.yml \
--out-format tab \
- --skip-dirs etc \
- --deadline $(LINT_DEADLINE) \
+ --exclude-dirs etc \
+ --timeout $(LINT_TIMEOUT) \
--verbose
.PHONY: check/lint/fix
@@ -173,8 +173,8 @@ check/lint/fix: golangci-lint
@$(LINTER) run \
--config .golangci.yml \
--out-format tab \
- --skip-dirs etc \
- --deadline $(LINT_DEADLINE) \
+ --exclude-dirs etc \
+ --timeout $(LINT_TIMEOUT) \
--fix
.PHONY: check/vuln
diff --git a/config/crd/bases/operator.dapr.io_daprcontrolplanes.yaml b/config/crd/bases/operator.dapr.io_daprcontrolplanes.yaml
index 0e801fe..6038bf7 100644
--- a/config/crd/bases/operator.dapr.io_daprcontrolplanes.yaml
+++ b/config/crd/bases/operator.dapr.io_daprcontrolplanes.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.13.0
+ controller-gen.kubebuilder.io/version: v0.14.0
name: daprcontrolplanes.operator.dapr.io
spec:
group: operator.dapr.io
@@ -47,23 +47,28 @@ spec:
openAPIV3Schema:
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
values:
- description: 'JSON represents any valid JSON value. These types are
- supported: bool, int64, float64, string, []interface{}, map[string]interface{}
- and nil.'
+ description: |-
+ JSON represents any valid JSON value.
+ These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil.
x-kubernetes-preserve-unknown-fields: true
type: object
status:
@@ -80,42 +85,42 @@ spec:
conditions:
items:
description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- \n type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are: \"Available\",
- \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ state of this API Resource.\n---\nThis struct is intended for
+ direct use as an array at the field path .status.conditions. For
+ example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
+ observations of a foo's current state.\n\t // Known .status.conditions.type
+ are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
+ \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
+ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
properties:
lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@@ -129,11 +134,12 @@ spec:
- Unknown
type: string
type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
diff --git a/config/crd/bases/operator.dapr.io_daprcruiscontrols.yaml b/config/crd/bases/operator.dapr.io_daprcruiscontrols.yaml
index 64976d2..567056d 100644
--- a/config/crd/bases/operator.dapr.io_daprcruiscontrols.yaml
+++ b/config/crd/bases/operator.dapr.io_daprcruiscontrols.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.13.0
+ controller-gen.kubebuilder.io/version: v0.14.0
name: daprcruiscontrols.operator.dapr.io
spec:
group: operator.dapr.io
@@ -45,14 +45,19 @@ spec:
description: DaprCruiseControl is the Schema for the daprcruisecontrols API.
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -74,42 +79,42 @@ spec:
conditions:
items:
description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- \n type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are: \"Available\",
- \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ state of this API Resource.\n---\nThis struct is intended for
+ direct use as an array at the field path .status.conditions. For
+ example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
+ observations of a foo's current state.\n\t // Known .status.conditions.type
+ are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
+ \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
+ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
properties:
lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@@ -123,11 +128,12 @@ spec:
- Unknown
type: string
type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
diff --git a/config/crd/bases/operator.dapr.io_daprinstances.yaml b/config/crd/bases/operator.dapr.io_daprinstances.yaml
index 55fd8c1..2748368 100644
--- a/config/crd/bases/operator.dapr.io_daprinstances.yaml
+++ b/config/crd/bases/operator.dapr.io_daprinstances.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.13.0
+ controller-gen.kubebuilder.io/version: v0.14.0
name: daprinstances.operator.dapr.io
spec:
group: operator.dapr.io
@@ -45,14 +45,19 @@ spec:
description: DaprInstance is the Schema for the daprinstances API.
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -73,9 +78,9 @@ spec:
type: string
type: object
values:
- description: 'JSON represents any valid JSON value. These types are
- supported: bool, int64, float64, string, []interface{}, map[string]interface{}
- and nil.'
+ description: |-
+ JSON represents any valid JSON value.
+ These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil.
x-kubernetes-preserve-unknown-fields: true
type: object
status:
@@ -93,42 +98,42 @@ spec:
conditions:
items:
description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- \n type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are: \"Available\",
- \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ state of this API Resource.\n---\nThis struct is intended for
+ direct use as an array at the field path .status.conditions. For
+ example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
+ observations of a foo's current state.\n\t // Known .status.conditions.type
+ are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
+ \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
+ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
properties:
lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@@ -142,11 +147,12 @@ spec:
- Unknown
type: string
type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
index 957efb4..2a7885d 100644
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -8,5 +8,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: controller
- newName: ttl.sh/0e076f38-57ed-4b13-b67d-f19639580179-local-0
- newTag: 1h
+ newName: ghcr.io/dapr-sandbox/dapr-kubernetes-operator
+ newTag: 0.0.4
diff --git a/go.mod b/go.mod
index 7e1166e..bd6d412 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
module github.com/dapr-sandbox/dapr-kubernetes-operator
-go 1.21
+go 1.22
require (
github.com/go-logr/logr v1.4.1
diff --git a/hack/scripts/deploy_e2e.sh b/hack/scripts/deploy_e2e.sh
new file mode 100755
index 0000000..dd8d9c6
--- /dev/null
+++ b/hack/scripts/deploy_e2e.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e
+
+make deploy/e2e
+
+kubectl wait \
+ --namespace=dapr-system \
+ --for=condition=ready \
+ pod \
+ --selector=control-plane=dapr-control-plane \
+ --timeout=90s
\ No newline at end of file
diff --git a/hack/scripts/deploy_ingress.sh b/hack/scripts/deploy_ingress.sh
index 5745721..52cb3b4 100755
--- a/hack/scripts/deploy_ingress.sh
+++ b/hack/scripts/deploy_ingress.sh
@@ -2,8 +2,12 @@
set -e
+kubectl apply --server-side -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
+# it may take a while to have apply the
+# resource, hence the kubectl wait may
+# fail
+sleep 5
kubectl wait \
--namespace=ingress-nginx \
diff --git a/helm-charts/dapr/Chart.yaml b/helm-charts/dapr/Chart.yaml
index faf0f0d..7874cd2 100644
--- a/helm-charts/dapr/Chart.yaml
