--- # Source: crds/components.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: components.dapr.io labels: app.kubernetes.io/part-of: "dapr" spec: group: dapr.io versions: - name: v1alpha1 schema: openAPIV3Schema: description: Component describes an Dapr component type properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string auth: description: Auth represents authentication details for the component properties: secretStore: type: string required: - secretStore type: object kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object scopes: items: type: string type: array spec: description: ComponentSpec is the spec for a component properties: initTimeout: type: string ignoreErrors: type: boolean metadata: items: description: MetadataItem is a name/value pair for a metadata properties: name: type: string secretKeyRef: description: SecretKeyRef is a reference to a secret holding the value for the metadata item. Name is the secret name, and key is the field in the secret. properties: key: type: string name: type: string required: - key - name type: object value: x-kubernetes-preserve-unknown-fields: true required: - name type: object type: array type: type: string version: type: string required: - metadata - type - version type: object type: object served: true storage: true names: kind: Component plural: components singular: component categories: - all - dapr scope: Namespaced --- # Source: crds/configuration.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: configurations.dapr.io labels: app.kubernetes.io/part-of: "dapr" spec: group: dapr.io names: kind: Configuration listKind: ConfigurationList plural: configurations singular: configuration scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: Configuration describes an Dapr configuration setting. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: ConfigurationSpec is the spec for an configuration. properties: accessControl: description: AccessControlSpec is the spec object in ConfigurationSpec. properties: defaultAction: type: string policies: items: description: AppPolicySpec defines the policy data structure for each app. properties: appId: type: string defaultAction: type: string namespace: type: string operations: items: description: AppOperationAction defines the data structure for each app operation. properties: action: type: string httpVerb: items: type: string type: array name: type: string required: - action - name type: object type: array trustDomain: type: string required: - appId type: object type: array trustDomain: type: string type: object api: description: APISpec describes the configuration for Dapr APIs. properties: allowed: items: description: APIAccessRule describes an access rule for allowing a Dapr API to be enabled and accessible by an app. properties: name: type: string protocol: type: string version: type: string required: - name - version type: object type: array type: object appHttpPipeline: description: PipelineSpec defines the middleware pipeline. properties: handlers: items: description: HandlerSpec defines a request handlers. properties: name: type: string selector: description: SelectorSpec selects target services to which the handler is to be applied. properties: fields: items: description: SelectorField defines a selector fields. properties: field: type: string value: type: string required: - field - value type: object type: array required: - fields type: object type: type: string required: - name - type type: object type: array required: - handlers type: object components: description: ComponentsSpec describes the configuration for Dapr components properties: deny: description: Denylist of component types that cannot be instantiated items: type: string type: array type: object features: items: description: FeatureSpec defines the features that are enabled/disabled. properties: enabled: type: boolean name: type: string required: - enabled - name type: object type: array httpPipeline: description: PipelineSpec defines the middleware pipeline. properties: handlers: items: description: HandlerSpec defines a request handlers. properties: name: type: string selector: description: SelectorSpec selects target services to which the handler is to be applied. properties: fields: items: description: SelectorField defines a selector fields. properties: field: type: string value: type: string required: - field - value type: object type: array required: - fields type: object type: type: string required: - name - type type: object type: array required: - handlers type: object metric: default: enabled: true description: MetricSpec defines metrics configuration. properties: enabled: type: boolean required: - enabled type: object mtls: description: MTLSSpec defines mTLS configuration. properties: allowedClockSkew: type: string enabled: type: boolean workloadCertTTL: type: string required: - enabled type: object nameResolution: description: NameResolutionSpec is the spec for name resolution configuration. properties: component: type: string configuration: description: DynamicValue is a dynamic value struct for the component.metadata pair value. type: object x-kubernetes-preserve-unknown-fields: true version: type: string required: - component - configuration - version type: object secrets: description: SecretsSpec is the spec for secrets configuration. properties: scopes: items: description: SecretsScope defines the scope for secrets. properties: allowedSecrets: items: type: string type: array defaultAccess: type: string deniedSecrets: items: type: string type: array storeName: type: string required: - storeName type: object type: array required: - scopes type: object tracing: description: TracingSpec defines distributed tracing configuration. properties: otel: description: OtelSpec defines Otel exporter configurations. properties: endpointAddress: type: string isSecure: type: boolean protocol: type: string required: - endpointAddress - isSecure - protocol type: object samplingRate: type: string stdout: type: boolean zipkin: description: ZipkinSpec defines Zipkin trace configurations. properties: endpointAddress: type: string required: - endpointAddress type: object required: - samplingRate type: object type: object type: object served: true storage: true --- # Source: crds/resiliency.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.5.0 creationTimestamp: null name: resiliencies.dapr.io labels: app.kubernetes.io/part-of: "dapr" spec: group: dapr.io names: kind: Resiliency listKind: ResiliencyList plural: resiliencies singular: resiliency categories: - dapr scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object scopes: items: type: string type: array spec: properties: policies: properties: circuitBreakers: additionalProperties: properties: interval: type: string maxRequests: type: integer timeout: type: string trip: type: string type: object type: object retries: additionalProperties: properties: duration: type: string maxInterval: type: string maxRetries: type: integer policy: type: string type: object type: object timeouts: additionalProperties: type: string type: object type: object targets: properties: actors: additionalProperties: properties: circuitBreaker: type: string circuitBreakerCacheSize: type: integer circuitBreakerScope: type: string retry: type: string timeout: type: string type: object type: object apps: additionalProperties: properties: circuitBreaker: type: string circuitBreakerCacheSize: type: integer retry: type: string timeout: type: string type: object type: object components: additionalProperties: properties: inbound: properties: circuitBreaker: type: string retry: type: string timeout: type: string type: object outbound: properties: circuitBreaker: type: string retry: type: string timeout: type: string type: object type: object type: object type: object required: - policies - targets type: object type: object served: true storage: true --- # Source: crds/subscription.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: subscriptions.dapr.io labels: app.kubernetes.io/part-of: "dapr" spec: group: dapr.io conversion: strategy: Webhook webhook: clientConfig: service: namespace: replaceme # Patched by post-install webhook name: dapr-webhook path: /convert #caBundle: Patched by post-install webhook conversionReviewVersions: - v1 - v2alpha1 versions: - name: v1alpha1 schema: openAPIV3Schema: description: Subscription describes an pub/sub event subscription. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object scopes: items: type: string type: array spec: description: SubscriptionSpec is the spec for an event subscription. properties: pubsubname: type: string route: type: string topic: type: string deadLetterTopic: type: string metadata: additionalProperties: type: string type: object required: - pubsubname - route - topic type: object type: object served: true storage: false - name: v2alpha1 schema: openAPIV3Schema: description: Subscription describes an pub/sub event subscription. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object scopes: items: type: string type: array spec: description: SubscriptionSpec is the spec for an event subscription. properties: metadata: additionalProperties: type: string description: The optional metadata to provide the subscription. type: object pubsubname: description: The PubSub component name. type: string routes: description: The Routes configuration for this topic. properties: default: type: string rules: description: The list of rules for this topic. items: description: Rule is used to specify the condition for sending a message to a specific path. properties: match: description: The optional CEL expression used to match the event. If the match is not specified, then the route is considered the default. The rules are tested in the order specified, so they should be define from most-to-least specific. The default route should appear last in the list. type: string path: description: The path for events that match this rule. type: string required: - match - path type: object type: array type: object topic: description: The topic name to subscribe to. type: string deadLetterTopic: description: The optional dead letter queue for this topic to send events to. type: string required: - pubsubname - routes - topic type: object type: object served: true storage: true names: kind: Subscription listKind: SubscriptionList plural: subscriptions singular: subscription categories: - all - dapr scope: Namespaced --- # Source: dapr/charts/dapr_rbac/templates/ServiceAccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: dapr-operator labels: app.kubernetes.io/component: rbac app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 --- # Source: dapr/charts/dapr_rbac/templates/ServiceAccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: dashboard-reader labels: app.kubernetes.io/component: rbac app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 --- # Source: dapr/charts/dapr_operator/templates/dapr_operator_deployment.yaml apiVersion: v1 kind: Secret metadata: name: dapr-webhook-cert labels: app: dapr-operator app.kubernetes.io/component: operator app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURvekNDQW91Z0F3SUJBZ0lRYkgzMHF1aFlBaU1Yd284U3BPZWVOVEFOQmdrcWhraUc5dzBCQVFzRkFEQWEKTVJnd0ZnWURWUVFERXc5a1lYQnlMWGRsWW1odmIyc3RZMkV3SGhjTk1qSXhNakF4TWpNME9USTJXaGNOTXpJeApNVEk0TWpNME9USTJXakFYTVJVd0V3WURWUVFERXd4a1lYQnlMWGRsWW1odmIyc3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRDhsaHBHRGY4aUN2S2pXR2I4TTZFd2hpV1I0Sk01MWFCQlhRWDEKRFVDZG9ESUVDdjEzdlVwa2RjVG1RY0F1U2Y2VHhUd0dwLzdWbFNrWEFyVDNDOTBkUUFxa3ZVdTZXK20yMHBEQQptdHNDdlNaSWtXVUdpQUlRNkp6OG9ialN2V1g3UElEa0lFUXVjemh3d3FNSk5qclZXb1JxVG1MenFySFNta3FoCkVkenFDeW45L0hWMElsd1pqV0IvaXBuUHF4cHJQN3JHMEUwUm9lWmh1WTJnd0g2V3dRQWZRbFY4OTlaMmJoOEkKK0hldmhmamtmZFplV1JvM245UmEzcER6S2pVRjhzR09rS1h2M2VUeVdxOXpHT1ZYa1IyVDRtR1dTNk8vNUtVSwpsK1JGWGV4OGFLc0FXUVJnTFBDMDVZcXBBS3Q4OUpHeS96NWxDTm9FK2FYRXZ0MC9BZ01CQUFHamdlY3dnZVF3CkRnWURWUjBQQVFIL0JBUURBZ1dnTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQU0KQmdOVkhSTUJBZjhFQWpBQU1COEdBMVVkSXdRWU1CYUFGQk5sazluT1Y0VzRReXpnb25uaVY2dUkwaitjTUlHRApCZ05WSFJFRWZEQjZnaFJrWVhCeUxYZGxZbWh2YjJzdVpHVm1ZWFZzZElJWVpHRndjaTEzWldKb2IyOXJMbVJsClptRjFiSFF1YzNaamdpQmtZWEJ5TFhkbFltaHZiMnN1WkdWbVlYVnNkQzV6ZG1NdVkyeDFjM1JsY29JbVpHRncKY2kxM1pXSm9iMjlyTG1SbFptRjFiSFF1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3d3RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFHcS9rWE9MaEVnOWdPRy9TL0tod1A3bWFzWDcwUU9TM3d6SmxuTnE4R0R3QWM5T1NNOXdCYVBSCnBGYzE5aTc2eVlwQW42elpWKzFTT05WUVBPdllSWjU3eitwbmhORDFlSE9teVpGclBtUEpYUkR3d2psV0d2VUcKK2x3Y09objU0VXlNR3NIZDUzTkVqUkJzaWJlSDdVRmFNVkVvcnUrMWpSM0c1ZDdSa1FoRW1JRm9YZUJvaFBOWQovVUYrc0pnWFd4Z2h2dnd1SXpndVYwMXVDQ1J4bGFIS3JwcFE3OGU1RWwvNVUrZDJrMnoxWVNLRHhJZ2ZFK2tkCnFPbVRBQ2x6M1pKY1RWQmE4MitqTjJ3bUJaLzZ3NWJGOURJUS9XZUV5MFhVaWg3RE5tNGU1SmtmL1pzNTRPVnUKS1VsMS96bzd6L3dYN0NPRkc1QlBGTmROaFlVdVBRcz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBL0pZYVJnMy9JZ3J5bzFobS9ET2hNSVlsa2VDVE9kV2dRVjBGOVExQW5hQXlCQXI5CmQ3MUtaSFhFNWtIQUxrbitrOFU4QnFmKzFaVXBGd0swOXd2ZEhVQUtwTDFMdWx2cHR0S1F3SnJiQXIwbVNKRmwKQm9nQ0VPaWMvS0c0MHIxbCt6eUE1Q0JFTG5NNGNNS2pDVFk2MVZxRWFrNWk4NnF4MHBwS29SSGM2Z3NwL2Z4MQpkQ0pjR1kxZ2Y0cVp6NnNhYXorNnh0Qk5FYUhtWWJtTm9NQitsc0VBSDBKVmZQZldkbTRmQ1BoM3I0WDQ1SDNXClhsa2FONS9VV3Q2UTh5bzFCZkxCanBDbDc5M2s4bHF2Y3hqbFY1RWRrK0pobGt1anYrU2xDcGZrUlYzc2ZHaXIKQUZrRVlDend0T1dLcVFDcmZQU1JzdjgrWlFqYUJQbWx4TDdkUHdJREFRQUJBb0lCQUMvZE5kOWVtYUZXMThIeQpaNW1WSXc5eDdENm5ndDZyeDdGN01qek1wUmo1bVdEQXdHVm5YbWlKRktYWmdkU0R1eFUvZys5eStFeDY5bzFnCnV2QXh0Rlh0bzlheDlGNjlPaDJsNno1RVdnbzcwN3hlcVBsQzNybGJpeHdvZlVDYUdYQXhkKzlDMmdpL1ZzdXYKWm52QlpnYTJIMitScVJpcG1RYmlyQSszdGRnM292NCtGSjQzSDhzTVBQN1dMZWpFRXpmVkhLYXYvQWpIVkV0RQo3akwzK3g5c0J3SUE0NWVvVGFxYkhyU01WYzl2akxhY3FXUkpmbWNjeGErQ0pwM3d4dFBRQk5Qb3EyWjlPRU1ECm0veTZLOWNDVFNOTlk0ODRGWXFtNmd0Y0RnVzhkSU13TGJRRjkvNzFhL0hrWlhoOGZzZXMza0FHSEQrVXFlRngKa0VRdHd1RUNnWUVBLzdpRWl3UnlRRHpBYmlvcm1HM3I2WmxtbGNmWHhTR1d4WFI3Nmx1OUdsUjRzOGoxRjB1OQpBUGF4bldmTjd2OVo1UUVaZkFpakNHOCt3LzNaT3lhTHBaUUtkNVNrMmJ4Rkl1aCs5d2Z6eU5BQXJ4WDRzWlBtCk52YWVmeVIxMnZXTmlqdW5Dd3FMTDZBb0xoei9uc09GdWx6N2VPQkpTWHJnazFFYWZqZVhWTEVDZ1lFQS9OeTEKYmZjbEljWnA0SHNIVE1STStLRUhTZERpNmNFRU0zSXNVQTM5N1ZuOEpJMWlJZ0NWZkY0a0FDN2lOdERXVjc2cgo1d3RNYm1oYmhlVnNtMGtva3JDVGFPQ2plcGJSVTZYaWxhMS9MbHRJaDBjTW5CclBYUENZWndnL0VySDhrdjJsCkdRK09vU0thenU4MXorMGJvOHpEWm05NE5xTWFxV1h4ZHlBR2pPOENnWUVBeWNEUWdjVytSa1FvSmtLTEpyWUMKM01pMGtST2NmdUZqVE9IOEtnaTdCNTBCcGdhMHArNlBiY1UwbU5XZk9pS296KzZ3SnBYQjJ4TzUxM1BlQWJjRgprbHRjYnNBTjErT2NRRkJpYTVBUW5Lek8vVlErWkF3bUk5TXJkWEJVczYzc1A5V1VremQ4WE5UbEhveXVlSm9XClZkU3FhdEc1d0lsN3lYN0JnamRsNCtFQ2dZQTNFZFpOa2JLN2pWdkhzT09oRzJ0c0JwM3d2SlordERPM0JKbVUKQWNnWXBpMWN4SkhudDlyV2tDWWxDQkRxUVVjOUt1Q0RYQm1VUGhRWXNDT2NHaTNFN01IZDZIYVNIMENOaUNZMQoxT2hLNzBSM2Vjak1RcWFBcGtGNnh2ZjltVmZacDNZS1pESDY4KzlsUEFHclBBZDJBQVZhVE5LUWk2c2wwM2JvCks4aGhid0tCZ0NGNUt5UWN0QmxpVHptUllBblVzTGNrMktTN3I5aVR6R25LNmFYa3phSEt3L3lCZkR0M3lZdFEKMnRwMlpqQnFpN1hDYmgzcDN2dmtjRUhqSkJpbEw0cksyU21QV29ZRk82WXFWa3VON0QydWhDa0xxN1kyQWE3RwplaER4bjJDOUlFYkFPOFFwMmpodFRZVy9KNE8rbG9mS0xiKzU0L3FvemdtdWZjMmxuVFFJCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== --- # Source: dapr/charts/dapr_operator/templates/dapr_operator_deployment.yaml apiVersion: v1 kind: Secret metadata: name: dapr-webhook-ca labels: app: dapr-operator app.kubernetes.io/component: operator app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 data: caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURIekNDQWdlZ0F3SUJBZ0lRV3EwQ20vbmpRYkFsUklSK1hXVDgwekFOQmdrcWhraUc5dzBCQVFzRkFEQWEKTVJnd0ZnWURWUVFERXc5a1lYQnlMWGRsWW1odmIyc3RZMkV3SGhjTk1qSXhNakF4TWpNME9USTJXaGNOTXpJeApNVEk0TWpNME9USTJXakFhTVJnd0ZnWURWUVFERXc5a1lYQnlMWGRsWW1odmIyc3RZMkV3Z2dFaU1BMEdDU3FHClNJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURVK0tpdnJnL1c5bDFCYi9TVnk5dU5VdnExaUY0R1hjOVcKYzd4d043U2w3TkwvRjcrdVdYb21uWFBjczl5a2dacm9iQ2RLTTFoekZNZkJ1eXV4OExCclBoNE9qbHVMc1BzVgpBcHgzQ3hxZGdNZlUzN01qWkFTcm4xbUREUW14Z20zcDFCV1NwTko2QnljZjZnajRjcnl3Z1lzU0RsZGp3ZlpMCkhEcHB0RXBmYmpNWGJHR0o1ODZjNW54WTJJMGdYNGNTQ0tiK09sOGwwZnJrT0p6ODRmMzI3VG1mN2t4U0xMcHUKM3V5WUd3VVVPMlVxcG9xUkpXcUVMeTd2NG4xcXFEODJTMEMyT3JtYXhCWmZmOUdBOVZVUG1rbDM3OXE0S2d1Two3RE5ZQmYzY0RxOVM2WGxaM2MvTXdNVitUT3Yza2Uyb2U5cm5JSVROYkF2ajhtZGdQK0loQWdNQkFBR2pZVEJmCk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXcKRHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVRTJXVDJjNVhoYmhETE9DaWVlSlhxNGpTUDV3dwpEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBREZ4ZUZPU0hTaWh2MEI4alZJSWNuUkZTZ1FOdDRwaWwwU2M1Qks5CmYxUVRsSU1EUGRwSlNyV0hlM0NpaktEZ3BVU0xHYk5UNUNjUU9EVUVwOUxBdnNnRVR4VzdGb1VjUVR6NUppMUIKdGEyUDZLakR3T1h4WXpoNmpnWnBoalpQZ2E3VGNGV3h5QzhCUWxVYjdWNWpRd2R0RkE4UmR2WTB3Q0ZlbEhweAp2QjJPY1JWc09hdnk4dEFiSzhYY3hTQVIzRy9tRDlMUCtISEg2dDVqYnU5eW5NcmpDVWxFMjN4YzIvRWNQSnVOCmwvL2xXZXI5ejFORzJlNUoxd1UxSFdxd0hzblYvU3g1YmNiK003c0dFNWM2dDBsR3BzMGNZViswbUtTc0d4Z0gKK0xqV3NvTU1BVTEraFVlK1MySGM1RzFYN3k4UTFhVnc3SjFSZFB3ZlhaS3gyOEE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K --- # Source: dapr/charts/dapr_sentry/templates/dapr_sentry_deployment.yaml apiVersion: v1 kind: Secret metadata: name: dapr-trust-bundle labels: app: dapr-sentry app.kubernetes.io/component: sentry app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 data: --- # Source: dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_webhook_config.yaml apiVersion: v1 kind: Secret metadata: name: dapr-sidecar-injector-cert labels: app: dapr-sidecar-injector app.kubernetes.io/component: sidecar-injector app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQzakNDQXNhZ0F3SUJBZ0lSQU9UQXBCblJTeXV3Z3V2Nm5NbGx2Ym93RFFZSktvWklodmNOQVFFTEJRQXcKSXpFaE1COEdBMVVFQXhNWVpHRndjaTF6YVdSbFkyRnlMV2x1YW1WamRHOXlMV05oTUI0WERUSXlNVEl3TVRJegpORGt5TlZvWERUTXlNVEV5T0RJek5Ea3lOVm93SURFZU1Cd0dBMVVFQXhNVlpHRndjaTF6YVdSbFkyRnlMV2x1CmFtVmpkRzl5TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFtVzJ4Ty8wQWIyYU4KWGNHalR0dWZXajZqQ3dBenowN1RMTWszYS95NGlwQVF4eURxVVl5Zjc5bVpZclNvT1BVdXNMbEltYk9IbEFxVAo1RXR0YWRPeTB6djRNK1VCVytIVzFCZ2tqLzBhSU00aXFVemZ0UGlsL3I4bjlycjFvNU0vb2xaTk4zL2xIVTEyClhQOWJnZkpuUEYxRU5tL0QyVFBtUUlBS3pGYURLQkw5T3dvRXhIc051anJ0WHNscUVrbmlscUpLREVCdi9yTGUKaklGTTNpalNLRWpTMlM1K0ZyWm5kdmNUZk1XNEtiOTZzakUyRTdzSlhiVVczWVJDKzJOT2dIMUN0Smc4K3AzMwpNSHh1M01kWG05Lzd1a2dIOFhHNjdQcGU5OWp6M2VrYVNKSjV5RkduTnRZdzROOWQySUZhZVA2d2JyTmVvK0V3CkpRV29rRE9sRFFJREFRQUJvNElCRGpDQ0FRb3dEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CMEdBMVVkSlFRV01CUUcKQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CQWY4RUFqQUFNQjhHQTFVZEl3UVlNQmFBRkh5VwpMRkpqcDFDNjlibVFIUkdOeVNSclE5TDJNSUdwQmdOVkhSRUVnYUV3Z1o2Q0hXUmhjSEl0YzJsa1pXTmhjaTFwCmJtcGxZM1J2Y2k1a1pXWmhkV3gwZ2lGa1lYQnlMWE5wWkdWallYSXRhVzVxWldOMGIzSXVaR1ZtWVhWc2RDNXoKZG1PQ0tXUmhjSEl0YzJsa1pXTmhjaTFwYm1wbFkzUnZjaTVrWldaaGRXeDBMbk4yWXk1amJIVnpkR1Z5Z2k5awpZWEJ5TFhOcFpHVmpZWEl0YVc1cVpXTjBiM0l1WkdWbVlYVnNkQzV6ZG1NdVkyeDFjM1JsY2k1c2IyTmhiREFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUd3c21kUjIrMU4rdUpnRmIvUHJVTzA4Yk5Bc1ByMFlRVnJJK2FaVksKcUZVK2FuSFpMRHZ5V0hhR0QwbEhLMDFJY3d5TjlWWThvZkc1RzZGNVJ6dUdvSHYwbFd2dUI4bWpWL1BXUDRDcApmWjR1M2VPRXV3cnh5eTZiM2h0VjBodzVMUEt0ZytTZU1SOEo2WUNmZjErQWVzV1FxOC92bUpBbkZJdzduQ1JqClM2aFFIWC8veVlXVTlhT0Y1MmMrZEJpYmNmZzVKL2lLY2I4bEVHS3FwSHQ0RmoyNjVIbnNaQzZtc0RIZkFlT04KS3FvaUVhZUk5MkF0U3JKeXc5bW0vOXlDK2IyTGhVeTc1ODRCczlVd3R0VHFXUGFucXBJdlhuRGhNYjFNcnZXUwpyVkZpMEFRRUxWVzRBNUQ0UlNVWDhJMVdiamxBZDVZenZaYTBrdWl2T3paZXFnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBbVcyeE8vMEFiMmFOWGNHalR0dWZXajZqQ3dBenowN1RMTWszYS95NGlwQVF4eURxClVZeWY3OW1aWXJTb09QVXVzTGxJbWJPSGxBcVQ1RXR0YWRPeTB6djRNK1VCVytIVzFCZ2tqLzBhSU00aXFVemYKdFBpbC9yOG45cnIxbzVNL29sWk5OMy9sSFUxMlhQOWJnZkpuUEYxRU5tL0QyVFBtUUlBS3pGYURLQkw5T3dvRQp4SHNOdWpydFhzbHFFa25pbHFKS0RFQnYvckxlaklGTTNpalNLRWpTMlM1K0ZyWm5kdmNUZk1XNEtiOTZzakUyCkU3c0pYYlVXM1lSQysyTk9nSDFDdEpnOCtwMzNNSHh1M01kWG05Lzd1a2dIOFhHNjdQcGU5OWp6M2VrYVNKSjUKeUZHbk50WXc0TjlkMklGYWVQNndick5lbytFd0pRV29rRE9sRFFJREFRQUJBb0lCQUc3QlJYakZhU1FCeHJqUQppSi9yWUh3WHpVQ3FzN3ZKN2gxZFg1bWZoR1BhSFpKeGkxUzFDOXRybkJNcDBHblZiQS84b0pEN2pUcHI3RmlYCnJuTC9kQTZTTXRqYlRvRFNaVzhUd29rQ3IzTFEreXAxcU9PTnZ0NUhoWVRSYjNMV1g5QkRObGlEQlpTQ2o1Z1EKYWpGREdBejJVc0J0SzliR1pVZFladk1jM0c3M01BOGhHVk4xc3NNRmFhT1RFVE5scjErNWxUWVRGWHNjYUVQSApWajBKNStEcDhvZFByY0VRNmlBdEEvc3lhK20yNW1YK0YrSEpQcGdUZHRiQk1hVVN2WkxRVkp5WW5MNkkxVHFhCnZUa0Q1MjNMTW1tbEZQeEJsR3NaTmIyYVluV3FvekluRzgvM3crUjhpZXNWc1ZJa0pwN2ZiUkt5YmJBUWlKbEYKVUhtQ0crMENnWUVBd2pYQm5wajlPRXl4T1lhbU14U2twUFhjZmNQMVVBZVFkN0daL1pTS0Y0ZDJwcmJ6SUR5SgpBaStUdVFXcU16UldGaE1oMEZWQkI3L2NNNzVnSnRmRUlRS1JKS1JEYkNtakJoaXZuNldSNk84dDZmM1I3Zm9iCkk0VWZ4QldiNnVEQjlFVy9vSENvbmYwVXlvbWtFSVpFVjg3ems0cTlqeFNsaktHNk56OFN6UjhDZ1lFQXlqNVEKKy9pdmNyWllWOVR1SjBwUlhpeWpFdzdKWkptekFRMTFHd1liMU8yQ2ljNWcyWkN6TXJpaU5Ea1NLYW85WjQ5cAo0bjdKSTF2N081VlNlMldrWkFCcmpoa3Riazg0bnNxSjQ4Q3JhVGpCckpXNW5TMEg1Y3RtcGdtTTQybTZrVU5HCmNhV0U5eXdncmJZbTlZSTNtRlZZdHpPeEpxYVBRVUc3a0pRY1hGTUNnWUJVeS9IeFZLMWprcURqRkRhbklRRk8KZ1ljM1pvTks0VEtrQUdqVFByTVkyTzNtbHdVSzgwT0RMOURaUFc3MkVvanY5SVNVR1ZWZWs5Z0t3N25wMjlYbgo3OTM5MkxjVG1BNTFUL3dHd2QwMmpwQkdsYXUrczdCN3p0bHkzVmlKc244ZE1BTWVnM0lzSVYrZG00R0dNWW5QCnFTM1RJd1huWGtWMlpQc1F1anAwVXdLQmdGY01XMjhZcXV1RThLRmRWT1EwYUxGUUpTQ2V6TEF3TjR2TWJ3c2kKcGZnUUFvK3Q5S0d3Vm5FT1owSnpEZzVBNkEwYS9VZ3ZxZ00rSS9TUllOOGI4SlhhV0hEaEJWemxYRWw4Zzcwegp3Sk9aaWtMdWJ1WG42KzVNamZJSlNrclh4eVdlLzBNTEt4LzRMbGlXZms1TnJnQXpPK3dlbzdFdkg1bkc0U1JwCm00dGhBb0dCQUpIc3QveGJhdFdPY0QzbTFzczc2di84Z0t4c0Q5Q0pidGk0Q3Z0Z3Y1bUkxNjBmUDZLRE9pWUwKc0Jkd0VIcGhXbVAyNXBvYkJEWDJpdG5PdmNEWlhOUjFyblVlN3BMNTNoVjUwdG05UlUxSU8xbVlkeDlGeXBNSQp5L01FZkxaQkYzT0VqejZtcTBZOEM3R3BkeE0vQWo5ME4vc0V1dzZrODh4UEs2ZEJ6OEFKCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== --- # Source: dapr/charts/dapr_rbac/templates/ClusterRoleBinding.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dapr-operator-admin labels: app.kubernetes.io/component: rbac app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["get", "patch"] - apiGroups: [""] resources: ["serviceaccounts"] verbs: ["get", "list"] - apiGroups: ["apps"] resources: ["deployments", "deployments/finalizers"] verbs: [ "get", "list", "watch", "update"] - apiGroups: ["apps"] resources: ["statefulsets", "statefulsets/finalizers"] verbs: [ "get", "list", "watch", "update", "create"] - apiGroups: [""] resources: ["pods", "services","services/finalizers"] verbs: [ "get", "list", "watch", "update", "create", "delete"] - apiGroups: [""] resources: ["configmaps"] verbs: [ "get", "update", "create"] - apiGroups: [""] resources: ["secrets"] verbs: [ "get", "list", "watch", "update"] - apiGroups: ["dapr.io"] resources: ["components"] verbs: [ "get", "list", "watch"] - apiGroups: ["dapr.io"] resources: ["pluggablecomponents"] verbs: [ "get", "list", "watch"] - apiGroups: ["dapr.io"] resources: ["configurations"] verbs: [ "get", "list", "watch"] - apiGroups: ["dapr.io"] resources: ["subscriptions"] verbs: [ "get", "list", "watch", "update"] - apiGroups: ["dapr.io"] resources: ["resiliencies"] verbs: [ "get", "list", "watch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: [ "get", "list", "watch", "update", "create", "delete"] - apiGroups: ["", "events.k8s.io"] resources: ["events"] verbs: ["create"] --- # Source: dapr/charts/dapr_rbac/templates/ClusterRoleBinding.