Skip to content

Commit

Permalink
Update master with release-1.13 branch (#7595)
Browse files Browse the repository at this point in the history 
* Make injector resilient to sentry unavailability (#7507)

* make injector resilient to sentry unavailability

Signed-off-by: yaron2 <schneider.yaron@live.com>

* remove redundant line

Signed-off-by: yaron2 <schneider.yaron@live.com>

---------

Signed-off-by: yaron2 <schneider.yaron@live.com>

* sentry retry up to 30s (#7508)

Signed-off-by: yaron2 <schneider.yaron@live.com>

* Update contrib to 1.13.0-rc.3 (#7509)

* update contrib to 1.13.0-rc.2

Signed-off-by: yaron2 <schneider.yaron@live.com>

* update to rc.3

Signed-off-by: yaron2 <schneider.yaron@live.com>

---------

Signed-off-by: yaron2 <schneider.yaron@live.com>

* Injector: add option to add `DAPR_HOST_IP` env var to daprd (#7511)

The `DAPR_HOST_IP` env var is used in various places in Dapr for a sidecar to know its own IP address, for example for service invocation or actor invocation.

When using the Dapr injector to add the daprd container, we can use the downstream APIs to add the `DAPR_HOST_IP` env var based on data from the controller

This option can be enabled by setting the Helm option `dapr_sidecar_injector.enableK8sDownwardAPIs=true`

Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>

* Fix state encryption regression + add integration test (#7517)

* fix state encryption regression + add intg test

Signed-off-by: yaron2 <schneider.yaron@live.com>

* linter

Signed-off-by: yaron2 <schneider.yaron@live.com>

* review feedback

Signed-off-by: yaron2 <schneider.yaron@live.com>

* linter

Signed-off-by: yaron2 <schneider.yaron@live.com>

* just use sha256, remove nolint:gosec

Signed-off-by: yaron2 <schneider.yaron@live.com>

---------

Signed-off-by: yaron2 <schneider.yaron@live.com>

* Test Integration: speed up tests 10% (#7528)

* Test Integration: speed up tests 10%

Speed up integration tests by changing poll intervals
`100*time.Millisecond` to `10*time.Millisecond`.

~4.50m to ~4.20m

Signed-off-by: joshvanl <me@joshvanl.dev>

* Wait for operator healthz before exiting to ensure no exit error

Signed-off-by: joshvanl <me@joshvanl.dev>

---------

Signed-off-by: joshvanl <me@joshvanl.dev>

* Revert selfhosted disk loader to not respect namespace (#7527)

* Revert selfhosted disk loader to not respect namespace

Revert the selfhosted component disk loader to not respect the
namespace. This will allow the selfhosted disk loader to load components
from any namespace from file.

Fixes #7523

Signed-off-by: joshvanl <me@joshvanl.dev>

* Revert component disk loader behaviour to respect component namespace
when NAMESPACE env var is set.

Signed-off-by: joshvanl <me@joshvanl.dev>

---------

Signed-off-by: joshvanl <me@joshvanl.dev>

* [1.13] Add warning that Dapr state store encryption could lead to catastrophic failures (#7524)

* [1.13] Add warning that Dapr state store encryption could lead to catastrophic failures

If the same key is used to encrypt more than 2^32 values (ie. more than 2^32 "Save" operations), it can lead to the private keys being exposed.

See: #6027
Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>

* Changed per review feedback

Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>

---------

Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>

* Add content-length to http channel (#7537)

* add content-length to http channel

Signed-off-by: yaron2 <schneider.yaron@live.com>

* update tests

Signed-off-by: yaron2 <schneider.yaron@live.com>

---------

Signed-off-by: yaron2 <schneider.yaron@live.com>

* Updates components-contrib to 1.13.0-rc.4 (#7538)

* Updates components-contrib to 1.13.0-rc.3

Signed-off-by: joshvanl <me@joshvanl.dev>

* mod-tidy-all

Signed-off-by: joshvanl <me@joshvanl.dev>

---------

Signed-off-by: joshvanl <me@joshvanl.dev>
Co-authored-by: Yaron Schneider <schneider.yaron@live.com>

* Subscriptions: Fix panic when match rule is empty (#7539)

Prevents a panic resulting when a subscription route rule match
(`spec.routes.rules.match`) is empty. An empty match rule is valid and
is considered "default". Error occurs because of Go interface vs
implementation struct pointer nil check foot-gun.