+++ b/helm-charts/dapr/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 1.12.0
+appVersion: 1.13.1
description: A Helm chart for Dapr on Kubernetes
name: dapr
-version: 1.12.0
+version: 1.13.1
diff --git a/helm-charts/dapr/README.md b/helm-charts/dapr/README.md
index 4a2010d..93edde3 100644
--- a/helm-charts/dapr/README.md
+++ b/helm-charts/dapr/README.md
@@ -103,70 +103,85 @@ The Helm chart has the follow configuration options that can be supplied:
| `global.daprControlPlaneOs` | Operating System for Dapr control plane | `linux` |
| `global.daprControlPlaneArch` | CPU Architecture for Dapr control plane | `amd64` |
| `global.nodeSelector` | Pods will be scheduled onto a node node whose labels match the nodeSelector | `{}` |
-| `global.tolerations` | Pods will be allowed to schedule onto a node whose taints match the tolerations | `{}` |
+| `global.tolerations` | Pods will be allowed to schedule onto a node whose taints match the tolerations | `[]` |
| `global.labels` | Custom pod labels | `{}` |
| `global.k8sLabels` | Custom metadata labels | `{}` |
| `global.issuerFilenames.ca` | Custom name of the file containing the root CA certificate inside the container | `ca.crt` |
| `global.issuerFilenames.cert` | Custom name of the file containing the leaf certificate inside the container | `issuer.crt` |
| `global.issuerFilenames.key` | Custom name of the file containing the leaf certificate's key inside the container | `issuer.key` |
-| `global.actors.enabled` | Enables the Dapr actors building block. When "false", the Dapr Placement serice is not installed, and attempting to use Dapr actors will fail. | `true` |
+| `global.actors.enabled` | Enables the Dapr actors building block. When "false", the Dapr Placement service is not installed, and attempting to use Dapr actors will fail. | `true` |
+| `global.actors.serviceName` | Name of the service that provides actor placement services. | `placement` |
+| `global.reminders.serviceName` | Name of the service that provides reminders functionality. If empty (the default), uses the built-in reminders capabilities in Dapr sidecars. | |
| `global.seccompProfile` | SeccompProfile for Dapr control plane services | `""` |
| `global.rbac.namespaced` | Removes cluster wide permissions where applicable | `false` |
-| `global.argoRolloutServiceReconciler.enabled` | Enable the service reconciler for Dapr-enabled Argo Rollouts | `false` |
+| `global.argoRolloutServiceReconciler.enabled` | Enable the service reconciler for Dapr-enabled Argo Rollouts | `false` |
+| `global.priorityClassName` | Adds `priorityClassName` to Dapr pods | `""` |
### Dapr Operator options:
-| Parameter | Description | Default |
-|-------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|
-| `dapr_operator.replicaCount` | Number of replicas | `1` |
-| `dapr_operator.logLevel` | Log level | `info` |
-| `dapr_operator.watchInterval` | Interval for polling pods' state (e.g. `2m`). Set to `0` to disable, or `once` to only run once when the operator starts | `0` |
-| `dapr_operator.maxPodRestartsPerMinute` | Maximum number of pods in an invalid state that can be restarted per minute | `20` |
-| `dapr_operator.image.name` | Docker image name (`global.registry/dapr_operator.image.name`) | `dapr` |
-| `dapr_operator.runAsNonRoot` | Boolean value for `securityContext.runAsNonRoot`. You may have to set this to `false` when running in Minikube | `true` |
-| `dapr_operator.resources` | Value of `resources` attribute. Can be used to set memory/cpu resources/limits. See the section "Resource configuration" above. Defaults to empty | `{}` |
-| `dapr_operator.debug.enabled` | Boolean value for enabling debug mode | `{}` |
-| `dapr_operator.serviceReconciler.enabled` | If false, disables the reconciler that creates Services for Dapr-enabled Deployments and StatefulSets.
Note: disabling this reconciler could prevent Dapr service invocation from working. | `true` |
-| `dapr_operator.watchNamespace` | The namespace to watch for annotated Dapr resources in | `""` |
-| `dapr_operator.deploymentAnnotations` | Custom annotations for Dapr Operator Deployment | `{}` |
+| Parameter | Description | Default |
+|--------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|
+| `dapr_operator.replicaCount` | Number of replicas | `1` |
+| `dapr_operator.logLevel` | Log level | `info` |
+| `dapr_operator.watchInterval` | Interval for polling pods' state (e.g. `2m`). Set to `0` to disable, or `once` to only run once when the operator starts | `0` |
+| `dapr_operator.maxPodRestartsPerMinute` | Maximum number of pods in an invalid state that can be restarted per minute | `20` |
+| `dapr_operator.image.name` | Docker image name (`global.registry/dapr_operator.image.name`) | `dapr` |
+| `dapr_operator.runAsNonRoot` | Boolean value for `securityContext.runAsNonRoot`. You may have to set this to `false` when running in Minikube | `true` |
+| `dapr_operator.resources` | Value of `resources` attribute. Can be used to set memory/cpu resources/limits. See the section "Resource configuration" above. Defaults to empty | `{}` |
+| `dapr_operator.debug.enabled` | Boolean value for enabling debug mode | `{}` |
+| `dapr_operator.serviceReconciler.enabled` | If false, disables the reconciler that creates Services for Dapr-enabled Deployments and StatefulSets.
Note: disabling this reconciler could prevent Dapr service invocation from working. | `true` |
+| `dapr_operator.watchNamespace` | The namespace to watch for annotated Dapr resources in | `""` |
+| `dapr_operator.deploymentAnnotations` | Custom annotations for Dapr Operator Deployment | `{}` |
+| `dapr_operator.apiService.annotations` | Custom annotations for "dapr-operator" Service resource | `{}` |
+| `dapr_operator.apiService.type` | Type for "dapr-operator" Service resource (e.g. `ClusterIP`, `LoadBalancer`, etc) | `ClusterIP` |
+| `dapr_operator.webhookService.annotations` | Custom annotations for "dapr-webhook" Service resource | `{}` |
+| `dapr_operator.webhookService.type` | Type for "dapr-webhook" Service resource (e.g. `ClusterIP`, `LoadBalancer`, etc) | `ClusterIP` |
+| `dapr_operator.extraEnvVars` | Map of (name, value) tuples to use as extra environment variables (e.g. `my-env-var: "my-val"`, etc) | `{}` |
### Dapr Placement options:
-| Parameter | Description | Default |
-|------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------|
-| `dapr_placement.ha` | If set to true, deploys the Placement service with 3 nodes regardless of the value of `global.ha.enabled` | `false` |
-| `dapr_placement.replicationFactor` | Number of consistent hashing virtual node | `100` |
-| `dapr_placement.logLevel` | Service Log level | `info` |
+| Parameter | Description | Default |
+|---|---|---|
+| `dapr_placement.ha`| If set to true, deploys the Placement service with 3 nodes regardless of the value of `global.ha.enabled` | `false` |
+| `dapr_placement.replicationFactor` | Number of consistent hashing virtual node | `100`|
+| `dapr_placement.logLevel` | Service Log level | `info`|
