Dapr arguments and annotations for daprd, CLI, and Kubernetes

The arguments and annotations available when configuring Dapr in different environments

This table is meant to help users understand the equivalent options for running Dapr sidecars in different contexts: via the CLI directly, via daprd, or on Kubernetes via annotations.

daprd Dapr CLI CLI shorthand Kubernetes annotations Description
--allowed-origins not supported not supported Allowed HTTP origins (default “*”)
--app-id --app-id -i dapr.io/app-id The unique ID of the application. Used for service discovery, state encapsulation and the pub/sub consumer ID
--app-port --app-port -p dapr.io/app-port This parameter tells Dapr which port your application is listening on
--components-path --components-path -d not supported Deprecated in favor of --resources-path
--resources-path --resources-path -d not supported Path for components directory. If empty, components will not be loaded.
--config --config -c dapr.io/config Tells Dapr which Configuration resource to use
--control-plane-address not supported not supported Address for a Dapr control plane
--dapr-grpc-port --dapr-grpc-port not supported gRPC port for the Dapr API to listen on (default “50001”)
--dapr-http-port --dapr-http-port not supported The HTTP port for the Dapr API
--dapr-http-max-request-size –dapr-http-max-request-size dapr.io/http-max-request-size Increasing max size of request body http and grpc servers parameter in MB to handle uploading of big files. Default is 4 MB
--dapr-http-read-buffer-size –dapr-http-read-buffer-size dapr.io/http-read-buffer-size Increasing max size of http header read buffer in KB to handle when sending multi-KB headers. The default 4 KB. When sending bigger than default 4KB http headers, you should set this to a larger value, for example 16 (for 16KB)
not supported --image dapr.io/sidecar-image Dapr sidecar image. Default is daprio/daprd:latest. The Dapr sidecar uses this image instead of the latest default image. Use this when building your own custom image of Dapr and or using an alternative stable Dapr image
--internal-grpc-port not supported not supported gRPC port for the Dapr Internal API to listen on
--enable-metrics not supported configuration spec Enable prometheus metric (default true)
--enable-mtls not supported configuration spec Enables automatic mTLS for daprd to daprd communication channels
--enable-profiling --enable-profiling dapr.io/enable-profiling Enable profiling
--unix-domain-socket --unix-domain-socket -u dapr.io/unix-domain-socket-path The parent directory of socket file. On Linux, when communicating with the Dapr sidecar, use unix domain sockets for lower latency and greater throughput compared to TCP ports. Not available on Windows OS.
--log-as-json not supported dapr.io/log-as-json Setting this parameter to true outputs logs in JSON format. Default is false
--log-level --log-level dapr.io/log-level Sets the log level for the Dapr sidecar. Allowed values are debug, info, warn, error. Default is info
--enable-api-logging --enable-api-logging dapr.io/enable-api-logging Enables API logging for the Dapr sidecar
--app-max-concurrency --app-max-concurrency dapr.io/app-max-concurrency Limit the concurrency of your application. A valid value is any number larger than 0
--metrics-port --metrics-port dapr.io/metrics-port Sets the port for the sidecar metrics server. Default is 9090
--mode not supported not supported Runtime hosting option mode for Dapr, either "standalone" or "kubernetes" (default "standalone"). Learn more.
--placement-host-address --placement-host-address dapr.io/placement-host-address Comma separated list of addresses for Dapr Actor Placement servers. When no annotation is set, the default value is set by the Sidecar Injector. When the annotation is set and the value is empty, the sidecar does not connect to Placement server. This can be used when there are no actors running in the sidecar. When the annotation is set and the value is not empty, the sidecar connects to the configured address. For example: 127.0.0.1:50057,127.0.0.1:50058
--scheduler-host-address --scheduler-host-address dapr.io/scheduler-host-address Comma separated list of addresses for Dapr Scheduler servers. When no annotation is set, the default value is set by the Sidecar Injector. When the annotation is set and the value is empty, the sidecar does not connect to Scheduler server. When the annotation is set and the value is not empty, the sidecar connects to the configured address. For example: 127.0.0.1:50055,127.0.0.1:50056
--actors-service not supported not supported Configuration for the service that offers actor placement information. The format is <name>:<address>. For example, setting this value to placement:127.0.0.1:50057,127.0.0.1:50058 is an alternative to using the --placement-host-address flag.
--reminders-service not supported not supported Configuration for the service that enables actor reminders. The format is <name>[:<address>]. Currently, the only supported value is "default" (which is also the default value), which uses the built-in reminders subsystem in the Dapr sidecar.
--profiling-port --profiling-port not supported The port for the profile server (default 7777)
--app-protocol --app-protocol -P dapr.io/app-protocol Configures the protocol Dapr uses to communicate with your app. Valid options are http, grpc, https (HTTP with TLS), grpcs (gRPC with TLS), h2c (HTTP/2 Cleartext). Note that Dapr does not validate TLS certificates presented by the app. Default is http
--enable-app-health-check --enable-app-health-check dapr.io/enable-app-health-check Boolean that enables the health checks. Default is false.
--app-health-check-path --app-health-check-path dapr.io/app-health-check-path Path that Dapr invokes for health probes when the app channel is HTTP (this value is ignored if the app channel is using gRPC). Requires app health checks to be enabled. Default is /healthz.