Adds integration tests for both HTTP and gRPC subscribers.

Signed-off-by: joshvanl <me@joshvanl.dev>

* Hot Reloading: don't watch files if not enabled (#7521)

* Hot Reloading: don't watch files if not enabled

Update hot reloading so that we don't setup file watchers on the
component directory if hot reloading is not enabled.

Signed-off-by: joshvanl <me@joshvanl.dev>

* Remove `Close` paradigm from hot reloader

Signed-off-by: joshvanl <me@joshvanl.dev>

* Linting

Signed-off-by: joshvanl <me@joshvanl.dev>

---------

Signed-off-by: joshvanl <me@joshvanl.dev>
Co-authored-by: Yaron Schneider <schneider.yaron@live.com>

* Remove pubsub content-length test which has been removed from (#7550)

release-1.13

Signed-off-by: joshvanl <me@joshvanl.dev>

* Revert ApiLevel controlling vnodes back to context metadata (#7547)

* Revert ApiLevel controlling vnodes back to context metadata

Signed-off-by: Elena Kolevska <elena@kolevska.com>

* Lint

Signed-off-by: Elena Kolevska <elena@kolevska.com>

* Fixes after review

Signed-off-by: Elena Kolevska <elena@kolevska.com>

* Set back api level to 10, just for completeness purposes

Signed-off-by: Elena Kolevska <elena@kolevska.com>

* Don’t specify APILevelSpecify api level

Signed-off-by: Elena Kolevska <elena@kolevska.com>

* Apply suggestions from code review

Co-authored-by: Josh van Leeuwen <me@joshvanl.dev>
Signed-off-by: Elena Kolevska <elena-kolevska@users.noreply.github.com>

* Cleanup after review

Signed-off-by: Elena Kolevska <elena@kolevska.com>

* Small refactor

Signed-off-by: Elena Kolevska <elena@kolevska.com>

* Refactor multiple parameters into a request object for placement table dissemination

Signed-off-by: Elena Kolevska <elena@kolevska.com>

---------

Signed-off-by: Elena Kolevska <elena@kolevska.com>
Signed-off-by: Elena Kolevska <elena-kolevska@users.noreply.github.com>
Co-authored-by: Josh van Leeuwen <me@joshvanl.dev>
Co-authored-by: Artur Souza <asouza.pro@gmail.com>

* Actor Reminders: Default JSON serialization. (#7548)

* Actor Reminders: Default JSON serialization.

To support downgrades to 1.12 from 1.13, this PR changes the reminder
serialization storage format back to JSON by default. This means a 1.12
actor reminder client can read reminders written by 1.13 actors.

1.13 will continue to understand both JSON and protobuf. Protobuf
serialization can be enabled with the `ActorReminderStorageProtobuf`
feature gate. The actor "API Level" has been changed back to 10.

Adds test to ensure the default serialization is JSON.

Signed-off-by: joshvanl <me@joshvanl.dev>

* Remove ActorReminderStorageProtobuf feature gate in favour of using API
level

Signed-off-by: joshvanl <me@joshvanl.dev>

* Fix api level tests

Signed-off-by: joshvanl <me@joshvanl.dev>

---------

Signed-off-by: joshvanl <me@joshvanl.dev>
Co-authored-by: Yaron Schneider <schneider.yaron@live.com>

* Update contrib to 1.13.0-rc.6 (#7553)

* update contrib to 1.13.0-rc.5

Signed-off-by: yaron2 <schneider.yaron@live.com>

* update to rc.6

Signed-off-by: yaron2 <schneider.yaron@live.com>

---------

Signed-off-by: yaron2 <schneider.yaron@live.com>

* Updates components-contrib to 1.13.0-rc.7 (#7562)

Signed-off-by: joshvanl <me@joshvanl.dev>

* update contrib to 1.13.0-rc.8 (#7567)

* Add metadata in binding response even in case of error (#7572)

* Add binding metadata even in case of error.

Signed-off-by: Artur Souza <asouza.pro@gmail.com>

* ADD IT.