| `dapr_placement.image.name` | Service docker image name (`global.registry/dapr_placement.image.name`) | `dapr` |
| `dapr_placement.cluster.forceInMemoryLog` | Use in-memory log store and disable volume attach when HA is true | `false` |
| `dapr_placement.cluster.logStorePath` | Mount path for persistent volume for log store in unix-like system when HA is true | `/var/run/dapr/raft-log` |
| `dapr_placement.cluster.logStoreWinPath` | Mount path for persistent volume for log store in windows when HA is true | `C:\\raft-log` |
-| `dapr_placement.volumeclaims.storageSize` | Attached volume size | `1Gi` |
-| `dapr_placement.volumeclaims.storageClassName` | storage class name | |
+| `dapr_placement.volumeclaims.storageSize` | Attached volume size | `1Gi` |
+| `dapr_placement.volumeclaims.storageClassName` | Storage class name ||
+| `dapr_placement.maxActorApiLevel` | Sets the `max-api-level` flag which prevents the Actor API level from going above this value. The Placement service reports to all connected hosts the Actor API level as the minimum value observed in all actor hosts in the cluster. Actor hosts with a lower API level than the current API level in the cluster will not be able to connect to Placement. Setting a cap helps making sure that older versions of Dapr can connect to Placement as actor hosts, but may limit the capabilities of the actor subsystem. The default value of -1 means no cap. | `-1` |
+| `dapr_placement.minActorApiLevel` | Sets the `min-api-level` flag, which enforces a minimum value for the Actor API level in the cluster. | `0` |
+| `dapr_placement.scaleZero` | If true, the StatefulSet is deployed with a zero scale, regardless of the values of `global.ha.enabled` or `dapr_placement.ha` | `false` |
| `dapr_placement.runAsNonRoot` | Boolean value for `securityContext.runAsNonRoot`. Does not apply unless `forceInMemoryLog` is set to `true`. You may have to set this to `false` when running in Minikube | `false` |
| `dapr_placement.resources` | Value of `resources` attribute. Can be used to set memory/cpu resources/limits. See the section "Resource configuration" above. Defaults to empty | `{}` |
| `dapr_placement.debug.enabled` | Boolean value for enabling debug mode | `{}` |
| `dapr_placement.metadataEnabled` | Boolean value for enabling placement tables metadata HTTP API | `false` |
| `dapr_placement.statefulsetAnnotations` | Custom annotations for Dapr Placement Statefulset | `{}` |
+| `dapr_placement.service.annotations` | Custom annotations for "dapr-placement-server" Service resource | `{}` |
+| `dapr_placement.extraEnvVars` | Dictionary (key: value pairs) to use as extra environment variables in the injected sidecar containers (e.g. `my-env-var: "my-val"`, etc) | `{}` |
### Dapr RBAC options:
-| Parameter | Description | Default |
-|-------------------------------------------|-------------------------------------------------------------------------|-------------------------|
+| Parameter | Description | Default |
+|---|---|---|
| `dapr_rbac.secretReader.enabled` | Deploys a default secret reader Role and RoleBinding | `true` |
| `dapr_rbac.secretReader.namespace` | Namespace for the default secret reader | `default` |
### Dapr Sentry options:
-| Parameter | Description | Default |
-|-------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------|
+| Parameter | Description | Default |
+|---|---|---|
| `dapr_sentry.replicaCount` | Number of replicas | `1` |
| `dapr_sentry.logLevel` | Log level | `info` |
| `dapr_sentry.image.name` | Docker image name (`global.registry/dapr_sentry.image.name`) | `dapr` |
| `dapr_sentry.tls.issuer.certPEM` | Issuer Certificate cert | `""` |
| `dapr_sentry.tls.issuer.keyPEM` | Issuer Private Key cert | `""` |
| `dapr_sentry.tls.root.certPEM` | Root Certificate cert | `""` |
-| `dapr_sentry.tokenAudience` | Expected audience for tokens; multiple values can be separated by a comma. Defaults to the audience expected by the Kubernetes control plane if not set | `""` |
| `dapr_sentry.runAsNonRoot` | Boolean value for `securityContext.runAsNonRoot`. You may have to set this to `false` when running in Minikube | `true` |
| `dapr_sentry.resources` | Value of `resources` attribute. Can be used to set memory/cpu resources/limits. See the section "Resource configuration" above. Defaults to empty | `{}` |
| `dapr_sentry.debug.enabled` | Boolean value for enabling debug mode | `{}` |
| `dapr_sentry.deploymentAnnotations` | Custom annotations for Dapr Sentry Deployment | `{}` |
+| `dapr_sentry.service.annotations` | Custom annotations for "dapr-sentry" Service resource | `{}` |
+| `dapr_sentry.service.type` | Type for "dapr-sentry" Service resource (e.g. `ClusterIP`, `LoadBalancer`, etc) | `ClusterIP` |
+| `dapr_placement.extraEnvVars` | Map of (name, value) tuples to use as extra environment variables (e.g. `my-env-var: "my-val"`, etc) | `{}` |
### Dapr Sidecar Injector options:
| Parameter | Description | Default |
@@ -179,10 +194,11 @@ The Helm chart has the follow configuration options that can be supplied:
| `dapr_sidecar_injector.injectorImage.name` | Docker image name for sidecar injector service (`global.registry/dapr_sidecar_injector.injectorImage.name`) | `dapr`|
| `dapr_sidecar_injector.webhookFailurePolicy` | Failure policy for the sidecar injector | `Ignore` |
| `dapr_sidecar_injector.runAsNonRoot` | Boolean value for `securityContext.runAsNonRoot` for the Sidecar Injector container itself. You may have to set this to `false` when running in Minikube | `true` |
-| `dapr_sidecar_injector.sidecarRunAsNonRoot` | When this boolean value is true (the default), the injected sidecar containers have `runAsRoot: true`. You may have to set this to `false` when running Minikube | `true` |
-| `dapr_sidecar_injector.sidecarReadOnlyRootFilesystem` | When this boolean value is true (the default), the injected sidecar containers have `readOnlyRootFilesystem: true` | `true` |
-| `dapr_sidecar_injector.sidecarDropALLCapabilities` | When this boolean valus is true, the injected sidecar containers have `securityContext.capabilities.drop: ["ALL"]` | `false` |
-| `dapr_sidecar_injector.allowedServiceAccounts` | String value for extra allowed service accounts in the format of `namespace1:serviceAccount1,namespace2:serviceAccount2` | `""` |
+| `dapr_sidecar_injector.sidecarRunAsNonRoot` | When this boolean value is true (the default), the injected sidecar containers have `runAsRoot: true`. You may have to set this to `false` when running Minikube | `true` |
+| `dapr_sidecar_injector.sidecarReadOnlyRootFilesystem` | When this boolean value is true (the default), the injected sidecar containers have `readOnlyRootFilesystem: true` | `true` |
+| `dapr_sidecar_injector.enableK8sDownwardAPIs` | When set to true, uses the Kubernetes downward projection APIs to inject certain environmental variables (such as pod IP) into the daprd container. (default: `false`) | `true` |
+| `dapr_sidecar_injector.sidecarDropALLCapabilities` | When this boolean valus is true, the injected sidecar containers have `securityContext.capabilities.drop: ["ALL"]` | `false` |
