Configuration spec

The basic spec for a Dapr Configuration resource

The Configuration is a Dapr resource that is used to configure the Dapr sidecar, control plane, and others.

Sidecar format

apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
  name: <REPLACE-WITH-NAME>
  namespace: <REPLACE-WITH-NAMESPACE>
spec:
  api:
    allowed:
      - name: <REPLACE-WITH-API>
        version: <VERSION>
        protocol: <HTTP-OR-GRPC>
  tracing:
    samplingRate: <REPLACE-WITH-INTEGER>
    stdout: true
    otel:
      endpointAddress: <REPLACE-WITH-ENDPOINT-ADDRESS>
      isSecure: <TRUE-OR-FALSE>
      protocol: <HTTP-OR-GRPC>
  metrics:
    enabled: <TRUE-OR-FALSE>
    rules:
      - name: <METRIC-NAME>
        labels:
          - name: <LABEL-NAME>
            regex: {}
    recordErrorCodes: <TRUE-OR-FALSE>
    latencyDistributionBuckets:
      - <BUCKET-VALUE-MS-0>
      - <BUCKET-VALUE-MS-1>
    http:
      increasedCardinality: <TRUE-OR-FALSE>
      pathMatching: 
        - <PATH-A>
        - <PATH-B>
      excludeVerbs: <TRUE-OR-FALSE>
  httpPipeline: # for incoming http calls
    handlers:
      - name: <HANDLER-NAME>
        type: <HANDLER-TYPE>
  appHttpPipeline: # for outgoing http calls
    handlers:
      - name: <HANDLER-NAME>
        type: <HANDLER-TYPE>
  nameResolution:
    component: <NAME-OF-NAME-RESOLUTION-COMPONENT>
    version: <NAME-RESOLUTION-COMPONENT-VERSION>
    configuration:
     <NAME-RESOLUTION-COMPONENT-METADATA-CONFIGURATION>
  secrets:
    scopes:
      - storeName: <NAME-OF-SCOPED-STORE>
        defaultAccess: <ALLOW-OR-DENY>
        deniedSecrets: <REPLACE-WITH-DENIED-SECRET>
  components:
    deny:
      - <COMPONENT-TO-DENY>
  accessControl:
    defaultAction: <ALLOW-OR-DENY>
    trustDomain: <REPLACE-WITH-TRUST-DOMAIN>
    policies:
      - appId: <APP-NAME>
        defaultAction: <ALLOW-OR-DENY>
        trustDomain: <REPLACE-WITH-TRUST-DOMAIN>
        namespace: "default"
        operations:
          - name: <OPERATION-NAME>
            httpVerb: ['POST', 'GET']
            action: <ALLOW-OR-DENY>

Spec fields

Field Required Details Example
accessControl N Applied to Dapr sidecar for the called application. Enables the configuration of policies that restrict what operations calling applications can perform (via service invocation) on the called appliaction. Learn more about the accessControl configuration.
api N Used to enable only the Dapr sidecar APIs used by the application. Learn more about the api configuration.
httpPipeline N Configure API middleware pipelines Middleware pipeline configuration overview
Learn more about the httpPipeline configuration.
appHttpPipeline N Configure application middleware pipelines Middleware pipeline configuration overview
Learn more about the appHttpPipeline configuration.
components N Used to specify a denylist of component types that can’t be initialized. Learn more about the components configuration.
features N Defines the preview features that are enabled/disabled. Learn more about the features configuration.
logging N Configure how logging works in the Dapr runtime. Learn more about the logging configuration.
metrics N Enable or disable metrics for an application. Learn more about the metrics configuration.
nameResolution N Name resolution configuration spec for the service invocation building block. Learn more about the nameResolution configuration per components.
secrets N Limit the secrets to which your Dapr application has access. Learn more about the secrets configuration.
tracing N Turns on tracing for an application. Learn more about the tracing configuration.

Control plane format

The daprsystem configuration file installed with Dapr applies global settings and is only set up when Dapr is deployed to Kubernetes.

apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
  name: daprsystem
  namespace: default
spec:
  mtls:
    enabled: true
    allowedClockSkew: 15m
    workloadCertTTL: 24h

Spec fields

Field Required Details Example
mtls N Defines the mTLS configuration allowedClockSkew: 15m
workloadCertTTL:24h
Learn more about the mtls configuration.

Last modified December 13, 2024: overview draft (78f427d9)