dapr · hhunter-ms · Sep 12, 2024 · Sep 4, 2024 · Sep 7, 2024 · Sep 11, 2024
@@ -8,27 +8,33 @@ description: "The basic spec for a Dapr component"
 
 Dapr defines and registers components using a [resource specifications](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/). All components are defined as a resource and can be applied to any hosting environment where Dapr is running, not just Kubernetes.
 
+Typically, components are restricted to a particular [namepsace]({{< ref isolation-concept.md >}}) and restricted access through scopes to any particular set of applications. The namespace is either explicit on the component manifest itself, or set by the API server, which derives the namespace through context with applying to Kubernetes. 
+
+{{% alert title="Note" color="primary" %}}
+The exception to this rule is in self-hosted mode, where daprd ingests component resources when the namespace field is omitted. However, the security profile is mute, as daprd has access to the manifest anyway, unlike in Kubernetes.
+{{% /alert %}}
+
 ## Format
 
 ```yaml
 apiVersion: dapr.io/v1alpha1
 kind: Component
 auth: 
- secretstore: [SECRET-STORE-NAME]
+ secretstore: <REPLACE-WITH-SECRET-STORE-NAME>
 metadata:
-  name: [COMPONENT-NAME]
-  namespace: [COMPONENT-NAMESPACE]
+  name: <REPLACE-WITH-COMPONENT-NAME>
+  namespace: <REPLACE-WITH-COMPONENT-NAMESPACE>
 spec:
-  type: [COMPONENT-TYPE]
+  type: <REPLACE-WITH-COMPONENT-TYPE>
   version: v1
-  initTimeout: [TIMEOUT-DURATION]
-  ignoreErrors: [BOOLEAN]
+  initTimeout: <REPLACE-WITH-TIMEOUT-DURATION>
+  ignoreErrors: <REPLACE-WITH-BOOLEAN>
   metadata:
-  - name: [METADATA-NAME]
-    value: [METADATA-VALUE]
+  - name: <REPLACE-WITH-METADATA-NAME>
+    value: <REPLACE-WITH-METADATA-VALUE>
 scopes:
-  - [APPID]
-  - [APPID]
+  - <REPLACE-WITH-APPID>
+  - <REPLACE-WITH-APPID>
 ```
 
 ## Spec fields

@@ -10,6 +10,10 @@ aliases:
 
 The `HTTPEndpoint` is a Dapr resource that is used to enable the invocation of non-Dapr endpoints from a Dapr application.
 
+{{% alert title="Note" color="primary" %}}
+Any HTTPEndpoint resource can be restricted to a particular [namepsace]({{< ref isolation-concept.md >}}) and restricted access through scopes to any particular set of applications.
+{{% /alert %}}
+
 ## Format
 
 ```yaml

@@ -8,6 +8,10 @@ description: "The basic spec for a Dapr resiliency resource"
 
 The `Resiliency` Dapr resource allows you to define and apply fault tolerance resiliency policies. Resiliency specs are applied when the Dapr sidecar starts. 
 
+{{% alert title="Note" color="primary" %}}
+Any resiliency resource can be restricted to a particular [namepsace]({{< ref isolation-concept.md >}}) and restricted access through scopes to any particular set of applications.
+{{% /alert %}}
+
 ## Format
 
 ```yml

@@ -6,7 +6,13 @@ weight: 2000
 description: "The basic spec for a Dapr subscription"
 ---
 
-The `Subscription` Dapr resource allows you to subscribe declaratively to a topic using an external component YAML file. This guide demonstrates two subscription API versions:
+The `Subscription` Dapr resource allows you to subscribe declaratively to a topic using an external component YAML file. 
+
+{{% alert title="Note" color="primary" %}}
+Any subscription can be restricted to a particular [namepsace]({{< ref isolation-concept.md >}}) and restricted access through scopes to any particular set of applications.
+{{% /alert %}}
+
+This guide demonstrates two subscription API versions:
 
 - `v2alpha` (default spec)
 - `v1alpha1` (deprecated)