Dapr arguments and annotations for daprd, CLI, and Kubernetes
The arguments and annotations available when configuring Dapr in different environments
This table is meant to help users understand the equivalent options for running Dapr sidecars in different contexts: via the CLI directly, via daprd, or on Kubernetes via annotations.
daprd | Dapr CLI | CLI shorthand | Kubernetes annotations | Description |
---|---|---|---|---|
—allowed-origins | not supported | not supported | Allowed HTTP origins (default “*”) | |
—app-id | —app-id | -i | dapr.io/app-id | The unique ID of the application. Used for service discovery, state encapsulation and the pub/sub consumer ID |
—app-port | —app-port | -p | dapr.io/app-port | This parameter tells Dapr which port your application is listening on |
—components-path | —components-path | -d | not supported | Deprecated in favor of —resources-path |
—resources-path | —resources-path | -d | not supported | Path for components directory. If empty, components will not be loaded. |
—config | —config | -c | dapr.io/config | Tells Dapr which Configuration resource to use |
—control-plane-address | not supported | not supported | Address for a Dapr control plane | |
—dapr-grpc-port | —dapr-grpc-port | not supported | gRPC port for the Dapr API to listen on (default “50001”) | |
—dapr-http-port | —dapr-http-port | not supported | The HTTP port for the Dapr API | |
—dapr-http-max-request-size | –dapr-http-max-request-size | dapr.io/http-max-request-size | Increasing max size of request body http and grpc servers parameter in MB to handle uploading of big files. Default is 4 MB | |
—dapr-http-read-buffer-size | –dapr-http-read-buffer-size | dapr.io/http-read-buffer-size | Increasing max size of http header read buffer in KB to handle when sending multi-KB headers. The default 4 KB. When sending bigger than default 4KB http headers, you should set this to a larger value, for example 16 (for 16KB) | |
not supported | —image | dapr.io/sidecar-image | Dapr sidecar image. Default is daprio/daprd:latest. The Dapr sidecar uses this image instead of the latest default image. Use this when building your own custom image of Dapr and or using an alternative stable Dapr image | |
—internal-grpc-port | not supported | not supported | gRPC port for the Dapr Internal API to listen on | |
—enable-metrics | not supported | configuration spec | Enable prometheus metric (default true) | |
—enable-mtls | not supported | configuration spec | Enables automatic mTLS for daprd to daprd communication channels | |
—enable-profiling | —enable-profiling | dapr.io/enable-profiling | Enable profiling | |
—unix-domain-socket | —unix-domain-socket | -u | dapr.io/unix-domain-socket-path | The parent directory of socket file. On Linux, when communicating with the Dapr sidecar, use unix domain sockets for lower latency and greater throughput compared to TCP ports. Not available on Windows OS. |
—log-as-json | not supported | dapr.io/log-as-json | Setting this parameter to true outputs logs in JSON format. Default is false | |
—log-level | —log-level | dapr.io/log-level | Sets the log level for the Dapr sidecar. Allowed values are debug , info , warn , error . Default is info | |
—enable-api-logging | —enable-api-logging | dapr.io/enable-api-logging | Enables API logging for the Dapr sidecar | |
—app-max-concurrency | —app-max-concurrency | dapr.io/app-max-concurrency | Limit the concurrency of your application. A valid value is any number larger than 0 | |
—metrics-port | —metrics-port | dapr.io/metrics-port | Sets the port for the sidecar metrics server. Default is 9090 | |
—mode | not supported | not supported | Runtime hosting option mode for Dapr, either “standalone” or “kubernetes” (default “standalone” ). Learn more. | |
—placement-host-address | —placement-host-address | dapr.io/placement-host-address | Comma separated list of addresses for Dapr Actor Placement servers. When no annotation is set, the default value is set by the Sidecar Injector. When the annotation is set and the value is empty, the sidecar does not connect to Placement server. This can be used when there are no actors running in the sidecar. When the annotation is set and the value is not empty, the sidecar connects to the configured address. For example: 127.0.0.1:50057,127.0.0.1:50058 | |
—actors-service | not supported | not supported | Configuration for the service that offers actor placement information. The format is <name>:<address> . For example, setting this value to placement:127.0.0.1:50057,127.0.0.1:50058 is an alternative to using the —placement-host-address flag. | |
—reminders-service | not supported | not supported | Configuration for the service that enables actor reminders. The format is <name>[:<address>] . Currently, the only supported value is “default” (which is also the default value), which uses the built-in reminders subsystem in the Dapr sidecar. | |
—profiling-port | —profiling-port | not supported | The port for the profile server (default 7777 ) | |
—app-protocol | —app-protocol | -P | dapr.io/app-protocol | Configures the protocol Dapr uses to communicate with your app. Valid options are http , grpc , https (HTTP with TLS), grpcs (gRPC with TLS), h2c (HTTP/2 Cleartext). Note that Dapr does not validate TLS certificates presented by the app. Default is http |
—enable-app-health-check | —enable-app-health-check | dapr.io/enable-app-health-check | Boolean that enables the health checks. Default is false . | |
—app-health-check-path | —app-health-check-path | dapr.io/app-health-check-path | Path that Dapr invokes for health probes when the app channel is HTTP (this value is ignored if the app channel is using gRPC). Requires app health checks to be enabled. Default is /healthz . | |
—app-health-probe-interval | —app-health-probe-interval | dapr.io/app-health-probe-interval | Number of seconds between each health probe. Requires app health checks to be enabled. Default is 5 | |
