From 366882a40a2ffb4c99c1445e020ecc53e885d751 Mon Sep 17 00:00:00 2001 From: Luca Burgazzoli Date: Fri, 29 Mar 2024 09:58:59 +0100 Subject: [PATCH 1/2] Dapr 1.13 Operator Upgrade #107 --- .github/workflows/e2e-olm.yml | 6 +- .github/workflows/e2e-operator.yml | 6 +- Makefile | 2 +- config/manager/kustomization.yaml | 2 +- helm-charts/dapr/Chart.yaml | 4 +- helm-charts/dapr/README.md | 85 ++++++++++++------- .../dapr/charts/dapr_config/Chart.yaml | 2 +- .../dapr/charts/dapr_operator/Chart.yaml | 2 +- .../templates/dapr_operator_deployment.yaml | 14 ++- .../templates/dapr_operator_service.yaml | 22 ++++- .../dapr/charts/dapr_operator/values.yaml | 11 ++- .../dapr/charts/dapr_placement/Chart.yaml | 2 +- .../dapr_placement_poddisruptionbudget.yaml | 2 +- .../templates/dapr_placement_service.yaml | 5 +- .../templates/dapr_placement_statefulset.yaml | 40 ++++++--- .../dapr/charts/dapr_placement/values.yaml | 10 +++ helm-charts/dapr/charts/dapr_rbac/Chart.yaml | 2 +- .../charts/dapr_rbac/templates/injector.yaml | 7 +- .../charts/dapr_rbac/templates/placement.yaml | 6 ++ .../charts/dapr_rbac/templates/sentry.yaml | 4 +- helm-charts/dapr/charts/dapr_rbac/values.yaml | 8 +- .../dapr/charts/dapr_sentry/Chart.yaml | 2 +- .../templates/dapr_sentry_deployment.yaml | 19 +++-- .../templates/dapr_sentry_service.yaml | 4 + .../dapr/charts/dapr_sentry/values.yaml | 9 +- .../charts/dapr_sidecar_injector/Chart.yaml | 2 +- .../dapr_sidecar_injector_deployment.yaml | 74 ++++++++++------ .../dapr_sidecar_injector_service.yaml | 9 +- .../charts/dapr_sidecar_injector/values.yaml | 8 ++ helm-charts/dapr/crds/configuration.yaml | 20 +++++ .../dapr/templates/_address_placement.tpl | 7 ++ helm-charts/dapr/templates/_helpers.tpl | 18 ++-- helm-charts/dapr/values.yaml | 15 +++- test/e2e/operator/dapr_instance_test.go | 10 +-- 34 files changed, 305 insertions(+), 134 deletions(-) create mode 100644 helm-charts/dapr/templates/_address_placement.tpl diff --git a/.github/workflows/e2e-olm.yml b/.github/workflows/e2e-olm.yml index 567783b..176043e 100644 --- a/.github/workflows/e2e-olm.yml +++ b/.github/workflows/e2e-olm.yml @@ -55,8 +55,8 @@ jobs: strategy: matrix: kubernetes-version: - - "1.27.3" - - "1.28.0" + - "1.27.11" + - "1.28.7" steps: - name: "Checkout" uses: actions/checkout@v4 @@ -68,7 +68,7 @@ jobs: - name: 'SetUp KinD' uses: container-tools/kind-action@v2 with: - version: "v0.20.0" + version: "v0.22.0" kubectl_version: v${{ matrix.kubernetes-version }} registry: false node_image: kindest/node:v${{ matrix.kubernetes-version }} diff --git a/.github/workflows/e2e-operator.yml b/.github/workflows/e2e-operator.yml index e601ded..8ca438f 100644 --- a/.github/workflows/e2e-operator.yml +++ b/.github/workflows/e2e-operator.yml @@ -35,8 +35,8 @@ jobs: strategy: matrix: kubernetes-version: - - "1.27.3" - - "1.28.0" + - "1.27.11" + - "1.28.7" steps: - name: "Checkout" uses: actions/checkout@v4 @@ -48,7 +48,7 @@ jobs: - name: 'SetUp KinD' uses: container-tools/kind-action@v2 with: - version: "v0.20.0" + version: "v0.22.0" kubectl_version: v${{ matrix.kubernetes-version }} registry: false node_image: kindest/node:v${{ matrix.kubernetes-version }} diff --git a/Makefile b/Makefile index 2bdf6e9..57204e5 100644 --- a/Makefile +++ b/Makefile @@ -22,7 +22,7 @@ LOCALBIN := $(PROJECT_PATH)/bin HELM_CHART_REPO ?= https://dapr.github.io/helm-charts HELM_CHART ?= dapr -HELM_CHART_VERSION ?= 1.12.0 +HELM_CHART_VERSION ?= 1.13.1 HELM_CHART_URL ?= https://raw.githubusercontent.com/dapr/helm-charts/master/dapr-$(HELM_CHART_VERSION).tgz ## Tool Versions diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 957efb4..67490c3 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -8,5 +8,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: controller - newName: ttl.sh/0e076f38-57ed-4b13-b67d-f19639580179-local-0 + newName: ttl.sh/ed03fbe9-61d9-4ccf-a481-9d443244168f-local-0 newTag: 1h diff --git a/helm-charts/dapr/Chart.yaml b/helm-charts/dapr/Chart.yaml index faf0f0d..7874cd2 100644 --- a/helm-charts/dapr/Chart.yaml +++ b/helm-charts/dapr/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 1.12.0 +appVersion: 1.13.1 description: A Helm chart for Dapr on Kubernetes name: dapr -version: 1.12.0 +version: 1.13.1 diff --git a/helm-charts/dapr/README.md b/helm-charts/dapr/README.md index 4a2010d..93edde3 100644 --- a/helm-charts/dapr/README.md +++ b/helm-charts/dapr/README.md @@ -103,70 +103,85 @@ The Helm chart has the follow configuration options that can be supplied: | `global.daprControlPlaneOs` | Operating System for Dapr control plane | `linux` | | `global.daprControlPlaneArch` | CPU Architecture for Dapr control plane | `amd64` | | `global.nodeSelector` | Pods will be scheduled onto a node node whose labels match the nodeSelector | `{}` | -| `global.tolerations` | Pods will be allowed to schedule onto a node whose taints match the tolerations | `{}` | +| `global.tolerations` | Pods will be allowed to schedule onto a node whose taints match the tolerations | `[]` | | `global.labels` | Custom pod labels | `{}` | | `global.k8sLabels` | Custom metadata labels | `{}` | | `global.issuerFilenames.ca` | Custom name of the file containing the root CA certificate inside the container | `ca.crt` | | `global.issuerFilenames.cert` | Custom name of the file containing the leaf certificate inside the container | `issuer.crt` | | `global.issuerFilenames.key` | Custom name of the file containing the leaf certificate's key inside the container | `issuer.key` | -| `global.actors.enabled` | Enables the Dapr actors building block. When "false", the Dapr Placement serice is not installed, and attempting to use Dapr actors will fail. | `true` | +| `global.actors.enabled` | Enables the Dapr actors building block. When "false", the Dapr Placement service is not installed, and attempting to use Dapr actors will fail. | `true` | +| `global.actors.serviceName` | Name of the service that provides actor placement services. | `placement` | +| `global.reminders.serviceName` | Name of the service that provides reminders functionality. If empty (the default), uses the built-in reminders capabilities in Dapr sidecars. | | | `global.seccompProfile` | SeccompProfile for Dapr control plane services | `""` | | `global.rbac.namespaced` | Removes cluster wide permissions where applicable | `false` | -| `global.argoRolloutServiceReconciler.enabled` | Enable the service reconciler for Dapr-enabled Argo Rollouts | `false` | +| `global.argoRolloutServiceReconciler.enabled` | Enable the service reconciler for Dapr-enabled Argo Rollouts | `false` | +| `global.priorityClassName` | Adds `priorityClassName` to Dapr pods | `""` | ### Dapr Operator options: -| Parameter | Description | Default | -|-------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------| -| `dapr_operator.replicaCount` | Number of replicas | `1` | -| `dapr_operator.logLevel` | Log level | `info` | -| `dapr_operator.watchInterval` | Interval for polling pods' state (e.g. `2m`). Set to `0` to disable, or `once` to only run once when the operator starts | `0` | -| `dapr_operator.maxPodRestartsPerMinute` | Maximum number of pods in an invalid state that can be restarted per minute | `20` | -| `dapr_operator.image.name` | Docker image name (`global.registry/dapr_operator.image.name`) | `dapr` | -| `dapr_operator.runAsNonRoot` | Boolean value for `securityContext.runAsNonRoot`. You may have to set this to `false` when running in Minikube | `true` | -| `dapr_operator.resources` | Value of `resources` attribute. Can be used to set memory/cpu resources/limits. See the section "Resource configuration" above. Defaults to empty | `{}` | -| `dapr_operator.debug.enabled` | Boolean value for enabling debug mode | `{}` | -| `dapr_operator.serviceReconciler.enabled` | If false, disables the reconciler that creates Services for Dapr-enabled Deployments and StatefulSets.