+| `dapr_sidecar_injector.allowedServiceAccounts` | String value for extra allowed service accounts in the format of `namespace1:serviceAccount1,namespace2:serviceAccount2` | `""` |
| `dapr_sidecar_injector.allowedServiceAccountsPrefixNames` | Comma-separated list of extra allowed service accounts. Each item in the list should be in the format of namespace:serviceaccount. To match service accounts by a common prefix, you can add an asterisk (`*`) at the end of the prefix. For instance, ns1*:sa2* will match any service account that starts with sa2, whose namespace starts with ns1. For example, it will match service accounts like sa21 and sa2223 in namespaces such as ns1, ns1dapr, and so on. | `""` |
| `dapr_sidecar_injector.resources` | Value of `resources` attribute. Can be used to set memory/cpu resources/limits. See the section "Resource configuration" above. Defaults to empty | `{}` |
| `dapr_sidecar_injector.debug.enabled` | Boolean value for enabling debug mode | `{}` |
@@ -190,7 +206,10 @@ The Helm chart has the follow configuration options that can be supplied:
| `dapr_sidecar_injector.ignoreEntrypointTolerations` | JSON array of Kubernetes tolerations. If pod contains any of these tolerations, it will ignore the Docker image ENTRYPOINT for Dapr sidecar. | `[{\"effect\":\"NoSchedule\",\"key\":\"alibabacloud.com/eci\"},{\"effect\":\"NoSchedule\",\"key\":\"azure.com/aci\"},{\"effect\":\"NoSchedule\",\"key\":\"aws\"},{\"effect\":\"NoSchedule\",\"key\":\"huawei.com/cci\"}]` |
| `dapr_sidecar_injector.hostNetwork` | Enable hostNetwork mode. This is helpful when working with overlay networks such as Calico CNI and admission webhooks fail | `false` |
| `dapr_sidecar_injector.healthzPort` | The port used for health checks. Helpful in combination with hostNetwork to avoid port collisions | `8080` |
-| `dapr_sidecar.deploymentAnnotations` | Custom annotations for Dapr sidecar Deployment | `{}` |
+| `dapr_sidecar_injector.deploymentAnnotations` | Custom annotations for Dapr Sidecar Injector Deployment | `{}` |
+| `dapr_sidecar_injector.service.annotations` | Custom annotations for "dapr-sidecar-injector" Service resource | `{}` |
+| `dapr_sidecar_injector.service.type` | Type for "dapr-sidecar-injector" Service resource (e.g. `ClusterIP`, `LoadBalancer`, etc) | `ClusterIP` |
+| `dapr_sidecar_injector.extraEnvVars` | Map of (name, value) tuples to use as extra environment variables (e.g. `my-env-var: "my-val"`, etc) | `{}` |
## Example of highly available configuration of the control plane
diff --git a/helm-charts/dapr/charts/dapr_config/Chart.yaml b/helm-charts/dapr/charts/dapr_config/Chart.yaml
index 091ce4b..c6b265a 100644
--- a/helm-charts/dapr/charts/dapr_config/Chart.yaml
+++ b/helm-charts/dapr/charts/dapr_config/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Dapr configuration
name: dapr_config
-version: 1.12.0
+version: 1.13.1
diff --git a/helm-charts/dapr/charts/dapr_operator/Chart.yaml b/helm-charts/dapr/charts/dapr_operator/Chart.yaml
index ce2f47e..3e435a4 100644
--- a/helm-charts/dapr/charts/dapr_operator/Chart.yaml
+++ b/helm-charts/dapr/charts/dapr_operator/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Dapr Kubernetes Operator
name: dapr_operator
-version: 1.12.0
+version: 1.13.1
diff --git a/helm-charts/dapr/charts/dapr_operator/templates/dapr_operator_deployment.yaml b/helm-charts/dapr/charts/dapr_operator/templates/dapr_operator_deployment.yaml
index 81c7434..048f6ae 100644
--- a/helm-charts/dapr/charts/dapr_operator/templates/dapr_operator_deployment.yaml
+++ b/helm-charts/dapr/charts/dapr_operator/templates/dapr_operator_deployment.yaml
@@ -34,8 +34,8 @@ spec:
prometheus.io/port: "{{ .Values.global.prometheus.port }}"
prometheus.io/path: "/"
{{- end }}
-{{- if .Values.deploymentAnnotations }}
-{{ toYaml .Values.deploymentAnnotations | indent 4}}
+{{- with .Values.deploymentAnnotations }}
+{{ toYaml . | indent 8 }}
{{- end }}
spec:
containers:
@@ -89,6 +89,10 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
+ {{- range $name, $value := .Values.extraEnvVars }}
+ - name: "{{ $name }}"
+ value: "{{ $value }}"
+ {{- end }}
ports:
- containerPort: 6500
{{- if eq .Values.global.prometheus.enabled true }}
@@ -219,7 +223,7 @@ spec:
{{- end }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
- {{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 }}
+ {{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 -}}
{{- end }}
{{- if .Values.global.nodeSelector }}
nodeSelector:
@@ -229,3 +233,7 @@ spec:
tolerations:
{{ toYaml .Values.global.tolerations | indent 8 }}
{{- end }}
+{{- if .Values.global.priorityClassName }}
+ priorityClassName:
+{{ toYaml .Values.global.priorityClassName | indent 8 }}
+{{- end }}
diff --git a/helm-charts/dapr/charts/dapr_operator/templates/dapr_operator_service.yaml b/helm-charts/dapr/charts/dapr_operator/templates/dapr_operator_service.yaml
index 10ffaa8..d43c014 100644
--- a/helm-charts/dapr/charts/dapr_operator/templates/dapr_operator_service.yaml
+++ b/helm-charts/dapr/charts/dapr_operator/templates/dapr_operator_service.yaml
@@ -7,13 +7,27 @@ metadata:
{{- range $key, $value := .Values.global.k8sLabels }}
{{ $key }}: {{ tpl $value $ }}
{{- end }}
+{{- if .Values.apiService.annotations }}
+{{ toYaml .Values.apiService.annotations | indent 4}}
+{{- end }}
spec:
selector:
app: dapr-operator
+ type: {{ .Values.apiService.type }}
ports:
- protocol: TCP
- port: {{ .Values.ports.port }}
+ port: {{ .Values.ports.port }}
targetPort: {{ .Values.ports.targetPort }}
+ name: grpc
+# Added for backwards compatibility where previous clients will attempt to
+# connect on port 80.
+# TOOD: @joshvanl: remove in v1.14
+{{ if (ne (int .Values.ports.port) 80) }}
+ - protocol: TCP
+ port: 80
+ targetPort: {{ .Values.ports.targetPort }}
+ name: legacy
+{{ end }}
---
apiVersion: v1
kind: Service
@@ -24,10 +38,14 @@ metadata:
{{- range $key, $value := .Values.global.k8sLabels }}
{{ $key }}: {{ tpl $value $ }}
{{- end }}
+{{- if .Values.webhookService.annotations }}
+{{ toYaml .Values.webhookService.annotations | indent 4}}
+{{- end }}
spec:
+ type: {{ .Values.webhookService.type }}
ports:
- port: 443
targetPort: 19443
protocol: TCP
selector:
- app: dapr-operator
\ No newline at end of file
+ app: dapr-operator
diff --git a/helm-charts/dapr/charts/dapr_operator/values.yaml b/helm-charts/dapr/charts/dapr_operator/values.yaml
index 6f81c33..8b35ef1 100644
--- a/helm-charts/dapr/charts/dapr_operator/values.yaml
+++ b/helm-charts/dapr/charts/dapr_operator/values.yaml
@@ -16,6 +16,13 @@ fullnameOverride: ""
deploymentAnnotations: {}
+apiService:
+ type: ClusterIP
+ annotations: {}
+webhookService:
+ type: ClusterIP
+ annotations: {}
+
runAsNonRoot: true
serviceReconciler:
@@ -23,11 +30,13 @@ serviceReconciler:
ports:
protocol: TCP
- port: 80
+ port: 443
targetPort: 6500
resources: {}
+extraEnvVars: {}
+
livenessProbe:
initialDelaySeconds: 3
periodSeconds: 3
diff --git a/helm-charts/dapr/charts/dapr_placement/Chart.yaml b/helm-charts/dapr/charts/dapr_placement/Chart.yaml
