--- # Source: crds/components.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: components.dapr.io spec: group: dapr.io versions: - name: v1alpha1 schema: openAPIV3Schema: description: Component describes an Dapr component type properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string auth: description: Auth represents authentication details for the component properties: secretStore: type: string required: - secretStore type: object kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object scopes: items: type: string type: array spec: description: ComponentSpec is the spec for a component properties: initTimeout: type: string ignoreErrors: type: boolean metadata: items: description: MetadataItem is a name/value pair for a metadata properties: name: type: string secretKeyRef: description: SecretKeyRef is a reference to a secret holding the value for the metadata item. Name is the secret name, and key is the field in the secret. properties: key: type: string name: type: string required: - key - name type: object value: x-kubernetes-preserve-unknown-fields: true required: - name type: object type: array type: type: string version: type: string required: - metadata - type - version type: object type: object served: true storage: true names: kind: Component plural: components singular: component categories: - all - dapr scope: Namespaced --- # Source: crds/configuration.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: configurations.dapr.io spec: group: dapr.io versions: - name: v1alpha1 schema: openAPIV3Schema: description: Configuration describes an Dapr configuration setting properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: ConfigurationSpec is the spec for an configuration properties: accessControl: description: AccessControlSpec is the spec object in ConfigurationSpec properties: defaultAction: type: string policies: items: description: AppPolicySpec defines the policy data structure for each app properties: appId: type: string defaultAction: type: string namespace: type: string operations: items: description: AppOperationAction defines the data structure for each app operation properties: action: type: string httpVerb: items: type: string type: array name: type: string required: - action - name type: object type: array trustDomain: type: string required: - appId type: object type: array trustDomain: type: string type: object api: description: APISpec describes the configuration for Dapr APIs properties: allowed: items: description: APIAccessRule describes an access rule for allowing a Dapr API to be enabled and accessible by an app properties: name: type: string protocol: type: string version: type: string required: - name - version type: object type: array type: object features: items: description: FeatureSpec defines the features that are enabled/disabled properties: enabled: type: boolean name: type: string required: - enabled - name type: object type: array httpPipeline: description: PipelineSpec defines the middleware pipeline properties: handlers: items: description: HandlerSpec defines a request handlers properties: name: type: string selector: description: SelectorSpec selects target services to which the handler is to be applied properties: fields: items: description: SelectorField defines a selector fields properties: field: type: string value: type: string required: - field - value type: object type: array required: - fields type: object type: type: string required: - name - type type: object type: array required: - handlers type: object mtls: description: MTLSSpec defines mTLS configuration properties: allowedClockSkew: type: string enabled: type: boolean workloadCertTTL: type: string required: - enabled type: object nameResolution: description: NameResolutionSpec is the spec for name resolution configuration properties: component: type: string configuration: description: DynamicValue is a dynamic value struct for the component.metadata pair value type: object x-kubernetes-preserve-unknown-fields: true version: type: string required: - component - configuration - version type: object secrets: description: SecretsSpec is the spec for secrets configuration