service

package
v1.16.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 14, 2026 License: Apache-2.0 Imports: 36 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var AllowedServiceAccountInfos = []string{
	"kube-system:replicaset-controller",
	"kube-system:replication-controller",
	"kube-system:deployment-controller",
	"kube-system:cronjob-controller",
	"kube-system:job-controller",
	"kube-system:statefulset-controller",
	"kube-system:daemon-set-controller",
	"openshift-operator-lifecycle-manager:olm-operator-serviceaccount",
	"tekton-pipelines:tekton-pipelines-controller",

	"mirrord:mirrord-operator",
}

Functions

func AllowedControllersServiceAccountUID 

func AllowedControllersServiceAccountUID(ctx context.Context, cfg Config, kubeClient kubernetes.Interface) ([]string, error)

AllowedControllersServiceAccountUID returns an array of UID, list of allowed service account on the webhook handler.

func InitMetrics 

func InitMetrics() error

InitMetrics initialize the injector service metrics.

func RecordFailedSidecarInjectionCount 

func RecordFailedSidecarInjectionCount(appID, reason string)

RecordFailedSidecarInjectionCount records the number of failed sidecar injections.

func RecordSidecarInjectionRequestsCount 

func RecordSidecarInjectionRequestsCount()

RecordSidecarInjectionRequestsCount records the total number of sidecar injection requests.

func RecordSuccessfulSidecarInjectionCount 

func RecordSuccessfulSidecarInjectionCount(appID string)

RecordSuccessfulSidecarInjectionCount records the number of successful sidecar injections.

Types

type Config 

type Config struct {
	SidecarImage                      string `envconfig:"SIDECAR_IMAGE" required:"true"`
	SidecarImagePullPolicy            string `envconfig:"SIDECAR_IMAGE_PULL_POLICY"`
	Namespace                         string `envconfig:"NAMESPACE" required:"true"`
	KubeClusterDomain                 string `envconfig:"KUBE_CLUSTER_DOMAIN"`
	AllowedServiceAccounts            string `envconfig:"ALLOWED_SERVICE_ACCOUNTS"`
	AllowedServiceAccountsPrefixNames string `envconfig:"ALLOWED_SERVICE_ACCOUNTS_PREFIX_NAMES"`
	IgnoreEntrypointTolerations       string `envconfig:"IGNORE_ENTRYPOINT_TOLERATIONS"`
	ActorsEnabled                     string `envconfig:"ACTORS_ENABLED"`
	ActorsServiceName                 string `envconfig:"ACTORS_SERVICE_NAME"`
	ActorsServiceAddress              string `envconfig:"ACTORS_SERVICE_ADDRESS"`
	RemindersServiceName              string `envconfig:"REMINDERS_SERVICE_NAME"`
	RemindersServiceAddress           string `envconfig:"REMINDERS_SERVICE_ADDRESS"`
	RunAsNonRoot                      string `envconfig:"SIDECAR_RUN_AS_NON_ROOT"`
	RunAsUser                         string `envconfig:"SIDECAR_RUN_AS_USER"`
	RunAsGroup                        string `envconfig:"SIDECAR_RUN_AS_GROUP"`
	ReadOnlyRootFilesystem            string `envconfig:"SIDECAR_READ_ONLY_ROOT_FILESYSTEM"`
	EnableK8sDownwardAPIs             string `envconfig:"ENABLE_K8S_DOWNWARD_APIS"`
	SidecarDropALLCapabilities        string `envconfig:"SIDECAR_DROP_ALL_CAPABILITIES"`

	// TODO: @joshvanl: remove in v1.17
	SkipReminderMigration bool `envconfig:"DAPR_SKIP_REMINDER_MIGRATION" default:"false"`

	TrustAnchorsFile        string `envconfig:"DAPR_TRUST_ANCHORS_FILE"`
	ControlPlaneTrustDomain string `envconfig:"DAPR_CONTROL_PLANE_TRUST_DOMAIN"`
	SentryAddress           string `envconfig:"DAPR_SENTRY_ADDRESS"`
	// contains filtered or unexported fields
}

Config represents configuration options for the Dapr Sidecar Injector webhook server.

func GetConfig 

func GetConfig() (Config, error)

GetConfig returns configuration derived from environment variables.

func NewConfigWithDefaults 

func NewConfigWithDefaults() Config

NewConfigWithDefaults returns a Config object with default values already applied. Callers are then free to set custom values for the remaining fields and/or override default values.

func (Config) GetActorsEnabled added in v1.13.0 

func (c Config) GetActorsEnabled() bool

func (Config) GetActorsService added in v1.13.0 

func (c Config) GetActorsService() (string, patcher.Service)

func (Config) GetDropCapabilities 

func (c Config) GetDropCapabilities() bool

func (Config) GetEnableK8sDownwardAPIs added in v1.13.0 

func (c Config) GetEnableK8sDownwardAPIs() bool

func (Config) GetIgnoreEntrypointTolerations 

func (c Config) GetIgnoreEntrypointTolerations() []corev1.Toleration

func (Config) GetPullPolicy 

func (c Config) GetPullPolicy() corev1.PullPolicy

func (Config) GetReadOnlyRootFilesystem 

func (c Config) GetReadOnlyRootFilesystem() bool

func (Config) GetRemindersService added in v1.13.0 

func (c Config) GetRemindersService() (string, patcher.Service, bool)

GetRemindersService returns the configured reminders service. The returned boolean value will be false if the configuration uses the built-in reminders subsystem

func (Config) GetRunAsGroup added in v1.14.3 

func (c Config) GetRunAsGroup() *int64

func (Config) GetRunAsNonRoot 

func (c Config) GetRunAsNonRoot() bool

func (Config) GetRunAsUser added in v1.14.3 

func (c Config) GetRunAsUser() *int64

type Injector 

type Injector interface {
	Run(context.Context, *tls.Config, spiffeid.ID, currentTrustAnchorsFn) error
}

Injector is the interface for the Dapr runtime sidecar injection component.

func NewInjector 

func NewInjector(opts Options) (Injector, error)

NewInjector returns a new Injector instance with the given config.

type Options 

type Options struct {
	AuthUIDs      []string
	Config        Config
	DaprClient    scheme.Interface
	KubeClient    kubernetes.Interface
	Port          int
	ListenAddress string
	Healthz       healthz.Healthz

	ControlPlaneNamespace   string
	ControlPlaneTrustDomain string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.