index e13389b..b4668f4 100644
--- a/helm-charts/dapr/charts/dapr_placement/Chart.yaml
+++ b/helm-charts/dapr/charts/dapr_placement/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Dapr Kubernetes placement
name: dapr_placement
-version: 1.12.0
+version: 1.13.1
diff --git a/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_poddisruptionbudget.yaml b/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_poddisruptionbudget.yaml
index 1ecd7f5..527f49a 100644
--- a/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_poddisruptionbudget.yaml
+++ b/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_poddisruptionbudget.yaml
@@ -1,4 +1,4 @@
-{{- if and (eq .Values.global.ha.enabled true) (eq .Values.global.actors.enabled true) }}
+{{- if and (eq .Values.global.ha.enabled true) (eq .Values.global.actors.enabled true) (eq .Values.global.actors.serviceName "placement") }}
{{- if .Capabilities.APIVersions.Has "policy/v1" }}
apiVersion: policy/v1
{{- else }}
diff --git a/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_service.yaml b/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_service.yaml
index 42f2554..191bc45 100644
--- a/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_service.yaml
+++ b/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_service.yaml
@@ -1,4 +1,4 @@
-{{- if eq .Values.global.actors.enabled true }}
+{{- if and (eq .Values.global.actors.enabled true) (eq .Values.global.actors.serviceName "placement") }}
kind: Service
apiVersion: v1
metadata:
@@ -9,6 +9,9 @@ metadata:
{{- range $key, $value := .Values.global.k8sLabels }}
{{ $key }}: {{ tpl $value $ }}
{{- end }}
+{{- if .Values.service.annotations }}
+{{ toYaml .Values.service.annotations | indent 4}}
+{{- end }}
spec:
selector:
app: dapr-placement-server
diff --git a/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_statefulset.yaml b/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_statefulset.yaml
index e805dbf..5c4b619 100644
--- a/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_statefulset.yaml
+++ b/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_statefulset.yaml
@@ -1,4 +1,4 @@
-{{- if eq .Values.global.actors.enabled true }}
+{{- if and (eq .Values.global.actors.enabled true) (eq .Values.global.actors.serviceName "placement") }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
@@ -10,7 +10,9 @@ metadata:
{{ $key }}: {{ tpl $value $ }}
{{- end }}
spec:
-{{- if or (eq .Values.global.ha.enabled true) (eq .Values.ha true) }}
+{{- if eq .Values.scaleZero true }}
+ replicas: 0
+{{- else if or (eq .Values.global.ha.enabled true) (eq .Values.ha true) }}
replicas: 3
{{- else }}
replicas: 1
@@ -37,8 +39,8 @@ spec:
prometheus.io/port: "{{ .Values.global.prometheus.port }}"
prometheus.io/path: "/"
{{- end }}
-{{- if .Values.statefulsetAnnotations }}
-{{ toYaml .Values.statefulsetAnnotations | indent 4}}
+{{- with .Values.statefulsetAnnotations }}
+{{ toYaml . | indent 8 }}
{{- end }}
spec:
containers:
@@ -147,6 +149,10 @@ spec:
- "--enable-metrics"
- "--replicationFactor"
- "{{ .Values.replicationFactor }}"
+ - "--max-api-level"
+ - "{{ .Values.maxActorApiLevel }}"
+ - "--min-api-level"
+ - "{{ .Values.minActorApiLevel }}"
- "--metrics-port"
- "{{ .Values.global.prometheus.port }}"
{{- else }}
@@ -178,14 +184,18 @@ spec:
{{- end }}
{{- end }}
env:
- - name: PLACEMENT_ID
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
+ - name: PLACEMENT_ID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{- range $name, $value := .Values.extraEnvVars }}
+ - name: "{{ $name }}"
+ value: "{{ $value }}"
+ {{- end }}
serviceAccountName: dapr-placement
volumes:
- name: dapr-trust-bundle
@@ -233,7 +243,7 @@ spec:
{{- end }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
- {{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 }}
+ {{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 -}}
{{- end }}
{{- if .Values.global.nodeSelector }}
nodeSelector:
@@ -259,4 +269,8 @@ spec:
{{- end }}
{{- end }}
{{- end }}
+{{- if .Values.global.priorityClassName }}
+ priorityClassName:
+{{ toYaml .Values.global.priorityClassName | indent 8 }}
+{{- end }}
{{- end }}
diff --git a/helm-charts/dapr/charts/dapr_placement/values.yaml b/helm-charts/dapr/charts/dapr_placement/values.yaml
index 06ee8e2..27832b3 100644
--- a/helm-charts/dapr/charts/dapr_placement/values.yaml
+++ b/helm-charts/dapr/charts/dapr_placement/values.yaml
@@ -12,13 +12,20 @@ fullnameOverride: ""
statefulsetAnnotations: {}
+service:
+ annotations: {}
+
ports:
protocol: TCP
apiPort: 50005
raftRPCPort: 8201
+scaleZero: false
ha: false
+maxActorApiLevel: 10
+minActorApiLevel: 0
+
cluster:
forceInMemoryLog: false
logStorePath: /var/run/dapr/raft-log
@@ -48,3 +55,6 @@ debug:
runAsNonRoot: true
resources: {}
+
+extraEnvVars: {}
+
diff --git a/helm-charts/dapr/charts/dapr_rbac/Chart.yaml b/helm-charts/dapr/charts/dapr_rbac/Chart.yaml
index d1766f0..624b29a 100644
--- a/helm-charts/dapr/charts/dapr_rbac/Chart.yaml
+++ b/helm-charts/dapr/charts/dapr_rbac/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Dapr Kubernetes RBAC components
name: dapr_rbac
-version: 1.12.0
+version: 1.13.1
diff --git a/helm-charts/dapr/charts/dapr_rbac/templates/injector.yaml b/helm-charts/dapr/charts/dapr_rbac/templates/injector.yaml
index ffb1845..2fd919a 100644
--- a/helm-charts/dapr/charts/dapr_rbac/templates/injector.yaml
+++ b/helm-charts/dapr/charts/dapr_rbac/templates/injector.yaml
@@ -26,7 +26,7 @@ rules:
resourceNames: ["dapr-sidecar-injector"]
{{- if not .Values.global.rbac.namespaced }}
- apiGroups: ["dapr.io"]
- resources: ["configurations", "components"]
+ resources: ["components"]
verbs: [ "get", "list"]
{{- end }}
---
@@ -63,9 +63,12 @@ rules:
resourceNames: ["dapr-trust-bundle"]
{{- if eq .Values.global.rbac.namespaced true }}
- apiGroups: ["dapr.io"]
- resources: ["configurations", "components"]
+ resources: ["components"]
verbs: [ "get", "list"]
{{- end }}
+ - apiGroups: ["dapr.io"]
+ resources: ["configurations"]
+ verbs: [ "get" ]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/helm-charts/dapr/charts/dapr_rbac/templates/placement.yaml b/helm-charts/dapr/charts/dapr_rbac/templates/placement.yaml
index 588fa69..1dc9570 100644
--- a/helm-charts/dapr/charts/dapr_rbac/templates/placement.yaml
+++ b/helm-charts/dapr/charts/dapr_rbac/templates/placement.yaml
@@ -1,3 +1,4 @@
+{{- if and (eq .Values.global.actors.enabled true) (eq .Values.global.actors.serviceName "placement") }}
apiVersion: v1
kind: ServiceAccount
metadata:
@@ -7,7 +8,9 @@ metadata:
{{- range $key, $value := .Values.global.k8sLabels }}
{{ $key }}: {{ tpl $value $ }}
{{- end }}
+{{- end }}
---
+{{- if and (eq .Values.global.actors.enabled true) (eq .Values.global.actors.serviceName "placement") }}
{{- if eq .Values.global.rbac.namespaced true }}
kind: Role
{{- else }}
@@ -21,7 +24,9 @@ metadata:
{{ $key }}: {{ tpl $value $ }}
{{- end }}
rules: []
+{{- end }}
---
+{{- if and (eq .Values.global.actors.enabled true) (eq .Values.global.actors.serviceName "placement") }}