Signed-off-by: Artur Souza <asouza.pro@gmail.com>

* Fix lint.

Signed-off-by: Artur Souza <asouza.pro@gmail.com>

---------

Signed-off-by: Artur Souza <asouza.pro@gmail.com>

* [Release-1.13] Upgrade to contrib `v1.13.0-rc.10` (#7577)

* Upgrade to contrib 1.13.0-rc.9

Signed-off-by: Bernd Verst <github@bernd.dev>

* Use contrib 1.13.0-rc.10 for latest kafka sarama patch version

Signed-off-by: Bernd Verst <github@bernd.dev>

---------

Signed-off-by: Bernd Verst <github@bernd.dev>

* Fix for issue 7576 (#7581) (#7587)

Signed-off-by: Guido Spadotto <guido.spadotto@profesia.it>
Co-authored-by: Guido Spadotto <guido.spad8@gmail.com>
Co-authored-by: Guido Spadotto <guido.spadotto@profesia.it>

* Adds v1.13.0 release notes (#7586)

* Adds v1.13.0 release notes

Adds docs/release_notes/v1.13.0.md

Signed-off-by: joshvanl <me@joshvanl.dev>

* Update docs/release_notes/v1.13.0.md

Co-authored-by: Paul Yuknewicz <paulyuk@microsoft.com>
Signed-off-by: Josh van Leeuwen <me@joshvanl.dev>

* Move Actor Reminder Performance higher in notes

Signed-off-by: joshvanl <me@joshvanl.dev>

* Update v1.13.0.md

Signed-off-by: Artur Souza <asouza.pro@gmail.com>

---------

Signed-off-by: joshvanl <me@joshvanl.dev>
Signed-off-by: Josh van Leeuwen <me@joshvanl.dev>
Signed-off-by: Artur Souza <asouza.pro@gmail.com>
Co-authored-by: Paul Yuknewicz <paulyuk@microsoft.com>
Co-authored-by: Artur Souza <asouza.pro@gmail.com>

* chore: bump go to 1.21.8 and protobuf lib to 1.33.0 (#7591)

* ci: force go1.21.8 in workflows instead of go.mod

Signed-off-by: mikeee <hey@mike.ee>

* chore: bump google.golang.org/protobuf to 1.33.0

Signed-off-by: mikeee <hey@mike.ee>

* make modtidy-all

Signed-off-by: Artur Souza <asouza.pro@gmail.com>

---------

Signed-off-by: mikeee <hey@mike.ee>
Signed-off-by: Artur Souza <asouza.pro@gmail.com>
Co-authored-by: Artur Souza <asouza.pro@gmail.com>

---------

Signed-off-by: yaron2 <schneider.yaron@live.com>
Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
Signed-off-by: joshvanl <me@joshvanl.dev>
Signed-off-by: Elena Kolevska <elena@kolevska.com>
Signed-off-by: Elena Kolevska <elena-kolevska@users.noreply.github.com>
Signed-off-by: Artur Souza <asouza.pro@gmail.com>
Signed-off-by: Bernd Verst <github@bernd.dev>
Signed-off-by: Guido Spadotto <guido.spadotto@profesia.it>
Signed-off-by: Josh van Leeuwen <me@joshvanl.dev>
Signed-off-by: mikeee <hey@mike.ee>
Co-authored-by: Yaron Schneider <schneider.yaron@live.com>
Co-authored-by: Alessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com>
Co-authored-by: Elena Kolevska <elena-kolevska@users.noreply.github.com>
Co-authored-by: Artur Souza <asouza.pro@gmail.com>
Co-authored-by: Bernd Verst <github@bernd.dev>
Co-authored-by: Guido Spadotto <guido.spad8@gmail.com>
Co-authored-by: Guido Spadotto <guido.spadotto@profesia.it>
Co-authored-by: Paul Yuknewicz <paulyuk@microsoft.com>
Co-authored-by: Mike Nguyen <hey@mike.ee>
  • Loading branch information
@JoshVanL @yaron2
@ItalyPaleAle @elena-kolevska @artursouza @berndverst @gspadotto @guidospadotto-profesia @paulyuk @mikeee
10 people committed Mar 6, 2024
1 parent 1401758 commit 1421069
Show file tree
Hide file tree
Showing 176 changed files with 3,524 additions and 1,090 deletions.
43 changes: 43 additions & 0 deletions ...w-test-patches/e2e/release-1.12/dapr-sidecar-master/0003-remote-content-length-test.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
commit 6dea5b910e90647ad3bffc1458a24fceb94a6044
Author: Yaron Schneider <schneider.yaron@live.com>
Date: Wed Feb 14 10:43:04 2024 -0800

