Documentation
¶
Index ¶
- Variables
- func AllowedControllersServiceAccountUID(ctx context.Context, cfg Config, kubeClient kubernetes.Interface) ([]string, error)
- func InitMetrics() error
- func RecordFailedSidecarInjectionCount(appID, reason string)
- func RecordSidecarInjectionRequestsCount()
- func RecordSuccessfulSidecarInjectionCount(appID string)
- type Config
- type Injector
- type Options
Constants ¶
This section is empty.
Variables ¶
var AllowedServiceAccountInfos = []string{
"kube-system:replicaset-controller",
"kube-system:deployment-controller",
"kube-system:cronjob-controller",
"kube-system:job-controller",
"kube-system:statefulset-controller",
"kube-system:daemon-set-controller",
"tekton-pipelines:tekton-pipelines-controller",
}
Functions ¶
func AllowedControllersServiceAccountUID ¶
func AllowedControllersServiceAccountUID(ctx context.Context, cfg Config, kubeClient kubernetes.Interface) ([]string, error)
AllowedControllersServiceAccountUID returns an array of UID, list of allowed service account on the webhook handler.
func RecordFailedSidecarInjectionCount ¶
func RecordFailedSidecarInjectionCount(appID, reason string)
RecordFailedSidecarInjectionCount records the number of failed sidecar injections.
func RecordSidecarInjectionRequestsCount ¶
func RecordSidecarInjectionRequestsCount()
RecordSidecarInjectionRequestsCount records the total number of sidecar injection requests.
func RecordSuccessfulSidecarInjectionCount ¶
func RecordSuccessfulSidecarInjectionCount(appID string)
RecordSuccessfulSidecarInjectionCount records the number of successful sidecar injections.
Types ¶
type Config ¶
type Config struct {
SidecarImage string `envconfig:"SIDECAR_IMAGE" required:"true"`
SidecarImagePullPolicy string `envconfig:"SIDECAR_IMAGE_PULL_POLICY"`
Namespace string `envconfig:"NAMESPACE" required:"true"`
KubeClusterDomain string `envconfig:"KUBE_CLUSTER_DOMAIN"`
AllowedServiceAccounts string `envconfig:"ALLOWED_SERVICE_ACCOUNTS"`
AllowedServiceAccountsPrefixNames string `envconfig:"ALLOWED_SERVICE_ACCOUNTS_PREFIX_NAMES"`
IgnoreEntrypointTolerations string `envconfig:"IGNORE_ENTRYPOINT_TOLERATIONS"`
SkipPlacement string `envconfig:"SKIP_PLACEMENT"`
RunAsNonRoot string `envconfig:"SIDECAR_RUN_AS_NON_ROOT"`
ReadOnlyRootFilesystem string `envconfig:"SIDECAR_READ_ONLY_ROOT_FILESYSTEM"`
SidecarDropALLCapabilities string `envconfig:"SIDECAR_DROP_ALL_CAPABILITIES"`
TrustAnchorsFile string `envconfig:"DAPR_TRUST_ANCHORS_FILE"`
ControlPlaneTrustDomain string `envconfig:"DAPR_CONTROL_PLANE_TRUST_DOMAIN"`
SentryAddress string `envconfig:"DAPR_SENTRY_ADDRESS"`
// contains filtered or unexported fields
}
Config represents configuration options for the Dapr Sidecar Injector webhook server.
func NewConfigWithDefaults ¶
func NewConfigWithDefaults() Config
NewConfigWithDefaults returns a Config object with default values already applied. Callers are then free to set custom values for the remaining fields and/or override default values.
func (*Config) GetDropCapabilities ¶
func (*Config) GetIgnoreEntrypointTolerations ¶
func (c *Config) GetIgnoreEntrypointTolerations() []corev1.Toleration
func (Config) GetPullPolicy ¶
func (c Config) GetPullPolicy() corev1.PullPolicy
func (*Config) GetReadOnlyRootFilesystem ¶
func (*Config) GetRunAsNonRoot ¶
func (*Config) GetSkipPlacement ¶
type Injector ¶
type Injector interface {
Run(context.Context, *tls.Config, signDaprdCertificateFn, currentTrustAnchorsFn) error
Ready(context.Context) error
}
Injector is the interface for the Dapr runtime sidecar injection component.
func NewInjector ¶
NewInjector returns a new Injector instance with the given config.
Source Files