Note: disabling this reconciler could prevent Dapr service invocation from working. | `true` | -| `dapr_operator.watchNamespace` | The namespace to watch for annotated Dapr resources in | `""` | -| `dapr_operator.deploymentAnnotations` | Custom annotations for Dapr Operator Deployment | `{}` | +| Parameter | Description | Default | +|--------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------| +| `dapr_operator.replicaCount` | Number of replicas | `1` | +| `dapr_operator.logLevel` | Log level | `info` | +| `dapr_operator.watchInterval` | Interval for polling pods' state (e.g. `2m`). Set to `0` to disable, or `once` to only run once when the operator starts | `0` | +| `dapr_operator.maxPodRestartsPerMinute` | Maximum number of pods in an invalid state that can be restarted per minute | `20` | +| `dapr_operator.image.name` | Docker image name (`global.registry/dapr_operator.image.name`) | `dapr` | +| `dapr_operator.runAsNonRoot` | Boolean value for `securityContext.runAsNonRoot`. You may have to set this to `false` when running in Minikube | `true` | +| `dapr_operator.resources` | Value of `resources` attribute. Can be used to set memory/cpu resources/limits. See the section "Resource configuration" above. Defaults to empty | `{}` | +| `dapr_operator.debug.enabled` | Boolean value for enabling debug mode | `{}` | +| `dapr_operator.serviceReconciler.enabled` | If false, disables the reconciler that creates Services for Dapr-enabled Deployments and StatefulSets.
Note: disabling this reconciler could prevent Dapr service invocation from working. | `true` | +| `dapr_operator.watchNamespace` | The namespace to watch for annotated Dapr resources in | `""` | +| `dapr_operator.deploymentAnnotations` | Custom annotations for Dapr Operator Deployment | `{}` | +| `dapr_operator.apiService.annotations` | Custom annotations for "dapr-operator" Service resource | `{}` | +| `dapr_operator.apiService.type` | Type for "dapr-operator" Service resource (e.g. `ClusterIP`, `LoadBalancer`, etc) | `ClusterIP` | +| `dapr_operator.webhookService.annotations` | Custom annotations for "dapr-webhook" Service resource | `{}` | +| `dapr_operator.webhookService.type` | Type for "dapr-webhook" Service resource (e.g. `ClusterIP`, `LoadBalancer`, etc) | `ClusterIP` | +| `dapr_operator.extraEnvVars` | Map of (name, value) tuples to use as extra environment variables (e.g. `my-env-var: "my-val"`, etc) | `{}` | ### Dapr Placement options: -| Parameter | Description | Default | -|------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------| -| `dapr_placement.ha` | If set to true, deploys the Placement service with 3 nodes regardless of the value of `global.ha.enabled` | `false` | -| `dapr_placement.replicationFactor` | Number of consistent hashing virtual node | `100` | -| `dapr_placement.logLevel` | Service Log level | `info` | +| Parameter | Description | Default | +|---|---|---| +| `dapr_placement.ha`| If set to true, deploys the Placement service with 3 nodes regardless of the value of `global.ha.enabled` | `false` | +| `dapr_placement.replicationFactor` | Number of consistent hashing virtual node | `100`| +| `dapr_placement.logLevel` | Service Log level | `info`| | `dapr_placement.image.name` | Service docker image name (`global.registry/dapr_placement.image.name`) | `dapr` | | `dapr_placement.cluster.forceInMemoryLog` | Use in-memory log store and disable volume attach when HA is true | `false` | | `dapr_placement.cluster.logStorePath` | Mount path for persistent volume for log store in unix-like system when HA is true | `/var/run/dapr/raft-log` | | `dapr_placement.cluster.logStoreWinPath` | Mount path for persistent volume for log store in windows when HA is true | `C:\\raft-log` | -| `dapr_placement.volumeclaims.storageSize` | Attached volume size | `1Gi` | -| `dapr_placement.volumeclaims.storageClassName` | storage class name | | +| `dapr_placement.volumeclaims.storageSize` | Attached volume size | `1Gi` | +| `dapr_placement.volumeclaims.storageClassName` | Storage class name || +| `dapr_placement.maxActorApiLevel` | Sets the `max-api-level` flag which prevents the Actor API level from going above this value. The Placement service reports to all connected hosts the Actor API level as the minimum value observed in all actor hosts in the cluster. Actor hosts with a lower API level than the current API level in the cluster will not be able to connect to Placement. Setting a cap helps making sure that older versions of Dapr can connect to Placement as actor hosts, but may limit the capabilities of the actor subsystem. The default value of -1 means no cap. | `-1` | +| `dapr_placement.minActorApiLevel` | Sets the `min-api-level` flag, which enforces a minimum value for the Actor API level in the cluster. | `0` | +| `dapr_placement.scaleZero` | If true, the StatefulSet is deployed with a zero scale, regardless of the values of `global.ha.enabled` or `dapr_placement.ha` | `false` | | `dapr_placement.runAsNonRoot` | Boolean value for `securityContext.runAsNonRoot`. Does not apply unless `forceInMemoryLog` is set to `true`. You may have to set this to `false` when running in Minikube | `false` | | `dapr_placement.resources` | Value of `resources` attribute. Can be used to set memory/cpu resources/limits. See the section "Resource configuration" above. Defaults to empty | `{}` | | `dapr_placement.debug.enabled` | Boolean value for enabling debug mode | `{}` | | `dapr_placement.metadataEnabled` | Boolean value for enabling placement tables metadata HTTP API | `false` | | `dapr_placement.statefulsetAnnotations` | Custom annotations for Dapr Placement Statefulset | `{}` | +| `dapr_placement.service.annotations` | Custom annotations for "dapr-placement-server" Service resource | `{}` | +| `dapr_placement.extraEnvVars` | Dictionary (key: value pairs) to use as extra environment variables in the injected sidecar containers (e.g. `my-env-var: "my-val"`, etc) | `{}` | ### Dapr RBAC options: -| Parameter | Description | Default | -|-------------------------------------------|-------------------------------------------------------------------------|-------------------------| +| Parameter | Description | Default | +|---|---|---| | `dapr_rbac.secretReader.enabled` | Deploys a default secret reader Role and RoleBinding | `true` | | `dapr_rbac.secretReader.namespace` | Namespace for the default secret reader | `default` | ### Dapr Sentry options: -| Parameter | Description | Default | -|-------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------| +| Parameter | Description | Default | +|---|---|---| | `dapr_sentry.replicaCount` | Number of replicas | `1` | | `dapr_sentry.logLevel` | Log level | `info` | | `dapr_sentry.image.name` | Docker image name (`global.registry/dapr_sentry.image.name`) | `dapr` | | `dapr_sentry.tls.issuer.certPEM` | Issuer Certificate cert | `""` | | `dapr_sentry.tls.issuer.keyPEM` | Issuer Private Key cert | `""` | | `dapr_sentry.tls.root.certPEM` | Root Certificate cert | `""` | -| `dapr_sentry.tokenAudience` | Expected audience for tokens; multiple values can be separated by a comma. Defaults to the audience expected by the Kubernetes control plane if not set | `""` | | `dapr_sentry.runAsNonRoot` | Boolean value for `securityContext.runAsNonRoot`. You may have to set this to `false` when running in Minikube | `true` | | `dapr_sentry.resources` | Value of `resources` attribute. Can be used to set memory/cpu resources/limits. See the section "Resource configuration" above. Defaults to empty | `{}` | | `dapr_sentry.debug.enabled` | Boolean value for enabling debug mode | `{}` | | `dapr_sentry.deploymentAnnotations` | Custom annotations for Dapr Sentry Deployment | `{}` | +| `dapr_sentry.service.annotations` | Custom annotations for "dapr-sentry" Service resource | `{}` | +| `dapr_sentry.service.type` | Type for "dapr-sentry" Service resource (e.g. `ClusterIP`, `LoadBalancer`, etc) | `ClusterIP` | +| `dapr_placement.extraEnvVars` | Map of (name, value) tuples to use as extra environment variables (e.g. `my-env-var: "my-val"`, etc) | `{}` | ### Dapr Sidecar Injector options: | Parameter | Description | Default | @@ -179,10 +194,11 @@ The Helm chart has the follow configuration options that can be supplied: | `dapr_sidecar_injector.injectorImage.name` | Docker image name for sidecar injector service (`global.registry/dapr_sidecar_injector.injectorImage.name`) | `dapr`| | `dapr_sidecar_injector.webhookFailurePolicy` | Failure policy for the sidecar injector | `Ignore` | | `dapr_sidecar_injector.runAsNonRoot` | Boolean value for `securityContext.runAsNonRoot` for the Sidecar Injector container itself. You may have to set this to `false` when running in Minikube | `true` | -| `dapr_sidecar_injector.sidecarRunAsNonRoot` | When this boolean value is true (the default), the injected sidecar containers have `runAsRoot: true`. You may have to set this to `false` when running Minikube | `true` | -| `dapr_sidecar_injector.sidecarReadOnlyRootFilesystem` | When this boolean value is true (the default), the injected sidecar containers have `readOnlyRootFilesystem: true` | `true` | -| `dapr_sidecar_injector.sidecarDropALLCapabilities` | When this boolean valus is true, the injected sidecar containers have `securityContext.capabilities.drop: ["ALL"]` | `false` | -| `dapr_sidecar_injector.allowedServiceAccounts` | String value for extra allowed service accounts in the format of `namespace1:serviceAccount1,namespace2:serviceAccount2` | `""` | +| `dapr_sidecar_injector.sidecarRunAsNonRoot` | When this boolean value is true (the default), the injected sidecar containers have `runAsRoot: true`. You may have to set this to `false` when running Minikube | `true` | +| `dapr_sidecar_injector.sidecarReadOnlyRootFilesystem` | When this boolean value is true (the default), the injected sidecar containers have `readOnlyRootFilesystem: true` | `true` | +| `dapr_sidecar_injector.enableK8sDownwardAPIs` | When set to true, uses the Kubernetes downward projection APIs to inject certain environmental variables (such as pod IP) into the daprd container. (default: `false`) | `true` | +| `dapr_sidecar_injector.sidecarDropALLCapabilities` | When this boolean valus is true, the injected sidecar containers have `securityContext.capabilities.drop: ["ALL"]` | `false` | +| `dapr_sidecar_injector.allowedServiceAccounts` | String value for extra allowed service accounts in the format of `namespace1:serviceAccount1,namespace2:serviceAccount2` | `""` | | `dapr_sidecar_injector.allowedServiceAccountsPrefixNames` | Comma-separated list of extra allowed service accounts. Each item in the list should be in the format of namespace:serviceaccount. To match service accounts by a common prefix, you can add an asterisk (`*`) at the end of the prefix. For instance, ns1*:sa2* will match any service account that starts with sa2, whose namespace starts with ns1. For example, it will match service accounts like sa21 and sa2223 in namespaces such as ns1, ns1dapr, and so on. | `""` | | `dapr_sidecar_injector.resources` | Value of `resources` attribute. Can be used to set memory/cpu resources/limits. See the section "Resource configuration" above. Defaults to empty | `{}` | | `dapr_sidecar_injector.debug.enabled` | Boolean value for enabling debug mode | `{}` | @@ -190,7 +206,10 @@ The Helm chart has the follow configuration options that can be supplied: | `dapr_sidecar_injector.ignoreEntrypointTolerations` | JSON array of Kubernetes tolerations. If pod contains any of these tolerations, it will ignore the Docker image ENTRYPOINT for Dapr sidecar. | `[{\"effect\":\"NoSchedule\",\"key\":\"alibabacloud.com/eci\"},{\"effect\":\"NoSchedule\",\"key\":\"azure.com/aci\"},{\"effect\":\"NoSchedule\",\"key\":\"aws\"},{\"effect\":\"NoSchedule\",\"key\":\"huawei.com/cci\"}]` | | `dapr_sidecar_injector.hostNetwork` | Enable hostNetwork mode. This is helpful when working with overlay networks such as Calico CNI and admission webhooks fail | `false` | | `dapr_sidecar_injector.healthzPort` | The port used for health checks. Helpful in combination with hostNetwork to avoid port collisions | `8080` | -| `dapr_sidecar.deploymentAnnotations` | Custom annotations for Dapr sidecar Deployment | `{}` | +| `dapr_sidecar_injector.deploymentAnnotations` | Custom annotations for Dapr Sidecar Injector Deployment | `{}` | +| `dapr_sidecar_injector.service.annotations` | Custom annotations for "dapr-sidecar-injector" Service resource | `{}` | +| `dapr_sidecar_injector.service.type` | Type for "dapr-sidecar-injector" Service resource (e.g. `ClusterIP`, `LoadBalancer`, etc) | `ClusterIP` | +| `dapr_sidecar_injector.extraEnvVars` | Map of (name, value) tuples to use as extra environment variables (e.g. `my-env-var: "my-val"`, etc) | `{}` | ## Example of highly available configuration of the control plane diff --git a/helm-charts/dapr/charts/dapr_config/Chart.yaml b/helm-charts/dapr/charts/dapr_config/Chart.yaml index 091ce4b..c6b265a 100644 --- a/helm-charts/dapr/charts/dapr_config/Chart.yaml +++ b/helm-charts/dapr/charts/dapr_config/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Dapr configuration name: dapr_config -version: 1.12.0 +version: 1.13.1 diff --git a/helm-charts/dapr/charts/dapr_operator/Chart.yaml b/helm-charts/dapr/charts/dapr_operator/Chart.yaml index ce2f47e..3e435a4 100644 --- a/helm-charts/dapr/charts/dapr_operator/Chart.yaml +++ b/helm-charts/dapr/charts/dapr_operator/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Dapr Kubernetes Operator name: dapr_operator -version: 1.12.0 +version: 1.13.1 diff --git a/helm-charts/dapr/charts/dapr_operator/templates/dapr_operator_deployment.yaml b/helm-charts/dapr/charts/dapr_operator/templates/dapr_operator_deployment.yaml index 81c7434..048f6ae 100644 --- a/helm-charts/dapr/charts/dapr_operator/templates/dapr_operator_deployment.yaml +++ b/helm-charts/dapr/charts/dapr_operator/templates/dapr_operator_deployment.yaml @@ -34,8 +34,8 @@ spec: prometheus.io/port: "{{ .Values.global.prometheus.port }}" prometheus.io/path: "/" {{- end }} -{{- if .Values.deploymentAnnotations }} -{{ toYaml .Values.deploymentAnnotations | indent 4}} +{{- with .Values.deploymentAnnotations }} +{{ toYaml . | indent 8 }} {{- end }} spec: containers: @@ -89,6 +89,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + {{- range $name, $value := .Values.extraEnvVars }} + - name: "{{ $name }}" + value: "{{ $value }}" + {{- end }} ports: - containerPort: 6500 {{- if eq .Values.global.prometheus.enabled true }} @@ -219,7 +223,7 @@ spec: {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: - {{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 }} + {{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 -}} {{- end }} {{- if .Values.global.nodeSelector }} nodeSelector: @@ -229,3 +233,7 @@ spec: tolerations: {{ toYaml .Values.global.tolerations | indent 8 }} {{- end }} +{{- if .Values.global.priorityClassName }} + priorityClassName: +{{ toYaml .Values.global.priorityClassName | indent 8 }} +{{- end }} diff --git a/helm-charts/dapr/charts/dapr_operator/templates/dapr_operator_service.yaml b/helm-charts/dapr/charts/dapr_operator/templates/dapr_operator_service.yaml index 10ffaa8..d43c014 100644 --- a/helm-charts/dapr/charts/dapr_operator/templates/dapr_operator_service.yaml +++ b/helm-charts/dapr/charts/dapr_operator/templates/dapr_operator_service.yaml @@ -7,13 +7,27 @@ metadata: {{- range $key, $value := .Values.global.k8sLabels }} {{ $key }}: {{ tpl $value $ }} {{- end }} +{{- if .Values.apiService.annotations }} +{{ toYaml .Values.apiService.annotations | indent 4}} +{{- end }} spec: selector: app: dapr-operator + type: {{ .Values.apiService.type }} ports: - protocol: TCP - port: {{ .Values.ports.port }} + port: {{ .Values.ports.port }} targetPort: {{ .Values.ports.targetPort }} + name: grpc +# Added for backwards compatibility where previous clients will attempt to +# connect on port 80. +# TOOD: @joshvanl: remove in v1.14 +{{ if (ne (int .Values.ports.port) 80) }} + - protocol: TCP + port: 80 + targetPort: {{ .Values.ports.targetPort }} + name: legacy +{{ end }} --- apiVersion: v1 kind: Service @@ -24,10 +38,14 @@ metadata: {{- range $key, $value := .Values.global.k8sLabels }} {{ $key }}: {{ tpl $value $ }} {{- end }} +{{- if .Values.webhookService.annotations }} +{{ toYaml .Values.webhookService.annotations | indent 4}} +{{- end }} spec: + type: {{ .Values.webhookService.type }} ports: - port: 443 targetPort: 19443 protocol: TCP selector: - app: dapr-operator \ No newline at end of file + app: dapr-operator diff --git a/helm-charts/dapr/charts/dapr_operator/values.yaml b/helm-charts/dapr/charts/dapr_operator/values.yaml index 6f81c33..8b35ef1 100644 --- a/helm-charts/dapr/charts/dapr_operator/values.yaml +++ b/helm-charts/dapr/charts/dapr_operator/values.yaml @@ -16,6 +16,13 @@ fullnameOverride: "" deploymentAnnotations: {} +apiService: + type: ClusterIP + annotations: {} +webhookService: + type: ClusterIP + annotations: {} + runAsNonRoot: true serviceReconciler: @@ -23,11 +30,13 @@ serviceReconciler: ports: protocol: TCP - port: 80 + port: 443 targetPort: 6500 resources: {} +extraEnvVars: {} + livenessProbe: initialDelaySeconds: 3 periodSeconds: 3 diff --git a/helm-charts/dapr/charts/dapr_placement/Chart.yaml b/helm-charts/dapr/charts/dapr_placement/Chart.yaml index e13389b..b4668f4 100644 --- a/helm-charts/dapr/charts/dapr_placement/Chart.yaml +++ b/helm-charts/dapr/charts/dapr_placement/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Dapr Kubernetes placement name: dapr_placement -version: 1.12.0 +version: 1.13.1 diff --git a/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_poddisruptionbudget.yaml b/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_poddisruptionbudget.yaml index 1ecd7f5..527f49a 100644 --- a/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_poddisruptionbudget.yaml +++ b/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_poddisruptionbudget.yaml @@ -1,4 +1,4 @@ -{{- if and (eq .Values.global.ha.enabled true) (eq .Values.global.actors.enabled true) }} +{{- if and (eq .Values.global.ha.enabled true) (eq .Values.global.actors.enabled true) (eq .Values.global.actors.serviceName "placement") }} {{- if .Capabilities.APIVersions.Has "policy/v1" }} apiVersion: policy/v1 {{- else }} diff --git a/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_service.yaml b/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_service.yaml index 42f2554..191bc45 100644 --- a/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_service.yaml +++ b/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_service.yaml @@ -1,4 +1,4 @@ -{{- if eq .Values.global.actors.enabled true }} +{{- if and (eq .Values.global.actors.enabled true) (eq .Values.global.actors.serviceName "placement") }} kind: Service apiVersion: v1 metadata: @@ -9,6 +9,9 @@ metadata: {{- range $key, $value := .Values.global.k8sLabels }} {{ $key }}: {{ tpl $value $ }} {{- end }} +{{- if .Values.service.annotations }} +{{ toYaml .Values.service.annotations | indent 4}} +{{- end }} spec: selector: app: dapr-placement-server diff --git a/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_statefulset.yaml b/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_statefulset.yaml index e805dbf..5c4b619 100644 --- a/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_statefulset.yaml +++ b/helm-charts/dapr/charts/dapr_placement/templates/dapr_placement_statefulset.yaml @@ -1,4 +1,4 @@ -{{- if eq .Values.global.actors.enabled true }} +{{- if and (eq .Values.global.actors.enabled true) (eq .Values.global.actors.serviceName "placement") }} apiVersion: apps/v1 kind: StatefulSet metadata: @@ -10,7 +10,9 @@ metadata: {{ $key }}: {{ tpl $value $ }} {{- end }} spec: -{{- if or (eq .Values.global.ha.enabled true) (eq .Values.ha true) }} +{{- if eq .Values.scaleZero true }} + replicas: 0 +{{- else if or (eq .Values.global.ha.enabled true) (eq .Values.ha true) }} replicas: 3 {{- else }} replicas: 1 @@ -37,8 +39,8 @@ spec: prometheus.io/port: "{{ .Values.global.prometheus.port }}" prometheus.io/path: "/" {{- end }} -{{- if .Values.statefulsetAnnotations }} -{{ toYaml .Values.statefulsetAnnotations | indent 4}} +{{- with .Values.statefulsetAnnotations }} +{{ toYaml . | indent 8 }} {{- end }} spec: containers: @@ -147,6 +149,10 @@ spec: - "--enable-metrics" - "--replicationFactor" - "{{ .Values.replicationFactor }}" + - "--max-api-level" + - "{{ .Values.maxActorApiLevel }}" + - "--min-api-level" + - "{{ .Values.minActorApiLevel }}" - "--metrics-port" - "{{ .Values.global.prometheus.port }}" {{- else }} @@ -178,14 +184,18 @@ spec: {{- end }} {{- end }} env: - - name: PLACEMENT_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: PLACEMENT_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- range $name, $value := .Values.extraEnvVars }} + - name: "{{ $name }}" + value: "{{ $value }}" + {{- end }} serviceAccountName: dapr-placement volumes: - name: dapr-trust-bundle @@ -233,7 +243,7 @@ spec: {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: - {{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 }} + {{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 -}} {{- end }} {{- if .Values.global.nodeSelector }} nodeSelector: @@ -259,4 +269,8 @@ spec: {{- end }} {{- end }} {{- end }} +{{- if .Values.global.priorityClassName }} + priorityClassName: +{{ toYaml .Values.global.priorityClassName | indent 8 }} +{{- end }} {{- end }} diff --git a/helm-charts/dapr/charts/dapr_placement/values.yaml b/helm-charts/dapr/charts/dapr_placement/values.yaml index 06ee8e2..27832b3 100644 --- a/helm-charts/dapr/charts/dapr_placement/values.yaml +++ b/helm-charts/dapr/charts/dapr_placement/values.yaml @@ -12,13 +12,20 @@ fullnameOverride: "" statefulsetAnnotations: {} +service: + annotations: {} + ports: protocol: TCP apiPort: 50005 raftRPCPort: 8201 +scaleZero: false ha: false +maxActorApiLevel: 10 +minActorApiLevel: 0 + cluster: forceInMemoryLog: false logStorePath: /var/run/dapr/raft-log @@ -48,3 +55,6 @@ debug: runAsNonRoot: true resources: {} + +extraEnvVars: {} + diff --git a/helm-charts/dapr/charts/dapr_rbac/Chart.yaml b/helm-charts/dapr/charts/dapr_rbac/Chart.yaml index d1766f0..624b29a 100644 --- a/helm-charts/dapr/charts/dapr_rbac/Chart.yaml +++ b/helm-charts/dapr/charts/dapr_rbac/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Dapr Kubernetes RBAC components name: dapr_rbac -version: 1.12.0 +version: 1.13.1 diff --git a/helm-charts/dapr/charts/dapr_rbac/templates/injector.yaml b/helm-charts/dapr/charts/dapr_rbac/templates/injector.yaml index ffb1845..2fd919a 100644 --- a/helm-charts/dapr/charts/dapr_rbac/templates/injector.yaml +++ b/helm-charts/dapr/charts/dapr_rbac/templates/injector.yaml @@ -26,7 +26,7 @@ rules: resourceNames: ["dapr-sidecar-injector"] {{- if not .Values.global.rbac.namespaced }} - apiGroups: ["dapr.io"] - resources: ["configurations", "components"] + resources: ["components"] verbs: [ "get", "list"] {{- end }} --- @@ -63,9 +63,12 @@ rules: resourceNames: ["dapr-trust-bundle"] {{- if eq .Values.global.rbac.namespaced true }} - apiGroups: ["dapr.io"] - resources: ["configurations", "components"] + resources: ["components"] verbs: [ "get", "list"] {{- end }} + - apiGroups: ["dapr.io"] + resources: ["configurations"] + verbs: [ "get" ] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/helm-charts/dapr/charts/dapr_rbac/templates/placement.yaml b/helm-charts/dapr/charts/dapr_rbac/templates/placement.yaml index 588fa69..1dc9570 100644 --- a/helm-charts/dapr/charts/dapr_rbac/templates/placement.yaml +++ b/helm-charts/dapr/charts/dapr_rbac/templates/placement.yaml @@ -1,3 +1,4 @@ +{{- if and (eq .Values.global.actors.enabled true) (eq .Values.global.actors.serviceName "placement") }} apiVersion: v1 kind: ServiceAccount metadata: @@ -7,7 +8,9 @@ metadata: {{- range $key, $value := .Values.global.k8sLabels }} {{ $key }}: {{ tpl $value $ }} {{- end }} +{{- end }} --- +{{- if and (eq .Values.global.actors.enabled true) (eq .Values.global.actors.serviceName "placement") }} {{- if eq .Values.global.rbac.namespaced true }} kind: Role {{- else }} @@ -21,7 +24,9 @@ metadata: {{ $key }}: {{ tpl $value $ }} {{- end }} rules: [] +{{- end }} --- +{{- if and (eq .Values.global.actors.enabled true) (eq .Values.global.actors.serviceName "placement") }} {{- if eq .Values.global.rbac.namespaced true }} kind: RoleBinding {{- else }} @@ -46,3 +51,4 @@ roleRef: kind: ClusterRole {{- end }} name: dapr-placement +{{- end }} diff --git a/helm-charts/dapr/charts/dapr_rbac/templates/sentry.yaml b/helm-charts/dapr/charts/dapr_rbac/templates/sentry.yaml index b21f303..39c30d8 100644 --- a/helm-charts/dapr/charts/dapr_rbac/templates/sentry.yaml +++ b/helm-charts/dapr/charts/dapr_rbac/templates/sentry.yaml @@ -64,11 +64,9 @@ rules: resources: ["configmaps"] verbs: ["get", "update", "watch", "list"] resourceNames: ["dapr-trust-bundle"] -{{- if eq .Values.global.rbac.namespaced true }} - apiGroups: ["dapr.io"] resources: ["configurations"] - verbs: ["list"] -{{- end }} + verbs: ["list", "get", "watch"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/helm-charts/dapr/charts/dapr_rbac/values.yaml b/helm-charts/dapr/charts/dapr_rbac/values.yaml index fe7a0dd..c3ccfd5 100644 --- a/helm-charts/dapr/charts/dapr_rbac/values.yaml +++ b/helm-charts/dapr/charts/dapr_rbac/values.yaml @@ -1,4 +1,4 @@ -secretReader: - enabled: true - namespace: default -component: rbac +secretReader: + enabled: true + namespace: default +component: rbac diff --git a/helm-charts/dapr/charts/dapr_sentry/Chart.yaml b/helm-charts/dapr/charts/dapr_sentry/Chart.yaml index 7f0243d..d9766c5 100644 --- a/helm-charts/dapr/charts/dapr_sentry/Chart.yaml +++ b/helm-charts/dapr/charts/dapr_sentry/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Dapr Sentry name: dapr_sentry -version: 1.12.0 +version: 1.13.1 diff --git a/helm-charts/dapr/charts/dapr_sentry/templates/dapr_sentry_deployment.yaml b/helm-charts/dapr/charts/dapr_sentry/templates/dapr_sentry_deployment.yaml index 322f9d8..b672c26 100644 --- a/helm-charts/dapr/charts/dapr_sentry/templates/dapr_sentry_deployment.yaml +++ b/helm-charts/dapr/charts/dapr_sentry/templates/dapr_sentry_deployment.yaml @@ -19,6 +19,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: dapr-trust-bundle + namespace: {{ .Release.Namespace }} labels: app: dapr-sentry {{- range $key, $value := .Values.global.k8sLabels }} @@ -65,8 +66,8 @@ spec: prometheus.io/port: "{{ .Values.global.prometheus.port }}" prometheus.io/path: "/" {{- end }} -{{- if .Values.deploymentAnnotations }} -{{ toYaml .Values.deploymentAnnotations | indent 4}} +{{- with .Values.deploymentAnnotations }} +{{ toYaml . | indent 8 }} {{- end }} spec: containers: @@ -120,6 +121,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + {{- range $name, $value := .Values.extraEnvVars }} + - name: "{{ $name }}" + value: "{{ $value }}" + {{- end }} ports: - containerPort: 50001 {{- if eq .Values.global.prometheus.enabled true }} @@ -172,10 +177,6 @@ spec: {{- end }} - "--trust-domain" - {{ .Values.global.mtls.controlPlaneTrustDomain }} -{{- if .Values.tokenAudience }} - - "--token-audience" - - {{ .Values.tokenAudience }} -{{- end }} {{- with .Values.global.issuerFilenames }} - "--issuer-ca-filename" - "{{ .ca }}" @@ -222,7 +223,7 @@ spec: {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: - {{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 }} + {{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 -}} {{- end }} {{- if .Values.global.nodeSelector }} nodeSelector: @@ -232,3 +233,7 @@ spec: tolerations: {{ toYaml .Values.global.tolerations | indent 8 }} {{- end }} +{{- if .Values.global.priorityClassName }} + priorityClassName: +{{ toYaml .Values.global.priorityClassName | indent 8 }} +{{- end }} diff --git a/helm-charts/dapr/charts/dapr_sentry/templates/dapr_sentry_service.yaml b/helm-charts/dapr/charts/dapr_sentry/templates/dapr_sentry_service.yaml index 559a3bf..c162eec 100644 --- a/helm-charts/dapr/charts/dapr_sentry/templates/dapr_sentry_service.yaml +++ b/helm-charts/dapr/charts/dapr_sentry/templates/dapr_sentry_service.yaml @@ -7,9 +7,13 @@ metadata: {{- range $key, $value := .Values.global.k8sLabels }} {{ $key }}: {{ tpl $value $ }} {{- end }} +{{- if .Values.service.annotations }} +{{ toYaml .Values.service.annotations | indent 4}} +{{- end }} spec: selector: app: dapr-sentry + type: {{ .Values.service.type }} ports: - protocol: TCP port: {{ .Values.ports.port }} diff --git a/helm-charts/dapr/charts/dapr_sentry/values.yaml b/helm-charts/dapr/charts/dapr_sentry/values.yaml index 265d5ce..002f25b 100644 --- a/helm-charts/dapr/charts/dapr_sentry/values.yaml +++ b/helm-charts/dapr/charts/dapr_sentry/values.yaml @@ -11,10 +11,12 @@ image: nameOverride: "" fullnameOverride: "" -tokenAudience: "" - deploymentAnnotations: {} +service: + type: ClusterIP + annotations: {} + ports: protocol: TCP port: 443 @@ -44,3 +46,6 @@ debug: runAsNonRoot: true resources: {} + +extraEnvVars: {} + diff --git