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dashboard-reader labels: app.kubernetes.io/component: rbac app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 rules: - apiGroups: ["", "dapr.io", "apps", "extensions"] resources: ["deployments", "pods", "pods/log", "components", "configurations", "namespaces", "pluggablecomponents"] verbs: ["get", "list"] --- # Source: dapr/charts/dapr_rbac/templates/ClusterRoleBinding.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dapr-operator labels: app.kubernetes.io/component: rbac app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 subjects: - kind: ServiceAccount name: dapr-operator namespace: default roleRef: kind: ClusterRole name: dapr-operator-admin apiGroup: rbac.authorization.k8s.io --- # Source: dapr/charts/dapr_rbac/templates/ClusterRoleBinding.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dapr-role-tokenreview-binding labels: app.kubernetes.io/component: rbac app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 subjects: - kind: ServiceAccount name: dapr-operator namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator --- # Source: dapr/charts/dapr_rbac/templates/ClusterRoleBinding.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dashboard-reader-global labels: app.kubernetes.io/component: rbac app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 subjects: - kind: ServiceAccount name: dashboard-reader namespace: default roleRef: kind: ClusterRole name: dashboard-reader apiGroup: rbac.authorization.k8s.io --- # Source: dapr/charts/dapr_rbac/templates/ClusterRoleBinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: secret-reader namespace: default labels: app.kubernetes.io/component: rbac app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get"] --- # Source: dapr/charts/dapr_rbac/templates/ClusterRoleBinding.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dapr-secret-reader namespace: default labels: app.kubernetes.io/component: rbac app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 subjects: - kind: ServiceAccount name: default roleRef: kind: Role name: secret-reader apiGroup: rbac.authorization.k8s.io --- # Source: dapr/charts/dapr_dashboard/templates/dapr_dashboard_service.yaml kind: Service apiVersion: v1 metadata: name: dapr-dashboard labels: app.kubernetes.io/component: dashboard app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 annotations: spec: selector: app: dapr-dashboard ports: - protocol: TCP port: 8080 targetPort: 8080 type: ClusterIP --- # Source: dapr/charts/dapr_operator/templates/dapr_operator_service.yaml kind: Service apiVersion: v1 metadata: name: dapr-api labels: app.kubernetes.io/component: operator app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 spec: selector: app: dapr-operator ports: - protocol: TCP port: 80 targetPort: 6500 --- # Source: dapr/charts/dapr_operator/templates/dapr_operator_service.yaml apiVersion: v1 kind: Service metadata: name: dapr-webhook labels: app.kubernetes.io/component: operator app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 spec: ports: - port: 443 targetPort: 19443 protocol: TCP selector: app: dapr-operator --- # Source: dapr/charts/dapr_placement/templates/dapr_placement_service.yaml kind: Service apiVersion: v1 metadata: name: dapr-placement-server labels: app: dapr-placement-server app.kubernetes.io/component: placement app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 spec: selector: app: dapr-placement-server # placement must be able to resolve pod address to join initial cluster peers # before POD is ready publishNotReadyAddresses: true ports: - name: api port: 50005 - name: raft-node port: 8201 clusterIP: None --- # Source: dapr/charts/dapr_sentry/templates/dapr_sentry_service.yaml kind: Service apiVersion: v1 metadata: name: dapr-sentry labels: app.kubernetes.io/component: sentry app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 spec: selector: app: dapr-sentry ports: - protocol: TCP port: 80 targetPort: 50001 --- # Source: dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_service.yaml apiVersion: v1 kind: Service metadata: name: dapr-sidecar-injector labels: app.kubernetes.io/component: sidecar-injector app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 spec: type: ClusterIP ports: - port: 443 targetPort: https protocol: TCP name: https selector: app: dapr-sidecar-injector --- # Source: dapr/charts/dapr_dashboard/templates/dapr_dashboard_deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: dapr-dashboard labels: app: dapr-dashboard app.kubernetes.io/component: dashboard app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 spec: replicas: 1 selector: matchLabels: app: dapr-dashboard template: metadata: labels: app: dapr-dashboard