Dapr arguments and annotations for daprd, CLI, and Kubernetes

The arguments and annotations available when configuring Dapr in different environments

This table is meant to help users understand the equivalent options for running Dapr sidecars in different contexts: via the CLI directly, via daprd, or on Kubernetes via annotations.

daprdDapr CLICLI shorthandKubernetes annotationsDescription
—allowed-originsnot supportednot supportedAllowed HTTP origins (default “*”)
—app-id—app-id-idapr.io/app-idThe unique ID of the application. Used for service discovery, state encapsulation and the pub/sub consumer ID
—app-port—app-port-pdapr.io/app-portThis parameter tells Dapr which port your application is listening on
—components-path—components-path-dnot supportedDeprecated in favor of —resources-path
—resources-path—resources-path-dnot supportedPath for components directory. If empty, components will not be loaded.
—config—config-cdapr.io/configTells Dapr which Configuration resource to use
—control-plane-addressnot supportednot supportedAddress for a Dapr control plane
—dapr-grpc-port—dapr-grpc-portnot supportedgRPC port for the Dapr API to listen on (default “50001”)
—dapr-http-port—dapr-http-portnot supportedThe HTTP port for the Dapr API
—dapr-http-max-request-size–dapr-http-max-request-sizedapr.io/http-max-request-sizeIncreasing max size of request body http and grpc servers parameter in MB to handle uploading of big files. Default is 4 MB
—dapr-http-read-buffer-size–dapr-http-read-buffer-sizedapr.io/http-read-buffer-sizeIncreasing max size of http header read buffer in KB to handle when sending multi-KB headers. The default 4 KB. When sending bigger than default 4KB http headers, you should set this to a larger value, for example 16 (for 16KB)
not supported—imagedapr.io/sidecar-imageDapr sidecar image. Default is daprio/daprd:latest. The Dapr sidecar uses this image instead of the latest default image. Use this when building your own custom image of Dapr and or using an alternative stable Dapr image
—internal-grpc-portnot supportednot supportedgRPC port for the Dapr Internal API to listen on
—enable-metricsnot supportedconfiguration specEnable prometheus metric (default true)
—enable-mtlsnot supportedconfiguration specEnables automatic mTLS for daprd to daprd communication channels
—enable-profiling—enable-profilingdapr.io/enable-profilingEnable profiling
—unix-domain-socket—unix-domain-socket-udapr.io/unix-domain-socket-pathThe parent directory of socket file. On Linux, when communicating with the Dapr sidecar, use unix domain sockets for lower latency and greater throughput compared to TCP ports. Not available on Windows OS.
—log-as-jsonnot supporteddapr.io/log-as-jsonSetting this parameter to true outputs logs in JSON format. Default is false
—log-level—log-leveldapr.io/log-levelSets the log level for the Dapr sidecar. Allowed values are debug, info, warn, error. Default is info
—enable-api-logging—enable-api-loggingdapr.io/enable-api-loggingEnables API logging for the Dapr sidecar
—app-max-concurrency—app-max-concurrencydapr.io/app-max-concurrencyLimit the concurrency of your application. A valid value is any number larger than 0
—metrics-port—metrics-portdapr.io/metrics-portSets the port for the sidecar metrics server. Default is 9090
—modenot supportednot supportedRuntime hosting option mode for Dapr, either “standalone” or “kubernetes” (default “standalone”). Learn more.
—placement-host-address—placement-host-addressdapr.io/placement-host-addressComma separated list of addresses for Dapr Actor Placement servers. When no annotation is set, the default value is set by the Sidecar Injector. When the annotation is set and the value is empty, the sidecar does not connect to Placement server. This can be used when there are no actors running in the sidecar. When the annotation is set and the value is not empty, the sidecar connects to the configured address. For example: 127.0.0.1:50057,127.0.0.1:50058
—actors-servicenot supportednot supportedConfiguration for the service that offers actor placement information. The format is <name>:<address>. For example, setting this value to placement:127.0.0.1:50057,127.0.0.1:50058 is an alternative to using the —placement-host-address flag.
—reminders-servicenot supportednot supportedConfiguration for the service that enables actor reminders. The format is <name>[:<address>]. Currently, the only supported value is “default” (which is also the default value), which uses the built-in reminders subsystem in the Dapr sidecar.
—profiling-port—profiling-portnot supportedThe port for the profile server (default 7777)
—app-protocol—app-protocol-Pdapr.io/app-protocolConfigures the protocol Dapr uses to communicate with your app. Valid options are http, grpc, https (HTTP with TLS), grpcs (gRPC with TLS), h2c (HTTP/2 Cleartext). Note that Dapr does not validate TLS certificates presented by the app. Default is http
—enable-app-health-check—enable-app-health-checkdapr.io/enable-app-health-checkBoolean that enables the health checks. Default is false.
—app-health-check-path—app-health-check-pathdapr.io/app-health-check-pathPath that Dapr invokes for health probes when the app channel is HTTP (this value is ignored if the app channel is using gRPC). Requires app health checks to be enabled. Default is /healthz.
—app-health-probe-interval—app-health-probe-intervaldapr.io/app-health-probe-intervalNumber of seconds between each health probe. Requires app health checks to be enabled. Default is 5