—app-health-probe-timeout | —app-health-probe-timeout | dapr.io/app-health-probe-timeout | Timeout in milliseconds for health probe requests. Requires app health checks to be enabled. Default is 500 | |
—app-health-threshold | —app-health-threshold | dapr.io/app-health-threshold” | Max number of consecutive failures before the app is considered unhealthy. Requires app health checks to be enabled. Default is 3 | |
—sentry-address | —sentry-address | not supported | Address for the Sentry CA service | |
—version | —version | -v | not supported | Prints the runtime version |
—dapr-graceful-shutdown-seconds | not supported | dapr.io/graceful-shutdown-seconds | Graceful shutdown duration in seconds for Dapr, the maximum duration before forced shutdown when waiting for all in-progress requests to complete. Defaults to 5 . If you are running in Kubernetes mode, this value should not be larger than the Kubernetes termination grace period, who’s default value is 30 . | |
—dapr-block-shutdown-duration | not supported | dapr.io/block-shutdown-duration | Block shutdown duration, if set, blocks the graceful shutdown procedure (as described above) from starting until the given duration has elapsed or the application becomes unhealthy as configured through application health options. This is useful for applications that need to execute Dapr APIs during their own termination procedure. Any new invocations of any Dapr APIs are not available to the application once the block has expired. Accepts Go duration string. | |
not supported | not supported | dapr.io/enabled | Setting this paramater to true injects the Dapr sidecar into the pod | |
not supported | not supported | dapr.io/api-token-secret | Tells Dapr which Kubernetes secret to use for token-based API authentication. By default this is not set | |
not supported | not supported | dapr.io/app-token-secret | Tells Dapr which Kubernetes secret to use for token-based application authentication. By default, this is not set | |
—dapr-listen-addresses | not supported | dapr.io/sidecar-listen-addresses | Comma separated list of IP addresses that sidecar will listen to. Defaults to all in standalone mode. Defaults to [::1],127.0.0.1 in Kubernetes. To listen to all IPv4 addresses, use 0.0.0.0 . To listen to all IPv6 addresses, use [::] . | |
not supported | not supported | dapr.io/sidecar-cpu-limit | Maximum amount of CPU that the Dapr sidecar can use. See valid values here. By default this is not set | |
not supported | not supported | dapr.io/sidecar-memory-limit | Maximum amount of Memory that the Dapr sidecar can use. See valid values here. By default this is not set | |
not supported | not supported | dapr.io/sidecar-cpu-request | Amount of CPU that the Dapr sidecar requests. See valid values here. By default this is not set | |
not supported | not supported | dapr.io/sidecar-memory-request | Amount of Memory that the Dapr sidecar requests .See valid values here. By default this is not set | |
not supported | not supported | dapr.io/sidecar-liveness-probe-delay-seconds | Number of seconds after the sidecar container has started before liveness probe is initiated. Read more here. Default is 3 | |
not supported | not supported | dapr.io/sidecar-liveness-probe-timeout-seconds | Number of seconds after which the sidecar liveness probe times out. Read more here. Default is 3 | |
not supported | not supported | dapr.io/sidecar-liveness-probe-period-seconds | How often (in seconds) to perform the sidecar liveness probe. Read more here. Default is 6 | |
not supported | not supported | dapr.io/sidecar-liveness-probe-threshold | When the sidecar liveness probe fails, Kubernetes will try N times before giving up. In this case, the Pod will be marked Unhealthy. Read more about failureThreshold here. Default is 3 | |
not supported | not supported | dapr.io/sidecar-readiness-probe-delay-seconds | Number of seconds after the sidecar container has started before readiness probe is initiated. Read more here. Default is 3 | |
not supported | not supported | dapr.io/sidecar-readiness-probe-timeout-seconds | Number of seconds after which the sidecar readiness probe times out. Read more here. Default is 3 | |
not supported | not supported | dapr.io/sidecar-readiness-probe-period-seconds | How often (in seconds) to perform the sidecar readiness probe. Read more here. Default is 6 | |
not supported | not supported | dapr.io/sidecar-readiness-probe-threshold | When the sidecar readiness probe fails, Kubernetes will try N times before giving up. In this case, the Pod will be marked Unready. Read more about failureThreshold here. Default is 3 | |
not supported | not supported | dapr.io/env | List of environment variable to be injected into the sidecar. Strings consisting of key=value pairs separated by a comma. | |
not supported | not supported | dapr.io/volume-mounts | List of pod volumes to be mounted to the sidecar container in read-only mode. Strings consisting of volume:path pairs separated by a comma. Example, “volume-1:/tmp/mount1,volume-2:/home/root/mount2” . | |
not supported | not supported | dapr.io/volume-mounts-rw | List of pod volumes to be mounted to the sidecar container in read-write mode. Strings consisting of volume:path pairs separated by a comma. Example, “volume-1:/tmp/mount1,volume-2:/home/root/mount2” . | |
—disable-builtin-k8s-secret-store | not supported | dapr.io/disable-builtin-k8s-secret-store | Disables BuiltIn Kubernetes secret store. Default value is false. See Kubernetes secret store component for details. | |
not supported | not supported | dapr.io/sidecar-seccomp-profile-type | Set the sidecar container’s securityContext.seccompProfile.type to Unconfined , RuntimeDefault , or Localhost . By default, this annotation is not set on the Dapr sidecar, hence the field is omitted from sidecar container. |