app.kubernetes.io/component: dashboard app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 spec: serviceAccountName: dashboard-reader affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux containers: - name: dapr-dashboard image: "docker.io/daprio/dashboard:0.11.0" imagePullPolicy: IfNotPresent securityContext: runAsNonRoot: true env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - containerPort: 8080 resources: {} --- # Source: dapr/charts/dapr_operator/templates/dapr_operator_deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: dapr-operator labels: app: dapr-operator app.kubernetes.io/component: operator app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 spec: replicas: 1 selector: matchLabels: app: dapr-operator template: metadata: labels: app: dapr-operator app.kubernetes.io/component: operator app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 annotations: prometheus.io/scrape: "true" prometheus.io/port: "9090" prometheus.io/path: "/" spec: containers: - name: dapr-operator livenessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 3 periodSeconds: 3 failureThreshold: 5 readinessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 3 periodSeconds: 3 failureThreshold: 5 image: "docker.io/daprio/dapr:1.9.5" imagePullPolicy: IfNotPresent securityContext: runAsNonRoot: true env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - containerPort: 6500 - name: metrics containerPort: 9090 protocol: TCP resources: {} volumeMounts: - name: credentials mountPath: /var/run/dapr/credentials readOnly: true - name: webhook-creds mountPath: /tmp/k8s-webhook-server/serving-certs readOnly: true command: - "/operator" args: - "--watch-interval" - "0" - "--max-pod-restarts-per-minute" - "20" - "--log-level" - "info" - "--enable-metrics" - "--metrics-port" - "9090" serviceAccountName: dapr-operator volumes: - name: credentials secret: secretName: dapr-trust-bundle - name: webhook-creds secret: secretName: dapr-webhook-cert affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux --- # Source: dapr/charts/dapr_sentry/templates/dapr_sentry_deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: dapr-sentry labels: app: dapr-sentry app.kubernetes.io/component: sentry app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 spec: replicas: 1 selector: matchLabels: app: dapr-sentry template: metadata: labels: app: dapr-sentry app.kubernetes.io/component: sentry app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 annotations: prometheus.io/scrape: "true" prometheus.io/port: "9090" prometheus.io/path: "/" spec: containers: - name: dapr-sentry livenessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 3 periodSeconds: 3 failureThreshold: 5 readinessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 3 periodSeconds: 3 failureThreshold: 5 image: "docker.io/daprio/dapr:1.9.5" imagePullPolicy: IfNotPresent securityContext: runAsNonRoot: true env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - containerPort: 50001 - name: metrics containerPort: 9090 protocol: TCP resources: {} volumeMounts: - name: credentials mountPath: /var/run/dapr/credentials readOnly: true command: - "/sentry" args: - "--log-level" - info - "--enable-metrics" - "--metrics-port" - "9090" - "--trust-domain" - cluster.local serviceAccountName: dapr-operator volumes: - name: credentials secret: secretName: dapr-trust-bundle affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux --- # Source: dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: dapr-sidecar-injector labels: app: dapr-sidecar-injector app.kubernetes.io/component: sidecar-injector app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 spec: selector: matchLabels: app: dapr-sidecar-injector template: metadata: labels: app: dapr-sidecar-injector app.kubernetes.io/component: sidecar-injector app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 annotations: prometheus.io/scrape: "true" prometheus.io/port: "9090" prometheus.io/path: "/" spec: serviceAccountName: dapr-operator containers: - name: dapr-sidecar-injector livenessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 3 periodSeconds: 3 failureThreshold: 5 readinessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 3 periodSeconds: 3 failureThreshold: 5 image: "docker.io/daprio/dapr:1.9.5" imagePullPolicy: IfNotPresent securityContext: runAsNonRoot: true command: - "/injector" args: - "--log-level" - info - "--enable-metrics" - "--metrics-port" - "9090" - "--healthz-port" - "8080" env: - name: TLS_CERT_FILE value: /dapr/cert/tls.crt - name: TLS_KEY_FILE value: /dapr/cert/tls.key - name: KUBE_CLUSTER_DOMAIN value: "cluster.local" - name: SIDECAR_IMAGE