Configuration spec

The basic spec for a Dapr Configuration resource

The Configuration is a Dapr resource that is used to configure the Dapr sidecar, control plane, and others.

Sidecar format

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Configuration
  3. metadata:
  4. name: <REPLACE-WITH-NAME>
  5. namespace: <REPLACE-WITH-NAMESPACE>
  6. spec:
  7. api:
  8. allowed:
  9. - name: <REPLACE-WITH-API>
  10. version: <VERSION>
  11. protocol: <HTTP-OR-GRPC>
  12. tracing:
  13. samplingRate: <REPLACE-WITH-INTEGER>
  14. stdout: true
  15. otel:
  16. endpointAddress: <REPLACE-WITH-ENDPOINT-ADDRESS>
  17. isSecure: <TRUE-OR-FALSE>
  18. protocol: <HTTP-OR-GRPC>
  19. metrics:
  20. enabled: <TRUE-OR-FALSE>
  21. rules:
  22. - name: <METRIC-NAME>
  23. labels:
  24. - name: <LABEL-NAME>
  25. regex: {}
  26. http:
  27. increasedCardinality: <TRUE-OR-FALSE>
  28. httpPipeline: # for incoming http calls
  29. handlers:
  30. - name: <HANDLER-NAME>
  31. type: <HANDLER-TYPE>
  32. appHttpPipeline: # for outgoing http calls
  33. handlers:
  34. - name: <HANDLER-NAME>
  35. type: <HANDLER-TYPE>
  36. nameResolution:
  37. component: <NAME-OF-NAME-RESOLUTION-COMPONENT>
  38. version: <NAME-RESOLUTION-COMPONENT-VERSION>
  39. configuration:
  40. <NAME-RESOLUTION-COMPONENT-METADATA-CONFIGURATION>
  41. secrets:
  42. scopes:
  43. - storeName: <NAME-OF-SCOPED-STORE>
  44. defaultAccess: <ALLOW-OR-DENY>
  45. deniedSecrets: <REPLACE-WITH-DENIED-SECRET>
  46. components:
  47. deny:
  48. - <COMPONENT-TO-DENY>
  49. accessControl:
  50. defaultAction: <ALLOW-OR-DENY>
  51. trustDomain: <REPLACE-WITH-TRUST-DOMAIN>
  52. policies:
  53. - appId: <APP-NAME>
  54. defaultAction: <ALLOW-OR-DENY>
  55. trustDomain: <REPLACE-WITH-TRUST-DOMAIN>
  56. namespace: "default"
  57. operations:
  58. - name: <OPERATION-NAME>
  59. httpVerb: ['POST', 'GET']
  60. action: <ALLOW-OR-DENY>

Spec fields

FieldRequiredDetailsExample
accessControlNApplied to Dapr sidecar for the called application. Enables the configuration of policies that restrict what operations calling applications can perform (via service invocation) on the called appliaction.Learn more about the accessControl configuration.
apiNUsed to enable only the Dapr sidecar APIs used by the application.Learn more about the api configuration.
httpPipelineNConfigure API middleware pipelinesMiddleware pipeline configuration overview
Learn more about the httpPipeline configuration.
appHttpPipelineNConfigure application middleware pipelinesMiddleware pipeline configuration overview
Learn more about the appHttpPipeline configuration.
componentsNUsed to specify a denylist of component types that can’t be initialized.Learn more about the components configuration.
featuresNDefines the preview features that are enabled/disabled.Learn more about the features configuration.
loggingNConfigure how logging works in the Dapr runtime.Learn more about the logging configuration.
metricsNEnable or disable metrics for an application.Learn more about the metrics configuration.
nameResolutionNName resolution configuration spec for the service invocation building block.Learn more about the nameResolution configuration per components.
secretsNLimit the secrets to which your Dapr application has access.Learn more about the secrets configuration.
tracingNTurns on tracing for an application.Learn more about the tracing configuration.

Control plane format

The daprsystem configuration file installed with Dapr applies global settings and is only set up when Dapr is deployed to Kubernetes.

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Configuration
  3. metadata:
  4. name: daprsystem
  5. namespace: default
  6. spec:
  7. mtls:
  8. enabled: true
  9. allowedClockSkew: 15m
  10. workloadCertTTL: 24h

Spec fields

FieldRequiredDetailsExample
mtlsNDefines the mTLS configurationallowedClockSkew: 15m
workloadCertTTL:24h
Learn more about the mtls configuration.

Last modified March 21, 2024: Merge pull request #4082 from newbe36524/v1.13 (f4b0938)