{{- if eq .Values.global.rbac.namespaced true }}
kind: RoleBinding
{{- else }}
@@ -46,3 +51,4 @@ roleRef:
kind: ClusterRole
{{- end }}
name: dapr-placement
+{{- end }}
diff --git a/helm-charts/dapr/charts/dapr_rbac/templates/sentry.yaml b/helm-charts/dapr/charts/dapr_rbac/templates/sentry.yaml
index b21f303..39c30d8 100644
--- a/helm-charts/dapr/charts/dapr_rbac/templates/sentry.yaml
+++ b/helm-charts/dapr/charts/dapr_rbac/templates/sentry.yaml
@@ -64,11 +64,9 @@ rules:
resources: ["configmaps"]
verbs: ["get", "update", "watch", "list"]
resourceNames: ["dapr-trust-bundle"]
-{{- if eq .Values.global.rbac.namespaced true }}
- apiGroups: ["dapr.io"]
resources: ["configurations"]
- verbs: ["list"]
-{{- end }}
+ verbs: ["list", "get", "watch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/helm-charts/dapr/charts/dapr_rbac/values.yaml b/helm-charts/dapr/charts/dapr_rbac/values.yaml
index fe7a0dd..c3ccfd5 100644
--- a/helm-charts/dapr/charts/dapr_rbac/values.yaml
+++ b/helm-charts/dapr/charts/dapr_rbac/values.yaml
@@ -1,4 +1,4 @@
-secretReader:
- enabled: true
- namespace: default
-component: rbac
+secretReader:
+ enabled: true
+ namespace: default
+component: rbac
diff --git a/helm-charts/dapr/charts/dapr_sentry/Chart.yaml b/helm-charts/dapr/charts/dapr_sentry/Chart.yaml
index 7f0243d..d9766c5 100644
--- a/helm-charts/dapr/charts/dapr_sentry/Chart.yaml
+++ b/helm-charts/dapr/charts/dapr_sentry/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Dapr Sentry
name: dapr_sentry
-version: 1.12.0
+version: 1.13.1
diff --git a/helm-charts/dapr/charts/dapr_sentry/templates/dapr_sentry_deployment.yaml b/helm-charts/dapr/charts/dapr_sentry/templates/dapr_sentry_deployment.yaml
index 322f9d8..b672c26 100644
--- a/helm-charts/dapr/charts/dapr_sentry/templates/dapr_sentry_deployment.yaml
+++ b/helm-charts/dapr/charts/dapr_sentry/templates/dapr_sentry_deployment.yaml
@@ -19,6 +19,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: dapr-trust-bundle
+ namespace: {{ .Release.Namespace }}
labels:
app: dapr-sentry
{{- range $key, $value := .Values.global.k8sLabels }}
@@ -65,8 +66,8 @@ spec:
prometheus.io/port: "{{ .Values.global.prometheus.port }}"
prometheus.io/path: "/"
{{- end }}
-{{- if .Values.deploymentAnnotations }}
-{{ toYaml .Values.deploymentAnnotations | indent 4}}
+{{- with .Values.deploymentAnnotations }}
+{{ toYaml . | indent 8 }}
{{- end }}
spec:
containers:
@@ -120,6 +121,10 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
+ {{- range $name, $value := .Values.extraEnvVars }}
+ - name: "{{ $name }}"
+ value: "{{ $value }}"
+ {{- end }}
ports:
- containerPort: 50001
{{- if eq .Values.global.prometheus.enabled true }}
@@ -172,10 +177,6 @@ spec:
{{- end }}
- "--trust-domain"
- {{ .Values.global.mtls.controlPlaneTrustDomain }}
-{{- if .Values.tokenAudience }}
- - "--token-audience"
- - {{ .Values.tokenAudience }}
-{{- end }}
{{- with .Values.global.issuerFilenames }}
- "--issuer-ca-filename"
- "{{ .ca }}"
@@ -222,7 +223,7 @@ spec:
{{- end }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
- {{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 }}
+ {{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 -}}
{{- end }}
{{- if .Values.global.nodeSelector }}
nodeSelector:
@@ -232,3 +233,7 @@ spec:
tolerations:
{{ toYaml .Values.global.tolerations | indent 8 }}
{{- end }}
+{{- if .Values.global.priorityClassName }}
+ priorityClassName:
+{{ toYaml .Values.global.priorityClassName | indent 8 }}
+{{- end }}
diff --git a/helm-charts/dapr/charts/dapr_sentry/templates/dapr_sentry_service.yaml b/helm-charts/dapr/charts/dapr_sentry/templates/dapr_sentry_service.yaml
index 559a3bf..c162eec 100644
--- a/helm-charts/dapr/charts/dapr_sentry/templates/dapr_sentry_service.yaml
+++ b/helm-charts/dapr/charts/dapr_sentry/templates/dapr_sentry_service.yaml
@@ -7,9 +7,13 @@ metadata:
{{- range $key, $value := .Values.global.k8sLabels }}
{{ $key }}: {{ tpl $value $ }}
{{- end }}
+{{- if .Values.service.annotations }}
+{{ toYaml .Values.service.annotations | indent 4}}
+{{- end }}
spec:
selector:
app: dapr-sentry
+ type: {{ .Values.service.type }}
ports:
- protocol: TCP
port: {{ .Values.ports.port }}
diff --git a/helm-charts/dapr/charts/dapr_sentry/values.yaml b/helm-charts/dapr/charts/dapr_sentry/values.yaml
index 265d5ce..002f25b 100644
--- a/helm-charts/dapr/charts/dapr_sentry/values.yaml
+++ b/helm-charts/dapr/charts/dapr_sentry/values.yaml
@@ -11,10 +11,12 @@ image:
nameOverride: ""
fullnameOverride: ""
-tokenAudience: ""
-
deploymentAnnotations: {}
+service:
+ type: ClusterIP
+ annotations: {}
+
ports:
protocol: TCP
port: 443
@@ -44,3 +46,6 @@ debug:
runAsNonRoot: true
resources: {}
+
+extraEnvVars: {}
+
diff --git a/helm-charts/dapr/charts/dapr_sidecar_injector/Chart.yaml b/helm-charts/dapr/charts/dapr_sidecar_injector/Chart.yaml
index d19a1ee..6c5c9e3 100644
--- a/helm-charts/dapr/charts/dapr_sidecar_injector/Chart.yaml
+++ b/helm-charts/dapr/charts/dapr_sidecar_injector/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
appVersion: "1.0"
description: A Helm chart for the Dapr sidecar injector
name: dapr_sidecar_injector
-version: 1.12.0
+version: 1.13.1
diff --git a/helm-charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_deployment.yaml b/helm-charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_deployment.yaml
index 1c8ca57..4f54247 100644
--- a/helm-charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_deployment.yaml
+++ b/helm-charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_deployment.yaml
@@ -35,8 +35,8 @@ spec:
prometheus.io/port: "{{ .Values.global.prometheus.port }}"
prometheus.io/path: "/"
{{- end }}
-{{- if .Values.deploymentAnnotations }}
-{{ toYaml .Values.deploymentAnnotations | indent 4}}
+{{- with .Values.deploymentAnnotations }}
+{{ toYaml . | indent 8 }}
{{- end }}
spec:
{{- if .Values.hostNetwork }}
@@ -123,55 +123,71 @@ spec:
- "--enable-metrics=false"
{{- end }}
- "--healthz-port"
- - "{{ .Values.healthzPort }}"
+ - {{ .Values.healthzPort | toString | toYaml }}
env:
- name: DAPR_TRUST_ANCHORS_FILE
value: /var/run/secrets/dapr.io/tls/ca.crt
- name: DAPR_CONTROL_PLANE_TRUST_DOMAIN
- value: {{ .Values.global.mtls.controlPlaneTrustDomain }}
+ value: {{ .Values.global.mtls.controlPlaneTrustDomain | toYaml }}
- name: DAPR_SENTRY_ADDRESS
- value: {{ if .Values.global.mtls.sentryAddress }}{{ .Values.global.mtls.sentryAddress }}{{ else }}dapr-sentry.{{ .Release.Namespace }}.svc.cluster.local:443{{ end }}
+ value: {{ with .Values.global.mtls.sentryAddress }}{{ . }}{{ else }}dapr-sentry.{{ .Release.Namespace }}.svc.cluster.local:443{{ end }}
+ {{- range $name, $value := .Values.extraEnvVars }}
+ - name: {{ $name | toYaml }}
+ value: {{ $value | toString | toYaml }}
+ {{- end }}
{{- if .Values.kubeClusterDomain }}
- name: KUBE_CLUSTER_DOMAIN
- value: "{{ .Values.kubeClusterDomain }}"
+ value: {{ .Values.kubeClusterDomain | toYaml }}
{{- end }}
- name: SIDECAR_IMAGE
{{- if contains "/" .Values.image.name }}
- value: "{{ .Values.image.name }}"