a/helm-charts/dapr/charts/dapr_sidecar_injector/Chart.yaml b/helm-charts/dapr/charts/dapr_sidecar_injector/Chart.yaml index d19a1ee..6c5c9e3 100644 --- a/helm-charts/dapr/charts/dapr_sidecar_injector/Chart.yaml +++ b/helm-charts/dapr/charts/dapr_sidecar_injector/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for the Dapr sidecar injector name: dapr_sidecar_injector -version: 1.12.0 +version: 1.13.1 diff --git a/helm-charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_deployment.yaml b/helm-charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_deployment.yaml index 1c8ca57..4f54247 100644 --- a/helm-charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_deployment.yaml +++ b/helm-charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_deployment.yaml @@ -35,8 +35,8 @@ spec: prometheus.io/port: "{{ .Values.global.prometheus.port }}" prometheus.io/path: "/" {{- end }} -{{- if .Values.deploymentAnnotations }} -{{ toYaml .Values.deploymentAnnotations | indent 4}} +{{- with .Values.deploymentAnnotations }} +{{ toYaml . | indent 8 }} {{- end }} spec: {{- if .Values.hostNetwork }} @@ -123,55 +123,71 @@ spec: - "--enable-metrics=false" {{- end }} - "--healthz-port" - - "{{ .Values.healthzPort }}" + - {{ .Values.healthzPort | toString | toYaml }} env: - name: DAPR_TRUST_ANCHORS_FILE value: /var/run/secrets/dapr.io/tls/ca.crt - name: DAPR_CONTROL_PLANE_TRUST_DOMAIN - value: {{ .Values.global.mtls.controlPlaneTrustDomain }} + value: {{ .Values.global.mtls.controlPlaneTrustDomain | toYaml }} - name: DAPR_SENTRY_ADDRESS - value: {{ if .Values.global.mtls.sentryAddress }}{{ .Values.global.mtls.sentryAddress }}{{ else }}dapr-sentry.{{ .Release.Namespace }}.svc.cluster.local:443{{ end }} + value: {{ with .Values.global.mtls.sentryAddress }}{{ . }}{{ else }}dapr-sentry.{{ .Release.Namespace }}.svc.cluster.local:443{{ end }} + {{- range $name, $value := .Values.extraEnvVars }} + - name: {{ $name | toYaml }} + value: {{ $value | toString | toYaml }} + {{- end }} {{- if .Values.kubeClusterDomain }} - name: KUBE_CLUSTER_DOMAIN - value: "{{ .Values.kubeClusterDomain }}" + value: {{ .Values.kubeClusterDomain | toYaml }} {{- end }} - name: SIDECAR_IMAGE {{- if contains "/" .Values.image.name }} - value: "{{ .Values.image.name }}" + value: {{ .Values.image.name | toYaml }} {{- else }} value: "{{ .Values.global.registry }}/{{ .Values.image.name }}:{{ .Values.global.tag }}" {{- end }} - name: SIDECAR_IMAGE_PULL_POLICY - value: "{{ .Values.sidecarImagePullPolicy }}" + value: {{ .Values.sidecarImagePullPolicy | toYaml }} + # Configuration for injected sidecars + - name: SIDECAR_RUN_AS_NON_ROOT + value: {{ .Values.sidecarRunAsNonRoot | toString | toYaml }} + - name: ENABLE_K8S_DOWNWARD_APIS + value: {{ .Values.enableK8sDownwardAPIs | toString | toYaml }} + - name: SIDECAR_DROP_ALL_CAPABILITIES + value: {{ .Values.sidecarDropALLCapabilities | toString | toYaml }} + - name: SIDECAR_READ_ONLY_ROOT_FILESYSTEM + value: {{ .Values.sidecarReadOnlyRootFilesystem | toString | toYaml }} + - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace + {{- if .Values.ignoreEntrypointTolerations }} - name: IGNORE_ENTRYPOINT_TOLERATIONS - value: "{{ .Values.ignoreEntrypointTolerations }}" + value: {{ .Values.ignoreEntrypointTolerations | toYaml }} {{- end }} -{{- if not .Values.global.actors.enabled }} - - name: SKIP_PLACEMENT - value: "true" + + # Configuration for actors and reminders + - name: ACTORS_ENABLED + value: {{ .Values.global.actors.enabled | toString | toYaml }} + - name: ACTORS_SERVICE_NAME + value: {{ .Values.global.actors.serviceName | toString | toYaml }} + - name: ACTORS_SERVICE_ADDRESS + value: {{ include (print "address." .Values.global.actors.serviceName) . | toString | toYaml }} +{{- with .Values.global.reminders.serviceName }} + - name: REMINDERS_SERVICE_NAME + value: {{ . | toString | toYaml }} + - name: REMINDERS_SERVICE_ADDRESS + value: {{ include (print "address." .) . | toString | toYaml }} {{- end }} - - name: SIDECAR_RUN_AS_NON_ROOT - value: "{{ .Values.sidecarRunAsNonRoot }}" - - name: SIDECAR_DROP_ALL_CAPABILITIES - value: "{{ .Values.sidecarDropALLCapabilities }}" - - name: SIDECAR_READ_ONLY_ROOT_FILESYSTEM - value: "{{ .Values.sidecarReadOnlyRootFilesystem }}" + {{- if .Values.allowedServiceAccounts }} - name: ALLOWED_SERVICE_ACCOUNTS - value: "{{ .Values.allowedServiceAccounts }}" -{{- end }} -{{- if .Values.allowedServiceAccounts }} - - name: ALLOWED_SERVICE_ACCOUNTS - value: "{{ .Values.allowedServiceAccounts }}" + value: {{ .Values.allowedServiceAccounts | toYaml }} {{- end }} {{- if .Values.allowedServiceAccountsPrefixNames }} - name: ALLOWED_SERVICE_ACCOUNTS_PREFIX_NAMES - value: "{{ .Values.allowedServiceAccountsPrefixNames }}" + value: {{ .Values.allowedServiceAccountsPrefixNames | toYaml }} {{- end }} ports: - name: https @@ -225,12 +241,12 @@ spec: - key: kubernetes.io/os operator: In values: - - {{ .Values.global.daprControlPlaneOs }} + - {{ .Values.global.daprControlPlaneOs }} {{- if .Values.global.daprControlPlaneArch }} - key: kubernetes.io/arch operator: In values: - - {{ .Values.global.daprControlPlaneArch }} + - {{ .Values.global.daprControlPlaneArch }} {{- end }} {{- if .Values.global.ha.enabled }} podAntiAffinity: @@ -247,7 +263,7 @@ spec: {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: - {{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 }} +{{- include "dapr.imagePullSecrets" (dict "imagePullSecrets" .Values.global.imagePullSecrets) | nindent 8 -}} {{- end }} {{- if .Values.global.nodeSelector }} nodeSelector: @@ -257,4 +273,8 @@ spec: tolerations: {{ toYaml .Values.global.tolerations | indent 8 }} {{- end }} +{{- if .Values.global.priorityClassName }} + priorityClassName: +{{ toYaml .Values.global.priorityClassName | indent 8 }} +{{- end }} {{- end }} diff --git a/helm-charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_service.yaml b/helm-charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_service.yaml index b31018f..513dc03 100644 --- a/helm-charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_service.yaml +++ b/helm-charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_service.yaml @@ -8,13 +8,16 @@ metadata: {{- range $key, $value := .Values.global.k8sLabels }} {{ $key }}: {{ tpl $value $ }} {{- end }} +{{- if .Values.service.annotations }} +{{ toYaml .Values.service.annotations | indent 4}} +{{- end }} spec: - type: ClusterIP + selector: + app: dapr-sidecar-injector + type: {{ .Values.service.type }} ports: - port: 443 targetPort: https protocol: TCP name: https - selector: - app: dapr-sidecar-injector {{- end }} diff --git a/helm-charts/dapr/charts/dapr_sidecar_injector/values.yaml b/helm-charts/dapr/charts/dapr_sidecar_injector/values.yaml index 8ffb2e0..c9ee703 100644 --- a/helm-charts/dapr/charts/dapr_sidecar_injector/values.yaml +++ b/helm-charts/dapr/charts/dapr_sidecar_injector/values.yaml @@ -16,6 +16,11 @@ injectorImage: name: "injector" deploymentAnnotations: {} + +service: + type: ClusterIP + annotations: {} + nameOverride: "" fullnameOverride: "" webhookFailurePolicy: Ignore @@ -24,6 +29,7 @@ runAsNonRoot: true sidecarRunAsNonRoot: true sidecarReadOnlyRootFilesystem: true sidecarDropALLCapabilities: false +enableK8sDownwardAPIs: false allowedServiceAccounts: "" allowedServiceAccountsPrefixNames: "" resources: {} @@ -45,3 +51,5 @@ debug: enabled: false port: 40000 