* update tests

Signed-off-by: yaron2 <schneider.yaron@live.com>

---------

Signed-off-by: yaron2 <schneider.yaron@live.com>

diff --git a/tests/e2e/pubsub/pubsub_test.go b/tests/e2e/pubsub/pubsub_test.go
index c9b548143..dedd528c3 100644
--- a/tests/e2e/pubsub/pubsub_test.go
+++ b/tests/e2e/pubsub/pubsub_test.go
@@ -278,12 +278,7 @@ func testPublish(t *testing.T, publisherExternalURL string, protocol string) rec
require.NoError(t, err)
offset += numberOfMessagesToPublish + 1

- // Test bug where content-length metadata conflict makes message undeliverable in grpc subscriber.
- // We set an arbitrarily large number that it is unlikely to match the size of the payload daprd delivers.
- metadataContentLengthConflict := map[string]string{
- "content-length": "9999999",
- }
- sentTopicAMessages, err := sendToPublisher(t, publisherExternalURL, "pubsub-a-topic", protocol, metadataContentLengthConflict, "")
+ sentTopicAMessages, err := sendToPublisher(t, publisherExternalURL, "pubsub-a-topic", protocol, nil, "")
require.NoError(t, err)
offset += numberOfMessagesToPublish + 1

@@ -295,10 +290,10 @@ func testPublish(t *testing.T, publisherExternalURL string, protocol string) rec
require.NoError(t, err)
offset += numberOfMessagesToPublish + 1

- metadataRawPayload := map[string]string{
+ metadata := map[string]string{
"rawPayload": "true",
}
- sentTopicRawMessages, err := sendToPublisher(t, publisherExternalURL, "pubsub-raw-topic", protocol, metadataRawPayload, "")
+ sentTopicRawMessages, err := sendToPublisher(t, publisherExternalURL, "pubsub-raw-topic", protocol, metadata, "")
require.NoError(t, err)
offset += numberOfMessagesToPublish + 1