properties: scopes: items: description: SecretsScope defines the scope for secrets properties: allowedSecrets: items: type: string type: array defaultAccess: type: string deniedSecrets: items: type: string type: array storeName: type: string required: - storeName type: object type: array required: - scopes type: object tracing: description: TracingSpec is the spec object in ConfigurationSpec properties: samplingRate: type: string zipkin: type: object description: Defines the Zipkin trace configurations properties: endpointAddress: description: The endpoint address of Zipkin server to receive traces type: string required: - samplingRate type: object metric: default: enabled: true description: MetricSpec defines metrics configuration properties: enabled: type: boolean required: - enabled type: object type: object type: object served: true storage: true names: kind: Configuration plural: configurations singular: configuration categories: - all - dapr scope: Namespaced --- # Source: crds/resiliency.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.5.0 creationTimestamp: null name: resiliencies.dapr.io spec: group: dapr.io names: kind: Resiliency listKind: ResiliencyList plural: resiliencies singular: resiliency categories: - dapr scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object scopes: items: type: string type: array spec: properties: policies: properties: circuitBreakers: additionalProperties: properties: interval: type: string maxRequests: type: integer timeout: type: string trip: type: string type: object type: object retries: additionalProperties: properties: duration: type: string maxInterval: type: string maxRetries: type: integer policy: type: string type: object type: object timeouts: additionalProperties: type: string type: object type: object targets: properties: actors: additionalProperties: properties: circuitBreaker: type: string circuitBreakerCacheSize: type: integer circuitBreakerScope: type: string retry: type: string timeout: type: string type: object type: object apps: additionalProperties: properties: circuitBreaker: type: string circuitBreakerCacheSize: type: integer retry: type: string timeout: type: string type: object type: object components: additionalProperties: properties: inbound: properties: circuitBreaker: type: string retry: type: string timeout: type: string type: object outbound: properties: circuitBreaker: type: string retry: type: string timeout: type: string type: object type: object type: object type: object required: - policies - targets type: object type: object served: true storage: true --- # Source: crds/subscription.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: subscriptions.dapr.io spec: group: dapr.io conversion: strategy: Webhook webhook: clientConfig: service: namespace: replaceme # Patched by post-install webhook name: dapr-webhook path: /convert #caBundle: Patched by post-install webhook conversionReviewVersions: - v1 - v2alpha1 versions: - name: v1alpha1 schema: openAPIV3Schema: description: Subscription describes an pub/sub event subscription. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object scopes: items: type: string type: array spec: description: SubscriptionSpec is the spec for an event subscription. properties: pubsubname: type: string route: type: string topic: type: string metadata: additionalProperties: type: string type: object required: - pubsubname - route - topic type: object type: object served: true storage: false - name: v2alpha1 schema: openAPIV3Schema: description: Subscription describes an pub/sub event subscription. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object scopes: items: type: string type: array spec: description: SubscriptionSpec is the spec for an event subscription. properties: metadata: additionalProperties: type: string description: The optional metadata to provide the the subscription. type: object pubsubname: description: The PubSub component name. type: string routes: description: The Routes configuration for this topic. properties: default: type: string rules: description: The list of rules for this topic. items: description: Rule is used to specify the condition for sending a message to a specific path. properties: match: description: The optional CEL expression used to match the event. If the match is not specified, then the route is considered the default. The rules are tested in the order specified, so they should be define from most-to-least specific. The default route should appear last in the list. type: string path: description: The path for events that match this rule. type: string required: - match - path type: object type: array type: object topic: description: The topic name to subscribe to. type: string required: - pubsubname - routes - topic type: object type: object served: true storage: true names: kind: Subscription listKind: SubscriptionList plural: subscriptions singular: subscription categories: - all - dapr scope: Namespaced --- # Source: dapr/charts/dapr_rbac/templates/ServiceAccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: dapr-operator --- # Source: dapr/charts/dapr_rbac/templates/ServiceAccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: dashboard-reader --- # Source: dapr/charts/dapr_operator/templates/dapr_operator_deployment.yaml apiVersion: v1 kind: Secret metadata: name: dapr-webhook-cert labels: app: dapr-operator data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURwRENDQW95Z0F3SUJBZ0lSQU1mbUw4OHhwamNiZ1F1OHVEK0dzUXN3RFFZSktvWklodmNOQVFFTEJRQXcKR2pFWU1CWUdBMVVFQXhNUFpHRndjaTEzWldKb2IyOXJMV05oTUI0WERUSXlNVEF5TmpFM016Y3dNVm9YRFRNeQpNVEF5TXpFM016Y3dNVm93RnpFVk1CTUdBMVVFQXhNTVpHRndjaTEzWldKb2IyOXJNSUlCSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFxM1pWYUpCZ1pBeEJwNDdCWDJjY3g3UDZmQ015Mk8zQ2dySzMKQ29saUdMSHRndzNBRE4wU2tMZ3VONXpHaXBXTnNLMERGYUF2MG9zc05lU0JqaCtUeVlFMGFVeTFvRFpCS1RYcgpFVlM4RHJGUGN6RXIzeHVKSmxEOUw0ZWFXOC90L01CeUJnaWdXSTVXdkZLUzcxd1ZIZGlVVUZOdW1RNkxJK3lnCmhFRmc3aE9KSG5NRzdJYUpLcWlUbUdEblVoeWR2ZFQ1akswUGU5em1oYlJINWFqMTBSU29kWkpiVlNFdEtKbXIKV2tQaDhXaDN6S3ZkVk90RHdNN2ZwZXhpbFA0TStZMjVBZ0hwMnQyQ0owMWFqVHAzQklnVlpYdllYYnFzbkhGbQpKazNhazN2ZmpBcmUxRnBNZ2VVSWNJUkhhWUErZ2dnamN1aXk1bkFrbG1mendISm5GUUlEQVFBQm80SG5NSUhrCk1BNEdBMVVkRHdFQi93UUVBd0lGb0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXcKREFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlJCRmkyMGF6SGd1SUtWblNHenpWRmFYRVVKQXpDQgpnd1lEVlIwUkJId3dlb0lVWkdGd2NpMTNaV0pvYjI5ckxtUmxabUYxYkhTQ0dHUmhjSEl0ZDJWaWFHOXZheTVrClpXWmhkV3gwTG5OMlk0SWdaR0Z3Y2kxM1pXSm9iMjlyTG1SbFptRjFiSFF1YzNaakxtTnNkWE4wWlhLQ0ptUmgKY0hJdGQyVmlhRzl2YXk1a1pXWmhkV3gwTG5OMll5NWpiSFZ6ZEdWeUxteHZZMkZzTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQmV2VVhPb3U0enVxU2p1cFVRS3JJakhpMG92YVFIcDJ0WHpyTCtpTW92Q3YzQTErcEtpaDBlCnAxT3FpbWRtTmxXR1kxMHhvQmt0R3U3TUQwUWc5MEM5bzdNOGJQMEVCNXVORHp3dHJEUVBjdXI1UHZucVJwdkwKQXlmV2FHOCtaNnVtNEdJRUoxSFJNWFlHVnNjRXVmU1NEMUhIdzZId3RrTzBrSWo3Qk9xbXhxU3dCYmJEdUlENQpyakQ0NzhpVDRZNC9RanVzaXQrRkRoQm5nUmpLSEtaOFJoMUdyVEFLT3hNZzJEaVQ1dlczSDV3VVBjWlpOc0g2ClgxakdGa28wZEFnQ2cwNFhxVmRIaGtoTk8wd1pFUTY1NGRKcnRyS2w5UFluWVpybDA3TFpqUncvV2pRRlF3LzIKMld0cEJIaEo4aXBBYUdMbnZZcnN0T01iK0svdkVXNlMKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcTNaVmFKQmdaQXhCcDQ3QlgyY2N4N1A2ZkNNeTJPM0NnckszQ29saUdMSHRndzNBCkROMFNrTGd1TjV6R2lwV05zSzBERmFBdjBvc3NOZVNCamgrVHlZRTBhVXkxb0RaQktUWHJFVlM4RHJGUGN6RXIKM3h1SkpsRDlMNGVhVzgvdC9NQnlCZ2lnV0k1V3ZGS1M3MXdWSGRpVVVGTnVtUTZMSSt5Z2hFRmc3aE9KSG5NRwo3SWFKS3FpVG1HRG5VaHlkdmRUNWpLMFBlOXptaGJSSDVhajEwUlNvZFpKYlZTRXRLSm1yV2tQaDhXaDN6S3ZkClZPdER3TTdmcGV4aWxQNE0rWTI1QWdIcDJ0MkNKMDFhalRwM0JJZ1ZaWHZZWGJxc25IRm1KazNhazN2ZmpBcmUKMUZwTWdlVUljSVJIYVlBK2dnZ2pjdWl5NW5Ba2xtZnp3SEpuRlFJREFRQUJBb0lCQUFLaEhPd3VrcHZXS0VlVwpnOWFmc1N4SzBVT0lFcWFLOXRta1BmUldhUCt4OHM5NHJZSkUvWnpraGlqcUtZMUVmOWkrdm5aZGIzNU9EZzZCCmc0OFhZdC9MTUcrUThwUVRZT3B0M2ozMHk3RjUvSnJxblI2ZHdIdXE4RWNEVUZXcUdaOHZvRkFCWDl3YnlxNjIKb1hRME9FcXQ0SkJleHlwbnM3Q0lWMm5QeXRtN3dvZ21hTUp4eUlibWJWNEJkL2xWdGdqbjFMemF1WUlNSDJOdgp6TUVMSHgrelZPeVVUcTdnV29VMnRidklrSHZVY0Zmc3BEMjNZanIxR0RmS1N1YVpRdWFqS1hHUVNvT1BUNnNOCk91Z0J3UjVUb3JObVhvNGFLbC8zdG54RjlyNFVmcnVYYTFxN28yZ09DcUdXMzZZS3FJSkR5MG1rVVVaYnNXelUKcXNRbG81MENnWUVBek9JSjAzc1FCRHBLK0ExV3lrcEhmdE5OQmdOMlNDeExSeElUTVhWeFhwdU1ndTJHWFhZVwpzeUhudVhNazhmdlk1bkx0UFhndVJvY3BrMStSVW1pUUxnWitYcWtnaWdvbGQxRjgxVnhsV3dyckcvQlJWdGNMCkZpWGhUaWV2KzhFam94NzJDczA4b3B5dlovRjNXdkNBUWRyN2pOSmExRmF0TzdUTjB5dzZQaWNDZ1lFQTFqMnoKR0RtS0kvZ0U1UXg3ZU1nN0xBRThZM0RscnVwSUpwR2psaGlmZWZYOUtWLys3d3poMzhXdVpHZHRVek83MkpUWQpUMGNPQVhmNGpIN0dZYmEwVFliSkJ4OGdCR2dTS0VxQlQ2TktnWmNZdzdPT1hzTmh4bEZadUxyLzc1OVd3VjhJClhFU0J2RkJWeld3U2Q1TW9tbGtHbHNWVjJjM3NPd1pDV1c0cGNtTUNnWUJuYng1QzAvZ01DbG5helBFcUEwSUEKOXpBRmZ5M3gxZHJUTUg3Y0UweCsxTXlsTk1FRzRoMG5wbEJVUVpzL1IwUURZN1g5dUhTMFNueGsySFNIUkI2MQovYlZDbU9QQ2pNakphaXc1a3dIZ2FxeXpXQ25ZUzR4ZlRCUm8zb1JyOXQvRTlGYUdzWUtSSGNVNEZxR0pHYTNHCmtZVTVYT0ZhSGNBclNtWTIzRGN6TlFLQmdGekZiUGN4ZTJNbDlDQ25MaFJZU0Y4K3pjS1YwYS9UblppdCtqTjEKeUNFTTV5cHllamRUMGIrUG4zdTAyYjlzcUl3WnNDMXNMR0Z3YlAyUnJDQUYrTCtWZlJtTFhkYnFwZW95a1JwRwpNRzQ3V3FycjV0dWNLWXV5RUhNUTd1RDVrNXk2cFNrbk5US3hhdVpBUlNMb1kyMnEzVktPY3lXVXFSWEtHUk1XCncvWFhBb0dCQUs4QVpsa01HamNiSnNoOVUyQUxIS3RRNkFDZEM5anBaTERpVTN2OU52VlNRdzdnT3ZPNm9PdDYKbmUvME5oRXdCS3JoTTlVTmFjZzZ2VUsxTGMzL05rZ0E4ZEZPTWtSNlpEci9XaDQyNDdGMEhYS1lyNVlvR3kxSApzWWM3RmpxOVlzWmxaY1JTSm1xbmNkM2JzQnlRSmRmWkVNaFJiRkxDZFRxbGdaTWNLNWJwCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== --- # Source: dapr/charts/dapr_operator/templates/dapr_operator_deployment.yaml apiVersion: v1 kind: Secret metadata: name: dapr-webhook-ca labels: app: dapr-operator data: caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJRENDQWdpZ0F3SUJBZ0lSQU9rK2NReTV1Zk5SRk5ZY0J1QUh0NWN3RFFZSktvWklodmNOQVFFTEJRQXcKR2pFWU1CWUdBMVVFQXhNUFpHRndjaTEzWldKb2IyOXJMV05oTUI0WERUSXlNVEF5TmpFM016Y3dNVm9YRFRNeQpNVEF5TXpFM016Y3dNVm93R2pFWU1CWUdBMVVFQXhNUFpHRndjaTEzWldKb2IyOXJMV05oTUlJQklqQU5CZ2txCmhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBMzFRYUdJV2tPSk4xVTRpT1l2eEpBUFJIM1RYMFVwaFQKdHQ1T3FBUEpKNm10cXEzYjVEU0l4NXJrckhqZkNQOHBvQUYxa3o4b1lIL09Cdkh0bk5ONFN0NTZOTDhJa3VOUgpJUkVONHVvMkh3Z3FJUWptVTFMbzlhdHgvMHFsRitJVFRpaXRwZG1xMFUzMm5Hb0luaHdUOWxYb0tyNC9GQ3BsClBvUDNzRm9COW95MXlTT3pXdUZ6and4WUFUZDZtOEljL2dTZTc1bnJBM0xrc3lQWGVORTk2aFcrcWhRS2pZOHQKZS9GVTg0dHh1M2YzclpjQms2MTBVaGYyYlpSVnNxMUdkU1ZQeWpqVnZ2SXNoMWIwbGUxRU5NcGpCazA3SXJsKwozMGpaclRjNzV5aHZhalY3b2JzcjdmdHZVRmRRMmhzalplMkNSQXhPSkZsa3hSU0xaRFg3dXdJREFRQUJvMkV3Clh6QU9CZ05WSFE4QkFmOEVCQU1DQXFRd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUMKTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkVFV0xiUnJNZUM0Z3BXZEliUE5VVnBjUlFrRApNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNCSTRUb3ZFdmJqVEMxL2JzbTViYjRqSUNpNUMxRXMvM3RTM2dnClU0VVNlT1IwM1p3T3dReXFFTFFvbDlId0JFVnJXS1Jjdzdvd1RxSzlhUVdiZHkwU09NTm9ZeWtwMTR6TEhjRjUKV1JPcjg0dnRUcDRDT29wcmxabjBlOFVqclNiOFdYaUhuSXFlRElIbHBVNkhVRTYzRm1sQ0hJd2NqOUs3L2hJSAo0WTVnYnhoeUJmM0M3cDFoMDJNNVh1OFA3eitZdmt5aytGWUVHUTc4NmtlVHN2VDRMOVVtb05aMjJBSEVlN1oxCnJEMmlBN3pPY2l2VVo3RXA5Tk5SYmI0L0IyNEprYm5JRlNQQkhTSmZBUU9IRm1jWSszQUkycU1uOHgvZC9IL2oKb2JEd1FLTERoYTd6dGJaNXVaUmpraDNpaUp3cEtxSUhiVGk5d3JUdE5aUjdnek5DCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K --- # Source: dapr/charts/dapr_sentry/templates/dapr_sentry_deployment.yaml apiVersion: v1 kind: Secret metadata: name: dapr-trust-bundle labels: app: dapr-sentry data: --- # Source: dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_webhook_config.yaml apiVersion: v1 kind: Secret metadata: name: dapr-sidecar-injector-cert labels: app: dapr-sidecar-injector data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQzakNDQXNhZ0F3SUJBZ0lSQU1hbDFZaTM1dkM3b2xJdWR0ME1JTm93RFFZSktvWklodmNOQVFFTEJRQXcKSXpFaE1COEdBMVVFQXhNWVpHRndjaTF6YVdSbFkyRnlMV2x1YW1WamRHOXlMV05oTUI0WERUSXlNVEF5TmpFMwpNemN3TVZvWERUTXlNVEF5TXpFM016Y3dNVm93SURFZU1Cd0dBMVVFQXhNVlpHRndjaTF6YVdSbFkyRnlMV2x1CmFtVmpkRzl5TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF0QkYxWS8rbVhpQUwKVlRyNENQZXpSREFEZVpnb2ZYQ2YzbjJsSWdPSHBZVVJnL0F1MXBCMzgwTjV5a0preitRdUJzdXRTNVRQK3pyYQpScWRzTG93L0NpZ3pyYWg1Q1lTZm1rVENTdmV5cEVFVTdhclFwd3pqU2pRWjFWMVcvT1Q5cDJPRWlVcEZRcDI2Ck8rRWRKUi9pM2gzOUphenUwSXFhUG5UaTE3eHVOSExRUXJ1cGdJd3hNYWJtQU1EMFVuL2lJK2tZMlhZM1BaeDkKMktXTG00MzFSZWFQekM2QkZQb2NmSHJ0UEFGQ0JuczVjWmZaQ2JsclRRaUlaTmFIMlJNTkViWkJVaXI4VHk4KwptUHJ3a0ppUHNwN2dlRTVhUkg2QWEvcHJIQVFJK290L0h6RS93d215cjZzQnNVK3NDWDB1ajFFT3o2cloxM3RzCnIvc2hhRVIraVFJREFRQUJvNElCRGpDQ0FRb3dEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CMEdBMVVkSlFRV01CUUcKQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CQWY4RUFqQUFNQjhHQTFVZEl3UVlNQmFBRkxPYgoxOEkvMUNJVi9VR3RVMVRmQ0ZPL1J3SWpNSUdwQmdOVkhSRUVnYUV3Z1o2Q0hXUmhjSEl0YzJsa1pXTmhjaTFwCmJtcGxZM1J2Y2k1a1pXWmhkV3gwZ2lGa1lYQnlMWE5wWkdWallYSXRhVzVxWldOMGIzSXVaR1ZtWVhWc2RDNXoKZG1PQ0tXUmhjSEl0YzJsa1pXTmhjaTFwYm1wbFkzUnZjaTVrWldaaGRXeDBMbk4yWXk1amJIVnpkR1Z5Z2k5awpZWEJ5TFhOcFpHVmpZWEl0YVc1cVpXTjBiM0l1WkdWbVlYVnNkQzV6ZG1NdVkyeDFjM1JsY2k1c2IyTmhiREFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQXpWdzVUUkYxbXFBaEFVaHl4bTVPTE1iTXF0Z1A4cHNyOE1MenQrR0UKWVRKZlZZTXZ0Sk5zd2xNUWN6Ly8zUWhkejJQdjlKaDRwZkRaY21YYm1XbnY1YXB5QVNxZlYvZTBFdmMzU3B5agorQjB0UThVSzNGd2NPWVU1ZnBBVUxkMUtiM241UjFKNWNPOEdaUVZuYSttckN4U3NCUDlQQkNwc09sRm43cDBCCkN3RnpsU0FkckhtcmFtN05VTVBOQklVbXJpazBReUZsbGYrN0JoSENtU0pueGVjOWRuRkhvMzhuSVBPRlc5UmMKOXBFOE10dkQ4QU1nSm95SURPK0F1ZGRVV3BGSzhzRmFvL3NsNGwyYkh0UjF3dnFoN0g4VGlGR3QwME5hdGQ0TwoxR0FJTzlBbWFxdlpFYS8vZEF5QTFuWVBQNXkxMlN1eWxWamo4SG9WcDlUeWFnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdEJGMVkvK21YaUFMVlRyNENQZXpSREFEZVpnb2ZYQ2YzbjJsSWdPSHBZVVJnL0F1CjFwQjM4ME41eWtKa3orUXVCc3V0UzVUUCt6cmFScWRzTG93L0NpZ3pyYWg1Q1lTZm1rVENTdmV5cEVFVTdhclEKcHd6alNqUVoxVjFXL09UOXAyT0VpVXBGUXAyNk8rRWRKUi9pM2gzOUphenUwSXFhUG5UaTE3eHVOSExRUXJ1cApnSXd4TWFibUFNRDBVbi9pSStrWTJYWTNQWng5MktXTG00MzFSZWFQekM2QkZQb2NmSHJ0UEFGQ0JuczVjWmZaCkNibHJUUWlJWk5hSDJSTU5FYlpCVWlyOFR5OCttUHJ3a0ppUHNwN2dlRTVhUkg2QWEvcHJIQVFJK290L0h6RS8Kd3dteXI2c0JzVStzQ1gwdWoxRU96NnJaMTN0c3Ivc2hhRVIraVFJREFRQUJBb0lCQUg1Y2VncVFqb2tpNTVFSgo3cUVzWWNxSi93WkhOckxBWkEvWUVCZk1ibFpEQ1VXVE9Pc3RPbCtsakVQWlQ3RnJxTGp3R1U0ZXdjekZRZ091CjNZWFV1VEJCZ2ZKdGRYS3VkT25uTW9rMVJWRnFzbXNPSVpuNHUwK0pQRSswVHFUdGRPc1FOU082ME51c245SUIKYVZoeUJkeGxJdzViU3NOaFlGaFA0aGdPalMrVDdRMlVuVWJmNnl6Tk1WREhpSlA4RXQxN09MSHphNm03ZnJ1Qgp5RE45YTNubVoxODNhbFVzTzZjd01UZkdOUStPQS91NktVQXY4MnI2VjdQdEZGRmdCa2NkVWcyTU1JanlYYTNlCklyWHpkSEhKWnNWbzhzNFJiMU9MR2xsUUdKdWJ5UVlhUDdKcTh4dEFwMENSalYrMHcyci9LZmRiNkZpZU5uUjIKNENpK3Rwa0NnWUVBMFRNQkFEcld4blhMcm9ONDN0ampvMnVyZFNqc0RTNWJleDNZOVRrTVZ3Y0NuMTBWR3M1RwpmZjJ5ZDV2VEFYRjVzSmgwZlJFRWZqSkZwWFdnMjZRQTBWWlpVMmtyLzBqVzlrbUdTTnNqZWVDZWgzdU5yOHpECmNydUVpampsS1Z1SzdFOVNxOXc0MWFnd1pJUmdEWVRTamNiRFUvTjIrT1dRcHlpdG0raEZyNU1DZ1lFQTNGb1oKTlRGZmwrM2Z5cTFRcTcrK1luMzF0WVNXS0JKUEhRZnliZnphdFlHSVJudGYxdS81T20rMXcrRDBiMGtrQnRjVAo1c05MdGpiaVd2SHhxU1NycmUwbXdCZjIxckw4OTZFWURINTdmdHp2UnlBdHpORnFaamt6ODBhKy9KY213WEs1CmtzQlFtcnRnU0M0Mk9WNkdTNWljd1FDcDJCU1BOWUtZNjd3dmt2TUNnWUF2NjJMN1RuOE1Ec2VOUGdoZDQ0aWgKVW5SLzdkUEVZUzRMVVpiMDlSQmlqdlNHMUtlVThGTXRZUU9VYWxrM0oyc2NqSStDWm5lRkFMYjdZNnBwSlhRYQpmNUVPampUSjBVR01RT05GcFF6SFNqQ0dFRU13VmRNZllOekhYS2tCaERxYVRzRTlKTURRRUNxbG03ejAyOHZ2Ck5leGdPcEN5Q3NQTHhvR2VDT0tOaVFLQmdFeFl2MUVwMlRnM3lBbGVRWXd3ZEZPRjF3TmNlL1pJV2JieVVQSUEKNFBwd2Rmb050eWd1bjBpNitkeHpiZDI5RnNsejdjWlB0a1RkQVZLSGI3YXVLUG1yS0hqNEZLTlJBc3I5dXVwaApUSUtwSkJLZHVLQzFra3IyMk9RYWlBUFdqeXdKaHZpc3Y0RE5HVkFKQ3VxWHNLb3lwMlZMeUkxQW1sbnM5UFVBCmorODNBb0dCQUlqV2xpRzJCNUlTVklFb3RFa0FmOWtKeU9xYld5N1diSTJLL25OL0lGOFBDY25UcHprQW8xOGMKelZJdHoxemxkbG9lbXpkR2VjUmNlZ0JmM2E3TTlaaWFibW1hc1FhV1NXRjZ0K01MTVYvRzZpTFVIV0pBb00wSAplZmFPK09HMlRmSEhlUlY5RStHMEJWaUprSnEwaDZSQWUrbHduMVYyVTRXeHZKa2ZrZUdKCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== --- # Source: dapr/charts/dapr_rbac/templates/ClusterRoleBinding.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dapr-operator-admin rules: - apiGroups: ["*"] resources: ["customresourcedefinitions", "serviceaccounts", "deployments", "statefulsets", "services", "configmaps", "secrets", "components", "configurations", "subscriptions", "leases", "resiliencies"] verbs: ["get"] - apiGroups: ["*"] resources: ["deployments", "statefulsets", "services", "components", "configurations", "subscriptions", "leases", "secrets", "resiliencies"] verbs: ["list"] - apiGroups: ["*"] resources: ["deployments", "statefulsets", "services", "components", "configurations", "subscriptions", "leases", "secrets", "resiliencies"] verbs: ["watch"] - apiGroups: ["*"] resources: ["services", "secrets", "subscriptions", "configmaps", "leases", "services/finalizers", "deployments/finalizers", "statefulsets/finalizers"] verbs: ["update"] - apiGroups: ["*"] resources: ["customresourcedefinitions"] verbs: ["patch"] - apiGroups: ["*"] resources: ["services", "leases"] verbs: ["delete"] - apiGroups: ["*"] resources: ["deployments", "statefulsets", "services", "configmaps", "events", "leases"] verbs: ["create"] --- # Source: dapr/charts/dapr_rbac/templates/ClusterRoleBinding.