initialDelaySeconds: 30000 + +extraEnvVars: {} diff --git a/helm-charts/dapr/crds/configuration.yaml b/helm-charts/dapr/crds/configuration.yaml index 4668827..b567825 100644 --- a/helm-charts/dapr/crds/configuration.yaml +++ b/helm-charts/dapr/crds/configuration.yaml @@ -248,6 +248,16 @@ spec: properties: enabled: type: boolean + http: + description: MetricHTTP defines configuration for metrics for + the HTTP server + properties: + increasedCardinality: + description: 'If true, metrics for the HTTP server are collected + with increased cardinality. The default is true in Dapr 1.13, + but will be changed to false in 1.14+' + type: boolean + type: object rules: items: description: MetricsRule defines configuration options for a @@ -286,6 +296,16 @@ spec: properties: enabled: type: boolean + http: + description: MetricHTTP defines configuration for metrics for + the HTTP server + properties: + increasedCardinality: + description: 'If true, metrics for the HTTP server are collected + with increased cardinality. The default is true in Dapr 1.13, + but will be changed to false in 1.14+' + type: boolean + type: object rules: items: description: MetricsRule defines configuration options for a diff --git a/helm-charts/dapr/templates/_address_placement.tpl b/helm-charts/dapr/templates/_address_placement.tpl new file mode 100644 index 0000000..c60756c --- /dev/null +++ b/helm-charts/dapr/templates/_address_placement.tpl @@ -0,0 +1,7 @@ +{{/* +Returns the address and port of the placement service +The returned value is a string in the format ":" +*/}} +{{- define "address.placement" -}} +{{- "dapr-placement-server:50005" }} +{{- end -}} \ No newline at end of file diff --git a/helm-charts/dapr/templates/_helpers.tpl b/helm-charts/dapr/templates/_helpers.tpl index 2f4043f..ec47635 100644 --- a/helm-charts/dapr/templates/_helpers.tpl +++ b/helm-charts/dapr/templates/_helpers.tpl @@ -35,15 +35,15 @@ Create chart name and version as used by the chart label. Formats imagePullSecrets. Input is dict( "imagePullSecrets" .{specific imagePullSecrets}). */}} {{- define "dapr.imagePullSecrets" -}} -{{- if eq (typeOf .imagePullSecrets) "string" }} +{{- if eq (typeOf .imagePullSecrets) "string" -}} {{- /* Single string value */ -}} - name: {{ .imagePullSecrets }} -{{- else }} -{{- range .imagePullSecrets }} -{{- if eq (typeOf .) "map[string]interface {}" }} +{{- else -}} {{- /* Not a string value, iterate */ -}} +{{- range .imagePullSecrets -}} +{{- if eq (typeOf .) "map[string]interface {}" -}} {{- /* k8s style */ -}} - {{ toYaml (dict "name" .name) | trim }} -{{- else }} +{{ else }} {{- /* helm style */ -}} - name: {{ . }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} +{{ end }} {{- /* End of inner if */ -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/helm-charts/dapr/values.yaml b/helm-charts/dapr/values.yaml index 0a9e040..e3b1296 100644 --- a/helm-charts/dapr/values.yaml +++ b/helm-charts/dapr/values.yaml @@ -1,6 +1,6 @@ global: - registry: docker.io/daprio - tag: '1.12.0' + registry: ghcr.io/dapr + tag: '1.13.1' dnsSuffix: ".cluster.local" logAsJson: false imagePullPolicy: IfNotPresent @@ -21,6 +21,7 @@ global: # - pullSecret2 imagePullSecrets: "" + priorityClassName: "" nodeSelector: {} tolerations: [] rbac: @@ -57,8 +58,18 @@ global: # placement: # operator: # injector: + actors: + # Enables actor functionality in the cluster enabled: true + # Name of the service that provides actor placement services + serviceName: "placement" + + reminders: + # Name of the service that provides reminders + # If empty, uses the built-in reminders capabilities in Dapr sidecars + serviceName: "" + daprControlPlaneOs: linux labels: {} seccompProfile: "" diff --git a/test/e2e/operator/dapr_instance_test.go b/test/e2e/operator/dapr_instance_test.go index 9d68a32..532a406 100644 --- a/test/e2e/operator/dapr_instance_test.go +++ b/test/e2e/operator/dapr_instance_test.go @@ -46,7 +46,7 @@ func TestDaprInstanceDeployWithDefaults(t *testing.T) { WithTransform(AsJSON(), And( MatchJQ(`.status.chart.name == "dapr"`), MatchJQ(`.status.chart.repo == "embedded"`), - MatchJQ(`.status.chart.version == "1.12.0"`), + MatchJQ(`.status.chart.version == "1.13.1"`), )), ) } @@ -58,7 +58,7 @@ func TestDaprInstanceDeployWithCustomChart(t *testing.T) { test, daprAc.DaprInstanceSpec(). WithChart(daprAc.ChartSpec(). - WithVersion("1.11.3")). + WithVersion("1.13.0")). WithValues(nil), ) @@ -79,7 +79,7 @@ func TestDaprInstanceDeployWithCustomChart(t *testing.T) { WithTransform(AsJSON(), And( MatchJQ(`.status.chart.name == "dapr"`), MatchJQ(`.status.chart.repo == "https://dapr.github.io/helm-charts"`), - MatchJQ(`.status.chart.version == "1.11.3"`), + MatchJQ(`.status.chart.version == "1.13.0"`), )), ) } @@ -116,7 +116,7 @@ func TestDaprInstanceDeployWithCustomSidecarImage(t *testing.T) { WithTransform(AsJSON(), And( MatchJQ(`.status.chart.name == "dapr"`), MatchJQ(`.status.chart.repo == "embedded"`), - MatchJQ(`.status.chart.version == "1.12.0"`), + MatchJQ(`.status.chart.version == "1.13.1"`), )), ) @@ -162,7 +162,7 @@ func TestDaprInstanceDeployWithApp(t *testing.T) { WithTransform(AsJSON(), And( MatchJQ(`.status.chart.name == "dapr"`), MatchJQ(`.status.chart.repo == "embedded"`), - MatchJQ(`.status.chart.version == "1.12.0"`), + MatchJQ(`.status.chart.version == "1.13.1"`), )), ) From 55d09b0bfda972c9f989c480942a3dd40ae69413 Mon Sep 17 00:00:00 2001 From: Luca Burgazzoli Date: Fri, 29 Mar 2024 10:36:06 +0100 Subject: [PATCH 2/2] Update tools --- .github/workflows/e2e-olm.yml | 3 +- .github/workflows/e2e-operator.yml | 14 +--- Dockerfile | 2 +- Makefile | 24 +++--- .../operator.dapr.io_daprcontrolplanes.yaml | 84 ++++++++++--------- .../operator.dapr.io_daprcruiscontrols.yaml | 78 +++++++++-------- .../bases/operator.dapr.io_daprinstances.yaml | 84 ++++++++++--------- config/manager/kustomization.yaml | 4 +- go.mod | 2 +- hack/scripts/deploy_e2e.sh | 12 +++ hack/scripts/deploy_ingress.sh | 6 +- pkg/utils/maputils/maps.go | 3 +- test/support/matchers/match_support.go | 2 +- 13 files changed, 174 insertions(+), 144 deletions(-) create mode 100755 hack/scripts/deploy_e2e.sh diff --git a/.github/workflows/e2e-olm.yml b/.github/workflows/e2e-olm.yml index 176043e..23aef3c 100644 --- a/.github/workflows/e2e-olm.yml +++ b/.github/workflows/e2e-olm.yml @@ -57,6 +57,7 @@ jobs: kubernetes-version: - "1.27.11" - "1.28.7" + - "1.29.2" steps: - name: "Checkout" uses: actions/checkout@v4 @@ -66,7 +67,7 @@ jobs: go-version-file: 'go.mod' check-latest: true - name: 'SetUp KinD' - uses: container-tools/kind-action@v2 + uses: container-tools/kind-action@v2.0.4 with: version: "v0.22.0" kubectl_version: v${{ matrix.kubernetes-version }} diff --git a/.github/workflows/e2e-operator.yml b/.github/workflows/e2e-operator.yml index 8ca438f..06a3f94 100644 --- a/.github/workflows/e2e-operator.yml +++ b/.github/workflows/e2e-operator.yml @@ -37,6 +37,7 @@ jobs: kubernetes-version: - "1.27.11" - "1.28.7" + - "1.29.2" steps: - name: "Checkout" uses: actions/checkout@v4 @@ -46,7 +47,7 @@ jobs: go-version-file: 'go.mod' check-latest: true - name: 'SetUp KinD' - uses: container-tools/kind-action@v2 + uses: container-tools/kind-action@v2.0.4 with: version: "v0.22.0" kubectl_version: v${{ matrix.kubernetes-version }} @@ -57,15 +58,8 @@ jobs: run: | ./hack/scripts/deploy_ingress.sh - name: "SetUp Dapr Kubernetes Operator" - run: | - make deploy/e2e - - kubectl wait \ - --namespace=dapr-system \ - --for=condition=ready \ - pod \ - --selector=control-plane=dapr-control-plane \ - --timeout=90s + run: | + ./hack/scripts/deploy_e2e.sh - name: "Run Dapr Kubernetes Operator e2e" run: | make test/e2e/operator diff --git a/Dockerfile b/Dockerfile index 58ce12c..eaa4bb0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.21 as builder +FROM golang:1.22 as builder ARG TARGETOS ARG TARGETARCH diff --git a/Makefile b/Makefile index 57204e5..7174c89 100644 --- a/Makefile +++ b/Makefile @@ -14,7 +14,7 @@ CATALOG_VERSION ?