4 changes: 2 additions & 2 deletions .github/workflows/dapr-perf-components.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,7 @@ jobs:
id: setup-go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
go-version: '1.21.8'
- name: Login to Azure
if: env.CHECKOUT_REPO != ''
uses: azure/login@v1
Expand Down Expand Up @@ -367,7 +367,7 @@ jobs:
id: setup-go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
go-version: '1.21.8'
- uses: azure/setup-kubectl@v3
with:
version: ${{ env.KUBECTLVER }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/dapr-perf.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,7 +244,7 @@ jobs:
id: setup-go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
go-version: '1.21.8'
- name: Login to Azure
if: env.CHECKOUT_REPO != ''
uses: azure/login@v1
Expand Down Expand Up @@ -401,7 +401,7 @@ jobs:
id: setup-go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
go-version: '1.21.8'
- uses: azure/setup-kubectl@v3
with:
version: ${{ env.KUBECTLVER }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dapr-standalone-validation.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ jobs:
id: setup-go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
go-version: '1.21.8'
- name: Build Dapr's sidecar
run: |
git status
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/dapr-test-sdk.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ jobs:
id: setup-go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
go-version: '1.21.8'
- name: Checkout python-sdk repo to run tests.
uses: actions/checkout@v4
with:
Expand Down Expand Up @@ -232,7 +232,7 @@ jobs:
id: setup-go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
go-version: '1.21.8'
- name: Checkout java-sdk repo to run tests.
uses: actions/checkout@v4
with:
Expand Down Expand Up @@ -404,7 +404,7 @@ jobs:
id: setup-go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
go-version: '1.21.8'
- name: Checkout js-sdk repo to run tests.
uses: actions/checkout@v4
with:
Expand Down Expand Up @@ -526,7 +526,7 @@ jobs:
id: setup-go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
go-version: '1.21.8'
- name: Set up Python 3.9
uses: actions/setup-python@v4
with:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/dapr-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -278,7 +278,7 @@ jobs:
id: setup-go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
go-version: '1.21.8'
- name: Login to Azure
if: env.CHECKOUT_REPO != ''
uses: azure/login@v1
Expand Down Expand Up @@ -448,7 +448,7 @@ jobs:
id: setup-go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
go-version: '1.21.8'
- uses: azure/setup-kubectl@v3
with:
version: ${{ env.KUBECTLVER }}
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/dapr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ jobs:
id: setup-go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
go-version: '1.21.8'
- name: Check white space in .md files
if: github.event_name == 'pull_request'
run: |
Expand Down Expand Up @@ -132,7 +132,7 @@ jobs:
id: setup-go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
go-version: '1.21.8'
- name: Run make test
env:
COVERAGE_OPTS: "-coverprofile=coverage.txt -covermode=atomic"
Expand Down Expand Up @@ -176,7 +176,7 @@ jobs:
id: setup-go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
go-version: '1.21.8'
- name: Build binaries
run: make build
- name: Override DAPR_HOST_IP for MacOS
Expand Down Expand Up @@ -268,7 +268,7 @@ jobs:
id: setup-go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
go-version: '1.21.8'
- name: Parse release version and set REL_VERSION and LATEST_RELEASE
run: python ./.github/scripts/get_release_version.py ${{ github.event_name }}
- name: Updates version for sidecar flavor
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/kind-e2e.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ jobs:
id: setup-go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
go-version: '1.21.8'
- name: Configure KinD
# Generate a KinD configuration file that uses:
# (a) a couple of worker nodes: this is needed to run both
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/version-skew.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ jobs:
id: setup-go
uses: actions/setup-go@v4
with:
go-version-file: 'go.mod'
go-version: '1.21.8'

- name: Build & download binaries
run: |
Expand Down Expand Up @@ -296,7 +296,7 @@ jobs:
id: setup-go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
go-version: '1.21.8'
- name: Configure KinD
run: |
cat > kind.yaml <<EOF
Expand Down
9 changes: 5 additions & 4 deletions charts/dapr/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -194,10 +194,11 @@ The Helm chart has the follow configuration options that can be supplied:
| `dapr_sidecar_injector.injectorImage.name` | Docker image name for sidecar injector service (`global.registry/dapr_sidecar_injector.injectorImage.name`) | `dapr`|
| `dapr_sidecar_injector.webhookFailurePolicy` | Failure policy for the sidecar injector | `Ignore` |
| `dapr_sidecar_injector.runAsNonRoot` | Boolean value for `securityContext.runAsNonRoot` for the Sidecar Injector container itself. You may have to set this to `false` when running in Minikube | `true` |
| `dapr_sidecar_injector.sidecarRunAsNonRoot` | When this boolean value is true (the default), the injected sidecar containers have `runAsRoot: true`. You may have to set this to `false` when running Minikube | `true` |
| `dapr_sidecar_injector.sidecarReadOnlyRootFilesystem` | When this boolean value is true (the default), the injected sidecar containers have `readOnlyRootFilesystem: true` | `true` |
| `dapr_sidecar_injector.sidecarDropALLCapabilities` | When this boolean valus is true, the injected sidecar containers have `securityContext.capabilities.drop: ["ALL"]` | `false` |
| `dapr_sidecar_injector.allowedServiceAccounts` | String value for extra allowed service accounts in the format of `namespace1:serviceAccount1,namespace2:serviceAccount2` | `""` |
| `dapr_sidecar_injector.sidecarRunAsNonRoot` | When this boolean value is true (the default), the injected sidecar containers have `runAsRoot: true`. You may have to set this to `false` when running Minikube | `true` |
| `dapr_sidecar_injector.sidecarReadOnlyRootFilesystem` | When this boolean value is true (the default), the injected sidecar containers have `readOnlyRootFilesystem: true` | `true` |
| `dapr_sidecar_injector.enableK8sDownwardAPIs` | When set to true, uses the Kubernetes downward projection APIs to inject certain environmental variables (such as pod IP) into the daprd container. (default: `false`) | `true` |
| `dapr_sidecar_injector.sidecarDropALLCapabilities` | When this boolean valus is true, the injected sidecar containers have `securityContext.capabilities.drop: ["ALL"]` | `false` |
| `dapr_sidecar_injector.allowedServiceAccounts` | String value for extra allowed service accounts in the format of `namespace1:serviceAccount1,namespace2:serviceAccount2` | `""` |
| `dapr_sidecar_injector.allowedServiceAccountsPrefixNames` | Comma-separated list of extra allowed service accounts. Each item in the list should be in the format of namespace:serviceaccount. To match service accounts by a common prefix, you can add an asterisk (`*`) at the end of the prefix. For instance, ns1*:sa2* will match any service account that starts with sa2, whose namespace starts with ns1. For example, it will match service accounts like sa21 and sa2223 in namespaces such as ns1, ns1dapr, and so on. | `""` |
| `dapr_sidecar_injector.resources` | Value of `resources` attribute. Can be used to set memory/cpu resources/limits. See the section "Resource configuration" above. Defaults to empty | `{}` |
| `dapr_sidecar_injector.debug.enabled` | Boolean value for enabling debug mode | `{}` |
Expand Down
2 changes: 1 addition & 1 deletion charts/dapr/charts/dapr_placement/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ ports:
scaleZero: false
ha: false