+ value: {{ .Values.image.name | toYaml }}
{{- else }}
value: "{{ .Values.global.registry }}/{{ .Values.image.name }}:{{ .Values.global.tag }}"
{{- end }}
- name: SIDECAR_IMAGE_PULL_POLICY
- value: "{{ .Values.sidecarImagePullPolicy }}"
+ value: {{ .Values.sidecarImagePullPolicy | toYaml }}
+ # Configuration for injected sidecars
+ - name: SIDECAR_RUN_AS_NON_ROOT
+ value: {{ .Values.sidecarRunAsNonRoot | toString | toYaml }}
+ - name: ENABLE_K8S_DOWNWARD_APIS
+ value: {{ .Values.enableK8sDownwardAPIs | toString | toYaml }}
+ - name: SIDECAR_DROP_ALL_CAPABILITIES
+ value: {{ .Values.sidecarDropALLCapabilities | toString | toYaml }}
+ - name: SIDECAR_READ_ONLY_ROOT_FILESYSTEM
+ value: {{ .Values.sidecarReadOnlyRootFilesystem | toString | toYaml }}
+
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
+
{{- if .Values.ignoreEntrypointTolerations }}
- name: IGNORE_ENTRYPOINT_TOLERATIONS
- value: "{{ .Values.ignoreEntrypointTolerations }}"
+ value: {{ .Values.ignoreEntrypointTolerations | toYaml }}
{{- end }}
-{{- if not .Values.global.actors.enabled }}
- - name: SKIP_PLACEMENT
- value: "true"
+
+ # Configuration for actors and reminders
+ - name: ACTORS_ENABLED
+ value: {{ .Values.global.actors.enabled | toString | toYaml }}
+ - name: ACTORS_SERVICE_NAME
+ value: {{ .Values.global.actors.serviceName | toString | toYaml }}
+ - name: ACTORS_SERVICE_ADDRESS
+ value: {{ include (print "address." .Values.global.actors.serviceName) . | toString | toYaml }}
+{{- with .Values.global.reminders.serviceName }}
+ - name: REMINDERS_SERVICE_NAME
+ value: {{ . | toString | toYaml }}
+ - name: REMINDERS_SERVICE_ADDRESS
+ value: {{ include (print "address." .) . | toString | toYaml }}
{{- end }}
- - name: SIDECAR_RUN_AS_NON_ROOT
- value: "{{ .Values.sidecarRunAsNonRoot }}"
- - name: SIDECAR_DROP_ALL_CAPABILITIES
- value: "{{ .Values.sidecarDropALLCapabilities }}"
- - name: SIDECAR_READ_ONLY_ROOT_FILESYSTEM
- value: "{{ .Values.sidecarReadOnlyRootFilesystem }}"
+
{{- if .Values.allowedServiceAccounts }}
- name: ALLOWED_SERVICE_ACCOUNTS
- value: "{{ .Values.allowedServiceAccounts }}"
-{{- end }}
-{{- if .Values.allowedServiceAccounts }}
- - name: ALLOWED_SERVICE_ACCOUNTS
- value: "{{ .Values.allowedServiceAccounts }}"
+ value: {{ .Values.allowedServiceAccounts | toYaml }}
{{- end }}
{{- if .Values.allowedServiceAccountsPrefixNames }}
- name: ALLOWED_SERVICE_ACCOUNTS_PREFIX_NAMES
- value: "{{ .Values.allowedServiceAccountsPrefixNames }}"
+ value: {{ .Values.allowedServiceAccountsPrefixNames | toYaml }}
{{- end }}
ports:
- name: https
@@ -225,12 +241,12 @@ spec:
- key: kubernetes.io/os
operator: In
values:
- - {{ .Values.global.daprControlPlaneOs }}
+ - {{ .Values.global.daprControlPlaneOs }}
{{- if .Values.global.daprControlPlaneArch }}
- key: kubernetes.io/arch
operator: In
values:
- - {{ .Values.global.daprControlPlaneArch }}
+ - {{ .Values.global.daprControlPlaneArch }}
{{- end }}
{{- if .Values.global.ha.enabled }}
podAntiAffinity:
@@ -247,7 +263,7 @@ spec:
{{- end }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
- {{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 }}
+{{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 -}}
{{- end }}
{{- if .Values.global.nodeSelector }}
nodeSelector:
@@ -257,4 +273,8 @@ spec:
tolerations:
{{ toYaml .Values.global.tolerations | indent 8 }}
{{- end }}
+{{- if .Values.global.priorityClassName }}
+ priorityClassName:
+{{ toYaml .Values.global.priorityClassName | indent 8 }}
+{{- end }}
{{- end }}
diff --git a/helm-charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_service.yaml b/helm-charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_service.yaml
index b31018f..513dc03 100644
--- a/helm-charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_service.yaml
+++ b/helm-charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_service.yaml
@@ -8,13 +8,16 @@ metadata:
{{- range $key, $value := .Values.global.k8sLabels }}
{{ $key }}: {{ tpl $value $ }}
{{- end }}
+{{- if .Values.service.annotations }}
+{{ toYaml .Values.service.annotations | indent 4}}
+{{- end }}
spec:
- type: ClusterIP
+ selector:
+ app: dapr-sidecar-injector
+ type: {{ .Values.service.type }}
ports:
- port: 443
targetPort: https
protocol: TCP
name: https
- selector:
- app: dapr-sidecar-injector
{{- end }}
diff --git a/helm-charts/dapr/charts/dapr_sidecar_injector/values.yaml b/helm-charts/dapr/charts/dapr_sidecar_injector/values.yaml
index 8ffb2e0..c9ee703 100644
--- a/helm-charts/dapr/charts/dapr_sidecar_injector/values.yaml
+++ b/helm-charts/dapr/charts/dapr_sidecar_injector/values.yaml
@@ -16,6 +16,11 @@ injectorImage:
name: "injector"
deploymentAnnotations: {}
+
+service:
+ type: ClusterIP
+ annotations: {}
+
nameOverride: ""
fullnameOverride: ""
webhookFailurePolicy: Ignore
@@ -24,6 +29,7 @@ runAsNonRoot: true
sidecarRunAsNonRoot: true
sidecarReadOnlyRootFilesystem: true
sidecarDropALLCapabilities: false
+enableK8sDownwardAPIs: false
allowedServiceAccounts: ""
allowedServiceAccountsPrefixNames: ""
resources: {}
@@ -45,3 +51,5 @@ debug:
enabled: false
port: 40000
initialDelaySeconds: 30000
+
+extraEnvVars: {}
diff --git a/helm-charts/dapr/crds/configuration.yaml b/helm-charts/dapr/crds/configuration.yaml
index 4668827..b567825 100644
--- a/helm-charts/dapr/crds/configuration.yaml
+++ b/helm-charts/dapr/crds/configuration.yaml
@@ -248,6 +248,16 @@ spec:
properties:
enabled:
type: boolean
+ http:
+ description: MetricHTTP defines configuration for metrics for
+ the HTTP server
+ properties:
+ increasedCardinality:
+ description: 'If true, metrics for the HTTP server are collected
+ with increased cardinality. The default is true in Dapr 1.13,
+ but will be changed to false in 1.14+'
+ type: boolean
+ type: object
rules:
items:
description: MetricsRule defines configuration options for a
@@ -286,6 +296,16 @@ spec:
properties:
enabled:
type: boolean
+ http:
+ description: MetricHTTP defines configuration for metrics for
+ the HTTP server
+ properties:
+ increasedCardinality:
+ description: 'If true, metrics for the HTTP server are collected
+ with increased cardinality. The default is true in Dapr 1.13,
+ but will be changed to false in 1.14+'
+ type: boolean
+ type: object
rules:
items:
description: MetricsRule defines configuration options for a
diff --git a/helm-charts/dapr/templates/_address_placement.tpl b/helm-charts/dapr/templates/_address_placement.tpl
new file mode 100644
index 0000000..c60756c
--- /dev/null
+++ b/helm-charts/dapr/templates/_address_placement.tpl
@@ -0,0 +1,7 @@
+{{/*
+Returns the address and port of the placement service
+The returned value is a string in the format ":"
+*/}}
+{{- define "address.placement" -}}
+{{- "dapr-placement-server:50005" }}
+{{- end -}}
\ No newline at end of file
diff --git a/helm-charts/dapr/templates/_helpers.tpl b/helm-charts/dapr/templates/_helpers.tpl
index 2f4043f..ec47635 100644
--- a/helm-charts/dapr/templates/_helpers.tpl
+++ b/helm-charts/dapr/templates/_helpers.tpl
@@ -35,15 +35,15 @@ Create chart name and version as used by the chart label.