—app-health-probe-timeout—app-health-probe-timeoutdapr.io/app-health-probe-timeoutTimeout in milliseconds for health probe requests. Requires app health checks to be enabled. Default is 500
—app-health-threshold—app-health-thresholddapr.io/app-health-threshold”Max number of consecutive failures before the app is considered unhealthy. Requires app health checks to be enabled. Default is 3
—sentry-address—sentry-addressnot supportedAddress for the Sentry CA service
—version—version-vnot supportedPrints the runtime version
—dapr-graceful-shutdown-secondsnot supporteddapr.io/graceful-shutdown-secondsGraceful shutdown duration in seconds for Dapr, the maximum duration before forced shutdown when waiting for all in-progress requests to complete. Defaults to 5. If you are running in Kubernetes mode, this value should not be larger than the Kubernetes termination grace period, who’s default value is 30.
—dapr-block-shutdown-durationnot supporteddapr.io/block-shutdown-durationBlock shutdown duration, if set, blocks the graceful shutdown procedure (as described above) from starting until the given duration has elapsed or the application becomes unhealthy as configured through application health options. This is useful for applications that need to execute Dapr APIs during their own termination procedure. Any new invocations of any Dapr APIs are not available to the application once the block has expired. Accepts Go duration string.
not supportednot supporteddapr.io/enabledSetting this paramater to true injects the Dapr sidecar into the pod
not supportednot supporteddapr.io/api-token-secretTells Dapr which Kubernetes secret to use for token-based API authentication. By default this is not set
not supportednot supporteddapr.io/app-token-secretTells Dapr which Kubernetes secret to use for token-based application authentication. By default, this is not set
—dapr-listen-addressesnot supporteddapr.io/sidecar-listen-addressesComma separated list of IP addresses that sidecar will listen to. Defaults to all in standalone mode. Defaults to [::1],127.0.0.1 in Kubernetes. To listen to all IPv4 addresses, use 0.0.0.0. To listen to all IPv6 addresses, use [::].
not supportednot supporteddapr.io/sidecar-cpu-limitMaximum amount of CPU that the Dapr sidecar can use. See valid values here. By default this is not set
not supportednot supporteddapr.io/sidecar-memory-limitMaximum amount of Memory that the Dapr sidecar can use. See valid values here. By default this is not set
not supportednot supporteddapr.io/sidecar-cpu-requestAmount of CPU that the Dapr sidecar requests. See valid values here. By default this is not set
not supportednot supporteddapr.io/sidecar-memory-requestAmount of Memory that the Dapr sidecar requests .See valid values here. By default this is not set
not supportednot supporteddapr.io/sidecar-liveness-probe-delay-secondsNumber of seconds after the sidecar container has started before liveness probe is initiated. Read more here. Default is 3
not supportednot supporteddapr.io/sidecar-liveness-probe-timeout-secondsNumber of seconds after which the sidecar liveness probe times out. Read more here. Default is 3
not supportednot supporteddapr.io/sidecar-liveness-probe-period-secondsHow often (in seconds) to perform the sidecar liveness probe. Read more here. Default is 6
not supportednot supporteddapr.io/sidecar-liveness-probe-thresholdWhen the sidecar liveness probe fails, Kubernetes will try N times before giving up. In this case, the Pod will be marked Unhealthy. Read more about failureThreshold here. Default is 3
not supportednot supporteddapr.io/sidecar-readiness-probe-delay-secondsNumber of seconds after the sidecar container has started before readiness probe is initiated. Read more here. Default is 3
not supportednot supporteddapr.io/sidecar-readiness-probe-timeout-secondsNumber of seconds after which the sidecar readiness probe times out. Read more here. Default is 3
not supportednot supporteddapr.io/sidecar-readiness-probe-period-secondsHow often (in seconds) to perform the sidecar readiness probe. Read more here. Default is 6
not supportednot supporteddapr.io/sidecar-readiness-probe-thresholdWhen the sidecar readiness probe fails, Kubernetes will try N times before giving up. In this case, the Pod will be marked Unready. Read more about failureThreshold here. Default is 3
not supportednot supporteddapr.io/envList of environment variable to be injected into the sidecar. Strings consisting of key=value pairs separated by a comma.
not supportednot supporteddapr.io/volume-mountsList of pod volumes to be mounted to the sidecar container in read-only mode. Strings consisting of volume:path pairs separated by a comma. Example, “volume-1:/tmp/mount1,volume-2:/home/root/mount2”.
not supportednot supporteddapr.io/volume-mounts-rwList of pod volumes to be mounted to the sidecar container in read-write mode. Strings consisting of volume:path pairs separated by a comma. Example, “volume-1:/tmp/mount1,volume-2:/home/root/mount2”.
—disable-builtin-k8s-secret-storenot supporteddapr.io/disable-builtin-k8s-secret-storeDisables BuiltIn Kubernetes secret store. Default value is false. See Kubernetes secret store component for details.
not supportednot supporteddapr.io/sidecar-seccomp-profile-typeSet the sidecar container’s securityContext.seccompProfile.type to Unconfined, RuntimeDefault, or Localhost. By default, this annotation is not set on the Dapr sidecar, hence the field is omitted from sidecar container.