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dashboard-reader rules: - apiGroups: ["", "dapr.io", "apps", "extensions"] resources: ["deployments", "pods", "pods/log", "components", "configurations", "namespaces"] verbs: ["get", "list"] --- # Source: dapr/charts/dapr_rbac/templates/ClusterRoleBinding.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dapr-operator subjects: - kind: ServiceAccount name: dapr-operator namespace: default roleRef: kind: ClusterRole name: dapr-operator-admin apiGroup: rbac.authorization.k8s.io --- # Source: dapr/charts/dapr_rbac/templates/ClusterRoleBinding.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dapr-role-tokenreview-binding subjects: - kind: ServiceAccount name: dapr-operator namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator --- # Source: dapr/charts/dapr_rbac/templates/ClusterRoleBinding.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dashboard-reader-global subjects: - kind: ServiceAccount name: dashboard-reader namespace: default roleRef: kind: ClusterRole name: dashboard-reader apiGroup: rbac.authorization.k8s.io --- # Source: dapr/charts/dapr_rbac/templates/ClusterRoleBinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: secret-reader namespace: default rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get"] --- # Source: dapr/charts/dapr_rbac/templates/ClusterRoleBinding.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dapr-secret-reader namespace: default subjects: - kind: ServiceAccount name: default roleRef: kind: Role name: secret-reader apiGroup: rbac.authorization.k8s.io --- # Source: dapr/charts/dapr_dashboard/templates/dapr_dashboard_service.yaml kind: Service apiVersion: v1 metadata: name: dapr-dashboard annotations: spec: selector: app: dapr-dashboard ports: - protocol: TCP port: 8080 targetPort: 8080 type: ClusterIP --- # Source: dapr/charts/dapr_operator/templates/dapr_operator_service.yaml kind: Service apiVersion: v1 metadata: name: dapr-api spec: selector: app: dapr-operator ports: - protocol: TCP port: 80 targetPort: 6500 --- # Source: dapr/charts/dapr_operator/templates/dapr_operator_service.yaml apiVersion: v1 kind: Service metadata: name: dapr-webhook spec: ports: - port: 443 targetPort: 19443 protocol: TCP selector: app: dapr-operator --- # Source: dapr/charts/dapr_placement/templates/dapr_placement_service.yaml kind: Service apiVersion: v1 metadata: name: dapr-placement-server labels: app: dapr-placement-server spec: selector: app: dapr-placement-server # placement must be able to resolve pod address to join initial cluster peers # before POD is ready publishNotReadyAddresses: true ports: - name: api port: 50005 - name: raft-node port: 8201 clusterIP: None --- # Source: dapr/charts/dapr_sentry/templates/dapr_sentry_service.yaml kind: Service apiVersion: v1 metadata: name: dapr-sentry spec: selector: app: dapr-sentry ports: - protocol: TCP port: 80 targetPort: 50001 --- # Source: dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_service.yaml apiVersion: v1 kind: Service metadata: name: dapr-sidecar-injector spec: type: ClusterIP ports: - port: 443 targetPort: https protocol: TCP name: https selector: app: dapr-sidecar-injector --- # Source: dapr/charts/dapr_dashboard/templates/dapr_dashboard_deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: dapr-dashboard labels: app: dapr-dashboard spec: replicas: 1 selector: matchLabels: app: dapr-dashboard template: metadata: labels: app: dapr-dashboard app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/version: 1.7.5 app.kubernetes.io/component: dashboard app.kubernetes.io/part-of: "dapr" app.kubernetes.io/managed-by: "helm" spec: serviceAccountName: dashboard-reader affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux containers: - name: dapr-dashboard image: "docker.io/daprio/dashboard:0.10.0" imagePullPolicy: IfNotPresent securityContext: runAsNonRoot: true env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - containerPort: 