value: "docker.io/daprio/daprd:1.9.5" - name: SIDECAR_IMAGE_PULL_POLICY value: "IfNotPresent" - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: IGNORE_ENTRYPOINT_TOLERATIONS value: "[{\"effect\":\"NoSchedule\",\"key\":\"alibabacloud.com/eci\"},{\"effect\":\"NoSchedule\",\"key\":\"azure.com/aci\"},{\"effect\":\"NoSchedule\",\"key\":\"aws\"},{\"effect\":\"NoSchedule\",\"key\":\"huawei.com/cci\"}]" ports: - name: https containerPort: 4000 protocol: TCP - name: metrics containerPort: 9090 protocol: TCP resources: {} volumeMounts: - name: cert mountPath: /dapr/cert readOnly: true volumes: - name: cert secret: secretName: dapr-sidecar-injector-cert affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux --- # Source: dapr/charts/dapr_placement/templates/dapr_placement_deployment.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: dapr-placement-server labels: app: dapr-placement-server app.kubernetes.io/component: placement app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 spec: replicas: 1 serviceName: dapr-placement-server podManagementPolicy: Parallel selector: matchLabels: app: dapr-placement-server template: metadata: labels: app: dapr-placement-server app.kubernetes.io/component: placement app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 annotations: prometheus.io/scrape: "true" prometheus.io/port: "9090" prometheus.io/path: "/" spec: containers: - name: dapr-placement-server livenessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 10 periodSeconds: 3 failureThreshold: 5 readinessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 3 periodSeconds: 3 failureThreshold: 5 image: "docker.io/daprio/dapr:1.9.5" imagePullPolicy: IfNotPresent resources: {} volumeMounts: - name: credentials mountPath: /var/run/dapr/credentials readOnly: true ports: - containerPort: 50005 name: api - containerPort: 8201 name: raft-node - name: metrics containerPort: 9090 protocol: TCP command: - "/placement" args: - "--log-level" - info - "--enable-metrics" - "--replicationFactor" - "100" - "--metrics-port" - "9090" - "--tls-enabled" securityContext: runAsUser: 0 env: - name: PLACEMENT_ID valueFrom: fieldRef: fieldPath: metadata.name - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace serviceAccountName: dapr-operator volumes: - name: credentials secret: secretName: dapr-trust-bundle affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux --- # Source: dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_webhook_config.yaml apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: dapr-sidecar-injector labels: app: dapr-sidecar-injector app.kubernetes.io/component: sidecar-injector app.kubernetes.io/managed-by: helm app.kubernetes.io/name: RELEASE-NAME app.kubernetes.io/part-of: dapr app.kubernetes.io/version: 1.9.5 webhooks: - name: sidecar-injector.dapr.io clientConfig: service: namespace: default name: dapr-sidecar-injector path: "/mutate" caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNVENDQWhtZ0F3SUJBZ0lRV05UNTJhTXRlbDU2YWlhR3MvMGhGakFOQmdrcWhraUc5dzBCQVFzRkFEQWoKTVNFd0h3WURWUVFERXhoa1lYQnlMWE5wWkdWallYSXRhVzVxWldOMGIzSXRZMkV3SGhjTk1qSXhNakF4TWpNMApPVEkxV2hjTk16SXhNVEk0TWpNME9USTFXakFqTVNFd0h3WURWUVFERXhoa1lYQnlMWE5wWkdWallYSXRhVzVxClpXTjBiM0l0WTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURlc25SRDVlc1IKSjJURjlWYmhnYTFnbGVGdCtVQUdiMlVhSi83TDN5aTAwcnpscFp2a2pLbjdHM2dwL2JuaEdLbFhrK3VQTENiMwpLUXMwVEhVTXI1d2VhK3h4elJrWmVGNDh6THYvVGdhMGdrL2pnclpsRGhYZ2w3NThnRUt0czRFbG1PdTdLL2pJCksvMWdKYUR6WU5iVlZFQXVmbTBQV1ltWlRuUzhVZElXOGh0OW1DUDNnQmZkVU1ZSXdnQjNUM2F6TWR5eDloZWQKVjJMcWkxOVV2Z3QrTzYyNHRKSTlBQW9KdXJWbGVrOG01OWpyUWZ4bWwzcE1HbHBZK3RoQTEyekhRN1QveE55KwpJLzNNT2tOcDhQc0VXYkhMRlB5MDdsamg2S3p0RUFwYlAzaEpVaG5TamxjUDJpQk9JUDdRMW95d3Zuc0xOTnNhCkRZZXFwSGJ2QUZvYkFnTUJBQUdqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3IKQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVZkpZcwpVbU9uVUxyMXVaQWRFWTNKSkd0RDB2WXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBTnhObllNTHU5ZmRBbjFYCnMxNjhCWldqWm5MNUhUaGhaVW5ZcFFvWFAyRUR3TDhLRVJFMkhyQ3ZmZytxV25BTU9UaCtJTG1XVkJ2Z3FWODkKSWI5WENFQXBFQXB4ZzBvaHB4eUltcGtLakpLSkFPenRnSzIzUWo3MFQzdXl1VzZtMENiSytlT09iN05uSFZEdQovOSsrY0RRZERxeTdFNENyaWpIRUJFTm5MOTVHSmZhejZZckJlQVpqMG9MbVpjWHlaL2lDUEhpOTNKbjZBVU1mClQvSS96Q1MweDJLOW43ejNwSmdqQXNHeGx4SUJON09xRC9tK1VubnNWa2drS1h5bmFMd05GSFBJQWgvWkxJU0oKViswSE9Kbkp0ZWVSQ0F0VHZFTDRLcHo2eGs1WW1sRmc0Zlg3c3g3ckFmcnBlUnVybm0rc0R0SUUvak8vL1JZVgpvWDJGMklNPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== rules: - apiGroups: - "" apiVersions: - v1 resources: - pods operations: - CREATE failurePolicy: Ignore sideEffects: None admissionReviewVersions: ["v1", "v1beta1"]