Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var AllowedServiceAccountInfos = []string{
"kube-system:replicaset-controller",
"kube-system:deployment-controller",
"kube-system:cronjob-controller",
"kube-system:job-controller",
"kube-system:statefulset-controller",
"kube-system:daemon-set-controller",
"tekton-pipelines:tekton-pipelines-controller",
}
Functions ¶
func AllowedControllersServiceAccountUID ¶ added in v1.1.0
func AllowedControllersServiceAccountUID(ctx context.Context, cfg Config, kubeClient kubernetes.Interface) ([]string, error)
AllowedControllersServiceAccountUID returns an array of UID, list of allowed service account on the webhook handler.
Types ¶
type Config ¶
type Config struct {
TLSCertFile string `envconfig:"TLS_CERT_FILE" required:"true"`
TLSKeyFile string `envconfig:"TLS_KEY_FILE" required:"true"`
SidecarImage string `envconfig:"SIDECAR_IMAGE" required:"true"`
SidecarImagePullPolicy string `envconfig:"SIDECAR_IMAGE_PULL_POLICY"`
Namespace string `envconfig:"NAMESPACE" required:"true"`
KubeClusterDomain string `envconfig:"KUBE_CLUSTER_DOMAIN"`
AllowedServiceAccounts string `envconfig:"ALLOWED_SERVICE_ACCOUNTS"`
AllowedServiceAccountsPrefixNames string `envconfig:"ALLOWED_SERVICE_ACCOUNTS_PREFIX_NAMES"`
IgnoreEntrypointTolerations string `envconfig:"IGNORE_ENTRYPOINT_TOLERATIONS"`
SkipPlacement string `envconfig:"SKIP_PLACEMENT"`
RunAsNonRoot string `envconfig:"SIDECAR_RUN_AS_NON_ROOT"`
ReadOnlyRootFilesystem string `envconfig:"SIDECAR_READ_ONLY_ROOT_FILESYSTEM"`
SidecarDropALLCapabilities string `envconfig:"SIDECAR_DROP_ALL_CAPABILITIES"`
// contains filtered or unexported fields
}
Config represents configuration options for the Dapr Sidecar Injector webhook server.
func GetConfig ¶ added in v1.3.0
GetConfig returns configuration derived from environment variables.
func NewConfigWithDefaults ¶
func NewConfigWithDefaults() Config
NewConfigWithDefaults returns a Config object with default values already applied. Callers are then free to set custom values for the remaining fields and/or override default values.
func (*Config) GetDropCapabilities ¶ added in v1.11.0
func (*Config) GetIgnoreEntrypointTolerations ¶ added in v1.9.0
func (c *Config) GetIgnoreEntrypointTolerations() []corev1.Toleration
func (Config) GetPullPolicy ¶ added in v1.9.0
func (c Config) GetPullPolicy() corev1.PullPolicy
func (*Config) GetReadOnlyRootFilesystem ¶ added in v1.10.0
func (*Config) GetRunAsNonRoot ¶ added in v1.10.0
func (*Config) GetSkipPlacement ¶ added in v1.11.0
type Injector ¶
Injector is the interface for the Dapr runtime sidecar injection component.
func NewInjector ¶
func NewInjector(authUIDs []string, config Config, daprClient scheme.Interface, kubeClient kubernetes.Interface) (Injector, error)
NewInjector returns a new Injector instance with the given config.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package annotations contains the list of annotations for Dapr deployments.
|
Package annotations contains the list of annotations for Dapr deployments. |
|
package sidecar contains helpers to build the Container object for Kubernetes to deploy the Dapr sidecar container.
|
package sidecar contains helpers to build the Container object for Kubernetes to deploy the Dapr sidecar container. |
Click to show internal directories.
Click to hide internal directories.