8080 resources: {} --- # Source: dapr/charts/dapr_operator/templates/dapr_operator_deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: dapr-operator labels: app: dapr-operator spec: replicas: 1 selector: matchLabels: app: dapr-operator template: metadata: labels: app: dapr-operator app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/version: 1.7.5 app.kubernetes.io/component: operator app.kubernetes.io/part-of: "dapr" app.kubernetes.io/managed-by: "helm" annotations: prometheus.io/scrape: "true" prometheus.io/port: "9090" prometheus.io/path: "/" spec: containers: - name: dapr-operator livenessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 3 periodSeconds: 3 failureThreshold: 5 readinessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 3 periodSeconds: 3 failureThreshold: 5 image: "docker.io/daprio/dapr:1.7.5" imagePullPolicy: IfNotPresent securityContext: runAsNonRoot: true env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - containerPort: 6500 - name: metrics containerPort: 9090 protocol: TCP resources: {} volumeMounts: - name: credentials mountPath: /var/run/dapr/credentials readOnly: true - name: webhook-creds mountPath: /tmp/k8s-webhook-server/serving-certs readOnly: true command: - "/operator" args: - "--log-level" - info - "--enable-metrics" - "--metrics-port" - "9090" serviceAccountName: dapr-operator volumes: - name: credentials secret: secretName: dapr-trust-bundle - name: webhook-creds secret: secretName: dapr-webhook-cert affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux --- # Source: dapr/charts/dapr_sentry/templates/dapr_sentry_deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: dapr-sentry labels: app: dapr-sentry spec: replicas: 1 selector: matchLabels: app: dapr-sentry template: metadata: labels: app: dapr-sentry app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/version: 1.7.5 app.kubernetes.io/component: sentry app.kubernetes.io/part-of: "dapr" app.kubernetes.io/managed-by: "helm" annotations: prometheus.io/scrape: "true" prometheus.io/port: "9090" prometheus.io/path: "/" spec: containers: - name: dapr-sentry livenessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 3 periodSeconds: 3 failureThreshold: 5 readinessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 3 periodSeconds: 3 failureThreshold: 5 image: "docker.io/daprio/dapr:1.7.5" imagePullPolicy: IfNotPresent securityContext: runAsNonRoot: true env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - containerPort: 50001 - name: metrics containerPort: 9090 protocol: TCP resources: {} volumeMounts: - name: credentials mountPath: /var/run/dapr/credentials readOnly: true command: - "/sentry" args: - "--log-level" - info - "--enable-metrics" - "--metrics-port" - "9090" - "--trust-domain" - cluster.local serviceAccountName: dapr-operator volumes: - name: credentials secret: secretName: dapr-trust-bundle affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux --- # Source: dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: dapr-sidecar-injector labels: app: dapr-sidecar-injector spec: selector: matchLabels: app: dapr-sidecar-injector template: metadata: labels: app: dapr-sidecar-injector app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/version: 1.7.5 app.kubernetes.io/component: sidecar-injector app.kubernetes.io/part-of: "dapr" app.kubernetes.io/managed-by: "helm" annotations: prometheus.io/scrape: "true" prometheus.io/port: "9090" prometheus.io/path: "/" spec: serviceAccountName: dapr-operator containers: - name: dapr-sidecar-injector livenessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 3 periodSeconds: 3 failureThreshold: 5 readinessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 3 periodSeconds: 3 failureThreshold: 5 image: "docker.io/daprio/dapr:1.7.5" imagePullPolicy: IfNotPresent securityContext: runAsNonRoot: true command: - "/injector" args: - "--log-level" - info - "--enable-metrics" - "--metrics-port" - "9090" - "--healthz-port" - "8080" env: - name: TLS_CERT_FILE value: /dapr/cert/tls.crt - name: TLS_KEY_FILE value: /dapr/cert/tls.key - name: KUBE_CLUSTER_DOMAIN value: "cluster.local" - name: SIDECAR_IMAGE value: "docker.io/daprio/daprd:1.7.5" - name: SIDECAR_IMAGE_PULL_POLICY value: "IfNotPresent" - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - name: https containerPort: 4000 protocol: TCP - name: metrics containerPort: 9090 protocol: TCP resources: {} volumeMounts: - name: cert mountPath: /dapr/cert readOnly: true volumes: - name: cert secret: secretName: dapr-sidecar-injector-cert affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux --- # Source: dapr/charts/dapr_placement/templates/dapr_placement_deployment.