Skip to content

Commit

Permalink
Merge pull request dapr#4339 from hhunter-ms/issue_4117
Browse files Browse the repository at this point in the history
[Resource specs] Add note about namespacing
  • Loading branch information
hhunter-ms authored Sep 12, 2024
2 parents 6ee5968 + c8c99e3 commit d4f29cb
Show file tree
Hide file tree
Showing 4 changed files with 31 additions and 11 deletions.
26 changes: 16 additions & 10 deletions daprdocs/content/en/reference/resource-specs/component-schema.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,27 +8,33 @@ description: "The basic spec for a Dapr component"

Dapr defines and registers components using a [resource specifications](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/). All components are defined as a resource and can be applied to any hosting environment where Dapr is running, not just Kubernetes.

Typically, components are restricted to a particular [namepsace]({{< ref isolation-concept.md >}}) and restricted access through scopes to any particular set of applications. The namespace is either explicit on the component manifest itself, or set by the API server, which derives the namespace through context with applying to Kubernetes.

{{% alert title="Note" color="primary" %}}
The exception to this rule is in self-hosted mode, where daprd ingests component resources when the namespace field is omitted. However, the security profile is mute, as daprd has access to the manifest anyway, unlike in Kubernetes.
{{% /alert %}}

## Format

```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
auth:
secretstore: [SECRET-STORE-NAME]
secretstore: <REPLACE-WITH-SECRET-STORE-NAME>
metadata:
name: [COMPONENT-NAME]
namespace: [COMPONENT-NAMESPACE]
name: <REPLACE-WITH-COMPONENT-NAME>
namespace: <REPLACE-WITH-COMPONENT-NAMESPACE>
spec:
type: [COMPONENT-TYPE]
type: <REPLACE-WITH-COMPONENT-TYPE>
version: v1
initTimeout: [TIMEOUT-DURATION]
ignoreErrors: [BOOLEAN]
initTimeout: <REPLACE-WITH-TIMEOUT-DURATION>
ignoreErrors: <REPLACE-WITH-BOOLEAN>
metadata:
- name: [METADATA-NAME]
value: [METADATA-VALUE]
- name: <REPLACE-WITH-METADATA-NAME>
value: <REPLACE-WITH-METADATA-VALUE>
scopes:
- [APPID]
- [APPID]
- <REPLACE-WITH-APPID>
- <REPLACE-WITH-APPID>
```
## Spec fields
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,10 @@ aliases:

The `HTTPEndpoint` is a Dapr resource that is used to enable the invocation of non-Dapr endpoints from a Dapr application.

{{% alert title="Note" color="primary" %}}
Any HTTPEndpoint resource can be restricted to a particular [namepsace]({{< ref isolation-concept.md >}}) and restricted access through scopes to any particular set of applications.
{{% /alert %}}

## Format

```yaml
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@ description: "The basic spec for a Dapr resiliency resource"

The `Resiliency` Dapr resource allows you to define and apply fault tolerance resiliency policies. Resiliency specs are applied when the Dapr sidecar starts.

{{% alert title="Note" color="primary" %}}
Any resiliency resource can be restricted to a particular [namepsace]({{< ref isolation-concept.md >}}) and restricted access through scopes to any particular set of applications.
{{% /alert %}}

## Format

```yml
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,13 @@ weight: 2000
description: "The basic spec for a Dapr subscription"
---

The `Subscription` Dapr resource allows you to subscribe declaratively to a topic using an external component YAML file. This guide demonstrates two subscription API versions:
The `Subscription` Dapr resource allows you to subscribe declaratively to a topic using an external component YAML file.

{{% alert title="Note" color="primary" %}}
Any subscription can be restricted to a particular [namepsace]({{< ref isolation-concept.md >}}) and restricted access through scopes to any particular set of applications.
{{% /alert %}}

This guide demonstrates two subscription API versions:

- `v2alpha` (default spec)
- `v1alpha1` (deprecated)
Expand Down

0 comments on commit d4f29cb

Please sign in to comment.