Configuration spec
The basic spec for a Dapr Configuration resource
The Configuration
is a Dapr resource that is used to configure the Dapr sidecar, control plane, and others.
Sidecar format
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
name: <REPLACE-WITH-NAME>
namespace: <REPLACE-WITH-NAMESPACE>
spec:
api:
allowed:
- name: <REPLACE-WITH-API>
version: <VERSION>
protocol: <HTTP-OR-GRPC>
tracing:
samplingRate: <REPLACE-WITH-INTEGER>
stdout: true
otel:
endpointAddress: <REPLACE-WITH-ENDPOINT-ADDRESS>
isSecure: <TRUE-OR-FALSE>
protocol: <HTTP-OR-GRPC>
metrics:
enabled: <TRUE-OR-FALSE>
rules:
- name: <METRIC-NAME>
labels:
- name: <LABEL-NAME>
regex: {}
recordErrorCodes: <TRUE-OR-FALSE>
latencyDistributionBuckets:
- <BUCKET-VALUE-MS-0>
- <BUCKET-VALUE-MS-1>
http:
increasedCardinality: <TRUE-OR-FALSE>
pathMatching:
- <PATH-A>
- <PATH-B>
excludeVerbs: <TRUE-OR-FALSE>
httpPipeline: # for incoming http calls
handlers:
- name: <HANDLER-NAME>
type: <HANDLER-TYPE>
appHttpPipeline: # for outgoing http calls
handlers:
- name: <HANDLER-NAME>
type: <HANDLER-TYPE>
nameResolution:
component: <NAME-OF-NAME-RESOLUTION-COMPONENT>
version: <NAME-RESOLUTION-COMPONENT-VERSION>
configuration:
<NAME-RESOLUTION-COMPONENT-METADATA-CONFIGURATION>
secrets:
scopes:
- storeName: <NAME-OF-SCOPED-STORE>
defaultAccess: <ALLOW-OR-DENY>
deniedSecrets: <REPLACE-WITH-DENIED-SECRET>
components:
deny:
- <COMPONENT-TO-DENY>
accessControl:
defaultAction: <ALLOW-OR-DENY>
trustDomain: <REPLACE-WITH-TRUST-DOMAIN>
policies:
- appId: <APP-NAME>
defaultAction: <ALLOW-OR-DENY>
trustDomain: <REPLACE-WITH-TRUST-DOMAIN>
namespace: "default"
operations:
- name: <OPERATION-NAME>
httpVerb: ['POST', 'GET']
action: <ALLOW-OR-DENY>
Spec fields
Field | Required | Details | Example |
---|---|---|---|
accessControl | N | Applied to Dapr sidecar for the called application. Enables the configuration of policies that restrict what operations calling applications can perform (via service invocation) on the called appliaction. | Learn more about the accessControl configuration. |
api | N | Used to enable only the Dapr sidecar APIs used by the application. | Learn more about the api configuration. |
httpPipeline | N | Configure API middleware pipelines | Middleware pipeline configuration overview Learn more about the httpPipeline configuration. |
appHttpPipeline | N | Configure application middleware pipelines | Middleware pipeline configuration overview Learn more about the appHttpPipeline configuration. |
components | N | Used to specify a denylist of component types that can’t be initialized. | Learn more about the components configuration. |
features | N | Defines the preview features that are enabled/disabled. | Learn more about the features configuration. |
logging | N | Configure how logging works in the Dapr runtime. | Learn more about the logging configuration. |
metrics | N | Enable or disable metrics for an application. | Learn more about the metrics configuration. |
nameResolution | N | Name resolution configuration spec for the service invocation building block. | Learn more about the nameResolution configuration per components. |
secrets | N | Limit the secrets to which your Dapr application has access. | Learn more about the secrets configuration. |
tracing | N | Turns on tracing for an application. | Learn more about the tracing configuration. |
Control plane format
The daprsystem
configuration file installed with Dapr applies global settings and is only set up when Dapr is deployed to Kubernetes.
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
name: daprsystem
namespace: default
spec:
mtls:
enabled: true
allowedClockSkew: 15m
workloadCertTTL: 24h
Spec fields
Field | Required | Details | Example |
---|---|---|---|
mtls | N | Defines the mTLS configuration | allowedClockSkew: 15m workloadCertTTL:24h Learn more about the mtls configuration. |
Related links
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified December 13, 2024: overview draft (78f427d9)