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: dapr-placement-server labels: app: dapr-placement-server spec: replicas: 1 serviceName: dapr-placement-server podManagementPolicy: Parallel selector: matchLabels: app: dapr-placement-server template: metadata: labels: app: dapr-placement-server app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/version: 1.7.5 app.kubernetes.io/component: placement app.kubernetes.io/part-of: "dapr" app.kubernetes.io/managed-by: "helm" annotations: prometheus.io/scrape: "true" prometheus.io/port: "9090" prometheus.io/path: "/" spec: containers: - name: dapr-placement-server livenessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 10 periodSeconds: 3 failureThreshold: 5 readinessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 3 periodSeconds: 3 failureThreshold: 5 image: "docker.io/daprio/dapr:1.7.5" imagePullPolicy: IfNotPresent resources: {} volumeMounts: - name: credentials mountPath: /var/run/dapr/credentials readOnly: true ports: - containerPort: 50005 name: api - containerPort: 8201 name: raft-node - name: metrics containerPort: 9090 protocol: TCP command: - "/placement" args: - "--log-level" - info - "--enable-metrics" - "--replicationFactor" - "100" - "--metrics-port" - "9090" - "--tls-enabled" securityContext: runAsUser: 0 env: - name: PLACEMENT_ID valueFrom: fieldRef: fieldPath: metadata.name - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace serviceAccountName: dapr-operator volumes: - name: credentials secret: secretName: dapr-trust-bundle affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux --- # Source: dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_webhook_config.yaml apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: dapr-sidecar-injector labels: app: dapr-sidecar-injector webhooks: - name: sidecar-injector.dapr.io clientConfig: service: namespace: default name: dapr-sidecar-injector path: "/mutate" caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNVENDQWhtZ0F3SUJBZ0lRUFdCOFpSNWcxcUIvRTJzb1NPbmNPVEFOQmdrcWhraUc5dzBCQVFzRkFEQWoKTVNFd0h3WURWUVFERXhoa1lYQnlMWE5wWkdWallYSXRhVzVxWldOMGIzSXRZMkV3SGhjTk1qSXhNREkyTVRjegpOekF3V2hjTk16SXhNREl6TVRjek56QXdXakFqTVNFd0h3WURWUVFERXhoa1lYQnlMWE5wWkdWallYSXRhVzVxClpXTjBiM0l0WTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURpWmpHZjh3bjQKYXpCYmZDMFJ2eUdDblVLbGdiT0oxWnNDYjFTeUY5ODB1MW1ieHNabngxelFJVG5JRm1qaU1sSW1BNWRCNHhHSAp0ZnBRZlMyUVBGSW14SUZjUzIrc1A1M0RYQmVGYk1MRFBzM3NPcnF5d1N6TkJyZC9VcTF3Z1B2VlBSWjhPbjgvCko0Nlh0eXhCa3g0dWsrRmU0TElYOHp0cFBqWlBtSWVuSDlPdm1yMFdkWEtUbytjaWlwcFh0MGI0aEVsQk9XWTcKZkNiNitCRnVUc0x0UHY0MjlFRTYzMWh6SVQ1eXFFSFV6RGd0TGRzQ1A0d252emZzRzAzeGtTOVFZcTk0WHpBTgpsRW5ORm5FRkhCcGdSRjN3YnFTeU40eUsxaUt3QnJUTnFBV1BJVDlyK1RuNk5adEd4SHB1UkswM2pXTmlrNUY0CklrbytNRkRwNVo5TkFnTUJBQUdqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3IKQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVczV2WAp3ai9VSWhYOVFhMVRWTjhJVTc5SEFpTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSys5b3NrTWVPOTBxcG9YCno5Q1BBdjlGUll2QXNSRDZFazlMK2FOQUlkZEw4TE4xMjVDcVlEMmdTeHhtcmt1RXRyYkJpVmFEQUttSTdmTFIKMVRqajRQQkY4aW9QRUpvOW9YWjZrYzd0N2QzUFhYdXZBQXhyTDN6dFc3QlFYQmF6cWZHV0dWM0lremtHN1lHMAoxTE9Pak1rUTI3ckhyODI0b0p3czR5MjZXOVVPRnhIM1dqaXJlakU5aHRwUnovZlNldkkzckdEb25zNkZCMWdrClYxd0JBeEpsdzVXc20wT2NkWSs1SENra3JjWlNyNFlUN1o1MDU3RXpheVhXeHV1L1lUdEhmQ042bmxOZm84RVoKenJxRElYN2QyVlJZUzNsU1BNREk0YlNuQlU4TFlRa2ZzZDhvNmhFUTRHblFnQXVORDBUU0Erbi9GNUNWUVJaYgpheVJBcHRrPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== rules: - apiGroups: - "" apiVersions: - v1 resources: - pods operations: - CREATE failurePolicy: Ignore sideEffects: None admissionReviewVersions: ["v1", "v1beta1"]