Formats imagePullSecrets. Input is dict( "imagePullSecrets" .{specific imagePullSecrets}).
*/}}
{{- define "dapr.imagePullSecrets" -}}
-{{- if eq (typeOf .imagePullSecrets) "string" }}
+{{- if eq (typeOf .imagePullSecrets) "string" -}} {{- /* Single string value */ -}}
- name: {{ .imagePullSecrets }}
-{{- else }}
-{{- range .imagePullSecrets }}
-{{- if eq (typeOf .) "map[string]interface {}" }}
+{{- else -}} {{- /* Not a string value, iterate */ -}}
+{{- range .imagePullSecrets -}}
+{{- if eq (typeOf .) "map[string]interface {}" -}} {{- /* k8s style */ -}}
- {{ toYaml (dict "name" .name) | trim }}
-{{- else }}
+{{ else }} {{- /* helm style */ -}}
- name: {{ . }}
-{{- end }}
-{{- end }}
-{{- end }}
-{{- end }}
+{{ end }} {{- /* End of inner if */ -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/helm-charts/dapr/values.yaml b/helm-charts/dapr/values.yaml
index 0a9e040..e3b1296 100644
--- a/helm-charts/dapr/values.yaml
+++ b/helm-charts/dapr/values.yaml
@@ -1,6 +1,6 @@
global:
- registry: docker.io/daprio
- tag: '1.12.0'
+ registry: ghcr.io/dapr
+ tag: '1.13.1'
dnsSuffix: ".cluster.local"
logAsJson: false
imagePullPolicy: IfNotPresent
@@ -21,6 +21,7 @@ global:
# - pullSecret2
imagePullSecrets: ""
+ priorityClassName: ""
nodeSelector: {}
tolerations: []
rbac:
@@ -57,8 +58,18 @@ global:
# placement:
# operator:
# injector:
+
actors:
+ # Enables actor functionality in the cluster
enabled: true
+ # Name of the service that provides actor placement services
+ serviceName: "placement"
+
+ reminders:
+ # Name of the service that provides reminders
+ # If empty, uses the built-in reminders capabilities in Dapr sidecars
+ serviceName: ""
+
daprControlPlaneOs: linux
labels: {}
seccompProfile: ""
diff --git a/pkg/utils/maputils/maps.go b/pkg/utils/maputils/maps.go
index 095f28e..dbbb5d1 100644
--- a/pkg/utils/maputils/maps.go
+++ b/pkg/utils/maputils/maps.go
@@ -1,6 +1,7 @@
package maputils
import (
+ "errors"
"fmt"
"maps"
)
@@ -25,7 +26,7 @@ func Merge(dst map[string]interface{}, source map[string]interface{}) map[string
func Lookup(m map[string]interface{}, ks ...string) (interface{}, error) {
if len(ks) == 0 { // degenerate input
- return nil, fmt.Errorf("lookup needs at least one key")
+ return nil, errors.New("lookup needs at least one key")
}
if rval, ok := m[ks[0]]; !ok {
return nil, fmt.Errorf("key not found; remaining keys: %v", ks)
diff --git a/test/e2e/operator/dapr_instance_test.go b/test/e2e/operator/dapr_instance_test.go
index 9d68a32..532a406 100644
--- a/test/e2e/operator/dapr_instance_test.go
+++ b/test/e2e/operator/dapr_instance_test.go
@@ -46,7 +46,7 @@ func TestDaprInstanceDeployWithDefaults(t *testing.T) {
WithTransform(AsJSON(), And(
MatchJQ(`.status.chart.name == "dapr"`),
MatchJQ(`.status.chart.repo == "embedded"`),
- MatchJQ(`.status.chart.version == "1.12.0"`),
+ MatchJQ(`.status.chart.version == "1.13.1"`),
)),
)
}
@@ -58,7 +58,7 @@ func TestDaprInstanceDeployWithCustomChart(t *testing.T) {
test,
daprAc.DaprInstanceSpec().
WithChart(daprAc.ChartSpec().
- WithVersion("1.11.3")).
+ WithVersion("1.13.0")).
WithValues(nil),
)
@@ -79,7 +79,7 @@ func TestDaprInstanceDeployWithCustomChart(t *testing.T) {
WithTransform(AsJSON(), And(
MatchJQ(`.status.chart.name == "dapr"`),
MatchJQ(`.status.chart.repo == "https://dapr.github.io/helm-charts"`),
- MatchJQ(`.status.chart.version == "1.11.3"`),
+ MatchJQ(`.status.chart.version == "1.13.0"`),
)),
)
}
@@ -116,7 +116,7 @@ func TestDaprInstanceDeployWithCustomSidecarImage(t *testing.T) {
WithTransform(AsJSON(), And(
MatchJQ(`.status.chart.name == "dapr"`),
MatchJQ(`.status.chart.repo == "embedded"`),
- MatchJQ(`.status.chart.version == "1.12.0"`),
+ MatchJQ(`.status.chart.version == "1.13.1"`),
)),
)
@@ -162,7 +162,7 @@ func TestDaprInstanceDeployWithApp(t *testing.T) {
WithTransform(AsJSON(), And(
MatchJQ(`.status.chart.name == "dapr"`),
MatchJQ(`.status.chart.repo == "embedded"`),
- MatchJQ(`.status.chart.version == "1.12.0"`),
+ MatchJQ(`.status.chart.version == "1.13.1"`),
)),
)
diff --git a/test/support/matchers/match_support.go b/test/support/matchers/match_support.go
index 1e29216..c1b1888 100644
--- a/test/support/matchers/match_support.go
+++ b/test/support/matchers/match_support.go
@@ -11,7 +11,7 @@ func formattedMessage(comparisonMessage string, failurePath []interface{}) strin
if len(failurePath) == 0 {
diffMessage = ""
} else {
- diffMessage = fmt.Sprintf("\n\nfirst mismatched key: %s", formattedFailurePath(failurePath))
+ diffMessage = "\n\nfirst mismatched key: " + formattedFailurePath(failurePath)
}
return fmt.Sprintf("%s%s", comparisonMessage, diffMessage)
}