maxActorApiLevel: -1
maxActorApiLevel: 10
minActorApiLevel: 0

cluster:
Expand Down
2 changes: 2 additions & 0 deletions charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,8 @@ spec:
# Configuration for injected sidecars
- name: SIDECAR_RUN_AS_NON_ROOT
value: {{ .Values.sidecarRunAsNonRoot | toString | toYaml }}
- name: ENABLE_K8S_DOWNWARD_APIS
value: {{ .Values.enableK8sDownwardAPIs | toString | toYaml }}
- name: SIDECAR_DROP_ALL_CAPABILITIES
value: {{ .Values.sidecarDropALLCapabilities | toString | toYaml }}
- name: SIDECAR_READ_ONLY_ROOT_FILESYSTEM
Expand Down
1 change: 1 addition & 0 deletions charts/dapr/charts/dapr_sidecar_injector/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ runAsNonRoot: true
sidecarRunAsNonRoot: true
sidecarReadOnlyRootFilesystem: true
sidecarDropALLCapabilities: false
enableK8sDownwardAPIs: false
allowedServiceAccounts: ""
allowedServiceAccountsPrefixNames: ""
resources: {}
Expand Down
6 changes: 5 additions & 1 deletion cmd/injector/app/app.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,11 +122,15 @@ func Run() {
if err != nil {
return rerr
}
requester := sentry.New(sentry.Options{
requester, derr := sentry.New(ctx, sentry.Options{
SentryAddress: cfg.SentryAddress,
SentryID: sentryID,
Security: sec,
})
if derr != nil {
return derr
}

return inj.Run(ctx,
sec.TLSServerConfigNoClientAuth(),
sentryID,
Expand Down
2 changes: 1 addition & 1 deletion cmd/placement/options/options.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ func New(origArgs []string) *Options {
fs.IntVar(&opts.HealthzPort, "healthz-port", defaultHealthzPort, "sets the HTTP port for the healthz server")
fs.BoolVar(&opts.TLSEnabled, "tls-enabled", false, "Should TLS be enabled for the placement gRPC server")
fs.BoolVar(&opts.MetadataEnabled, "metadata-enabled", opts.MetadataEnabled, "Expose the placement tables on the healthz server")
fs.IntVar(&opts.MaxAPILevel, "max-api-level", -1, "If set to >= 0, causes the reported 'api-level' in the cluster to never exceed this value")
fs.IntVar(&opts.MaxAPILevel, "max-api-level", 10, "If set to >= 0, causes the reported 'api-level' in the cluster to never exceed this value")
fs.IntVar(&opts.MinAPILevel, "min-api-level", 0, "Enforces a minimum 'api-level' in the cluster")
fs.IntVar(&opts.ReplicationFactor, "replicationFactor", defaultReplicationFactor, "sets the replication factor for actor distribution on vnodes")

Expand Down

0 comments on commit 1421069

Please sign in to comment.