--app-health-probe-interval --app-health-probe-interval dapr.io/app-health-probe-interval Number of seconds between each health probe. Requires app health checks to be enabled. Default is 5
--app-health-probe-timeout --app-health-probe-timeout dapr.io/app-health-probe-timeout Timeout in milliseconds for health probe requests. Requires app health checks to be enabled. Default is 500
--app-health-threshold --app-health-threshold dapr.io/app-health-threshold" Max number of consecutive failures before the app is considered unhealthy. Requires app health checks to be enabled. Default is 3
--sentry-address --sentry-address not supported Address for the Sentry CA service
--version --version -v not supported Prints the runtime version
--dapr-graceful-shutdown-seconds not supported dapr.io/graceful-shutdown-seconds Graceful shutdown duration in seconds for Dapr, the maximum duration before forced shutdown when waiting for all in-progress requests to complete. Defaults to 5. If you are running in Kubernetes mode, this value should not be larger than the Kubernetes termination grace period, who’s default value is 30.
--dapr-block-shutdown-duration not supported dapr.io/block-shutdown-duration Block shutdown duration, if set, blocks the graceful shutdown procedure (as described above) from starting until the given duration has elapsed or the application becomes unhealthy as configured through application health options. This is useful for applications that need to execute Dapr APIs during their own termination procedure. Any new invocations of any Dapr APIs are not available to the application once the block has expired. Accepts Go duration string.
not supported not supported dapr.io/enabled Setting this paramater to true injects the Dapr sidecar into the pod
not supported not supported dapr.io/api-token-secret Tells Dapr which Kubernetes secret to use for token-based API authentication. By default this is not set
not supported not supported dapr.io/app-token-secret Tells Dapr which Kubernetes secret to use for token-based application authentication. By default, this is not set
--dapr-listen-addresses not supported dapr.io/sidecar-listen-addresses Comma separated list of IP addresses that sidecar will listen to. Defaults to all in standalone mode. Defaults to [::1],127.0.0.1 in Kubernetes. To listen to all IPv4 addresses, use 0.0.0.0. To listen to all IPv6 addresses, use [::].
not supported not supported dapr.io/sidecar-cpu-limit Maximum amount of CPU that the Dapr sidecar can use. See valid values here. By default this is not set
not supported not supported dapr.io/sidecar-memory-limit Maximum amount of Memory that the Dapr sidecar can use. See valid values here. By default this is not set
not supported not supported dapr.io/sidecar-cpu-request Amount of CPU that the Dapr sidecar requests. See valid values here. By default this is not set
not supported not supported dapr.io/sidecar-memory-request Amount of Memory that the Dapr sidecar requests .See valid values here. By default this is not set
not supported not supported dapr.io/sidecar-liveness-probe-delay-seconds Number of seconds after the sidecar container has started before liveness probe is initiated. Read more here. Default is 3
not supported not supported dapr.io/sidecar-liveness-probe-timeout-seconds Number of seconds after which the sidecar liveness probe times out. Read more here. Default is 3
not supported not supported dapr.io/sidecar-liveness-probe-period-seconds How often (in seconds) to perform the sidecar liveness probe. Read more here. Default is 6
not supported not supported dapr.io/sidecar-liveness-probe-threshold When the sidecar liveness probe fails, Kubernetes will try N times before giving up. In this case, the Pod will be marked Unhealthy. Read more about failureThreshold here. Default is 3
not supported not supported dapr.io/sidecar-readiness-probe-delay-seconds Number of seconds after the sidecar container has started before readiness probe is initiated. Read more here. Default is 3
not supported not supported dapr.io/sidecar-readiness-probe-timeout-seconds Number of seconds after which the sidecar readiness probe times out. Read more here. Default is 3
not supported not supported dapr.io/sidecar-readiness-probe-period-seconds How often (in seconds) to perform the sidecar readiness probe. Read more here. Default is 6
not supported not supported dapr.io/sidecar-readiness-probe-threshold When the sidecar readiness probe fails, Kubernetes will try N times before giving up. In this case, the Pod will be marked Unready. Read more about failureThreshold here. Default is 3
not supported not supported dapr.io/env List of environment variable to be injected into the sidecar. Strings consisting of key=value pairs separated by a comma.
not supported not supported dapr.io/volume-mounts List of pod volumes to be mounted to the sidecar container in read-only mode. Strings consisting of volume:path pairs separated by a comma. Example, "volume-1:/tmp/mount1,volume-2:/home/root/mount2".
not supported not supported dapr.io/volume-mounts-rw List of pod volumes to be mounted to the sidecar container in read-write mode. Strings consisting of volume:path pairs separated by a comma. Example, "volume-1:/tmp/mount1,volume-2:/home/root/mount2".
--disable-builtin-k8s-secret-store not supported dapr.io/disable-builtin-k8s-secret-store Disables BuiltIn Kubernetes secret store. Default value is false. See Kubernetes secret store component for details.
not supported not supported dapr.io/sidecar-seccomp-profile-type Set the sidecar container’s securityContext.seccompProfile.type to Unconfined, RuntimeDefault, or Localhost. By default, this annotation is not set on the Dapr sidecar, hence the field is omitted from sidecar container.

Last modified June 17, 2024: updates per cassie pt2 (47e185dc)