= latest CATALOG_CONTAINER_IMAGE ?= $(CONTAINER_REGISTRY)/$(CONTAINER_REGISTRY_ORG)/$(PROJECT_NAME)-catalog:$(CATALOG_VERSION) LINT_GOGC ?= 10 -LINT_DEADLINE ?= 10m +LINT_TIMEOUT ?= 10m MKFILE_PATH := $(abspath $(lastword $(MAKEFILE_LIST))) PROJECT_PATH := $(patsubst %/,%,$(dir $(MKFILE_PATH))) @@ -26,13 +26,13 @@ HELM_CHART_VERSION ?= 1.13.1 HELM_CHART_URL ?= https://raw.githubusercontent.com/dapr/helm-charts/master/dapr-$(HELM_CHART_VERSION).tgz ## Tool Versions -CODEGEN_VERSION ?= v0.28.3 -KUSTOMIZE_VERSION ?= v5.2.1 -CONTROLLER_TOOLS_VERSION ?= v0.13.0 -KIND_VERSION ?= v0.20.0 -LINTER_VERSION ?= v1.55.1 -OPERATOR_SDK_VERSION ?= v1.32.0 -OPM_VERSION ?= v1.30.1 +CODEGEN_VERSION ?= v0.28.8 +KUSTOMIZE_VERSION ?= v5.3.0 +CONTROLLER_TOOLS_VERSION ?= v0.14.0 +KIND_VERSION ?= v0.22.0 +LINTER_VERSION ?= v1.57.2 +OPERATOR_SDK_VERSION ?= v1.34.1 +OPM_VERSION ?= v1.38.0 GOVULNCHECK_VERSION ?= latest ## Tool Binaries @@ -164,8 +164,8 @@ check/lint: golangci-lint @$(LINTER) run \ --config .golangci.yml \ --out-format tab \ - --skip-dirs etc \ - --deadline $(LINT_DEADLINE) \ + --exclude-dirs etc \ + --timeout $(LINT_TIMEOUT) \ --verbose .PHONY: check/lint/fix @@ -173,8 +173,8 @@ check/lint/fix: golangci-lint @$(LINTER) run \ --config .golangci.yml \ --out-format tab \ - --skip-dirs etc \ - --deadline $(LINT_DEADLINE) \ + --exclude-dirs etc \ + --timeout $(LINT_TIMEOUT) \ --fix .PHONY: check/vuln diff --git a/config/crd/bases/operator.dapr.io_daprcontrolplanes.yaml b/config/crd/bases/operator.dapr.io_daprcontrolplanes.yaml index 0e801fe..6038bf7 100644 --- a/config/crd/bases/operator.dapr.io_daprcontrolplanes.yaml +++ b/config/crd/bases/operator.dapr.io_daprcontrolplanes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: daprcontrolplanes.operator.dapr.io spec: group: operator.dapr.io @@ -47,23 +47,28 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: values: - description: 'JSON represents any valid JSON value. These types are - supported: bool, int64, float64, string, []interface{}, map[string]interface{} - and nil.' + description: |- + JSON represents any valid JSON value. + These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. x-kubernetes-preserve-unknown-fields: true type: object status: @@ -80,42 +85,42 @@ spec: conditions: items: description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -129,11 +134,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/operator.dapr.io_daprcruiscontrols.yaml b/config/crd/bases/operator.dapr.io_daprcruiscontrols.yaml index 64976d2..567056d 100644 --- a/config/crd/bases/operator.dapr.io_daprcruiscontrols.yaml +++ b/config/crd/bases/operator.dapr.io_daprcruiscontrols.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: daprcruiscontrols.operator.dapr.io spec: group: operator.dapr.io @@ -45,14 +45,19 @@ spec: description: DaprCruiseControl is the Schema for the daprcruisecontrols API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -74,42 +79,42 @@ spec: conditions: items: description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -123,11 +128,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/operator.dapr.io_daprinstances.yaml b/config/crd/bases/operator.dapr.io_daprinstances.yaml index 55fd8c1..2748368 100644 --- a/config/crd/bases/operator.dapr.io_daprinstances.yaml +++ b/config/crd/bases/operator.dapr.io_daprinstances.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: daprinstances.operator.dapr.io spec: group: operator.dapr.io @@ -45,14 +45,19 @@ spec: description: DaprInstance is the Schema for the daprinstances API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -73,9 +78,9 @@ spec: type: string type: object values: - description: 'JSON represents any valid JSON value. These types are - supported: bool, int64, float64, string, []interface{}, map[string]interface{} - and nil.' + description: |- + JSON represents any valid JSON value. + These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. x-kubernetes-preserve-unknown-fields: true type: object status: @@ -93,42 +98,42 @@ spec: conditions: items: description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -142,11 +147,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 67490c3..2a7885d 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -8,5 +8,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: controller - newName: ttl.sh/ed03fbe9-61d9-4ccf-a481-9d443244168f-local-0 - newTag: 1h + newName: ghcr.io/dapr-sandbox/dapr-kubernetes-operator + newTag: 0.0.4 diff --git a/go.mod b/go.mod index 7e1166e..bd6d412 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/dapr-sandbox/dapr-kubernetes-operator -go 1.21 +go 1.22 require ( github.com/go-logr/logr v1.4.1 diff --git a/hack/scripts/deploy_e2e.sh b/hack/scripts/deploy_e2e.sh new file mode 100755 index 0000000..dd8d9c6 --- /dev/null +++ b/hack/scripts/deploy_e2e.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +set -e + +make deploy/e2e + +kubectl wait \ + --namespace=dapr-system \ + --for=condition=ready \ + pod \ + --selector=control-plane=dapr-control-plane \ + --timeout=90s \ No newline at end of file diff --git a/hack/scripts/deploy_ingress.sh b/hack/scripts/deploy_ingress.sh index 5745721..52cb3b4 100755 --- a/hack/scripts/deploy_ingress.sh +++ b/hack/scripts/deploy_ingress.sh @@ -2,8 +2,12 @@ set -e +kubectl apply --server-side -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml +# it may take a while to have apply the +# resource, hence the kubectl wait may +# fail +sleep 5 kubectl wait \ --namespace=ingress-nginx \ diff --git a/pkg/utils/maputils/maps.go b/pkg/utils/maputils/maps.go index 095f28e..dbbb5d1 100644 --- a/pkg/utils/maputils/maps.go +++ b/pkg/utils/maputils/maps.go @@ -1,6 +1,7 @@ package maputils import ( + "errors" "fmt" "maps" ) @@ -25,7 +26,7 @@ func Merge(dst map[string]interface{}, source map[string]interface{}) map[string func Lookup(m map[string]interface{}, ks ...string) (interface{}, error) { if len(ks) == 0 { // degenerate input - return nil, fmt.Errorf("lookup needs at least one key") + return nil, errors.New("lookup needs at least one key") } if rval, ok := m[ks[0]]; !ok { return nil, fmt.Errorf("key not found; remaining keys: %v", ks) diff --git a/test/support/matchers/match_support.go b/test/support/matchers/match_support.go index 1e29216..c1b1888 100644 --- a/test/support/matchers/match_support.go +++ b/test/support/matchers/match_support.go @@ -11,7 +11,7 @@ func formattedMessage(comparisonMessage string, failurePath []interface{}) strin if len(failurePath) == 0 { diffMessage = "" } else { - diffMessage = fmt.Sprintf("\n\nfirst mismatched key: %s", formattedFailurePath(failurePath)) + diffMessage = "\n\nfirst mismatched key: " + formattedFailurePath(failurePath) } return fmt.Sprintf("%s%s", comparisonMessage, diffMessage) }