Configuration spec
The basic spec for a Dapr Configuration resource
The Configuration
is a Dapr resource that is used to configure the Dapr sidecar, control plane, and others.
Sidecar format
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
name: <REPLACE-WITH-NAME>
namespace: <REPLACE-WITH-NAMESPACE>
spec:
api:
allowed:
- name: <REPLACE-WITH-API>
version: <VERSION>
protocol: <HTTP-OR-GRPC>
tracing:
samplingRate: <REPLACE-WITH-INTEGER>
stdout: true
otel:
endpointAddress: <REPLACE-WITH-ENDPOINT-ADDRESS>
isSecure: <TRUE-OR-FALSE>
protocol: <HTTP-OR-GRPC>
metrics:
enabled: <TRUE-OR-FALSE>
rules:
- name: <METRIC-NAME>
labels:
- name: <LABEL-NAME>
regex: {}
latencyDistributionBuckets:
- <BUCKET-VALUE-MS-0>
- <BUCKET-VALUE-MS-1>
http:
increasedCardinality: <TRUE-OR-FALSE>
pathMatching:
- <PATH-A>
- <PATH-B>
excludeVerbs: <TRUE-OR-FALSE>
httpPipeline: # for incoming http calls
handlers:
- name: <HANDLER-NAME>
type: <HANDLER-TYPE>
appHttpPipeline: # for outgoing http calls
handlers:
- name: <HANDLER-NAME>
type: <HANDLER-TYPE>
nameResolution:
component: <NAME-OF-NAME-RESOLUTION-COMPONENT>
version: <NAME-RESOLUTION-COMPONENT-VERSION>
configuration:
<NAME-RESOLUTION-COMPONENT-METADATA-CONFIGURATION>
secrets:
scopes:
- storeName: <NAME-OF-SCOPED-STORE>
defaultAccess: <ALLOW-OR-DENY>
deniedSecrets: <REPLACE-WITH-DENIED-SECRET>
components:
deny:
- <COMPONENT-TO-DENY>
accessControl:
defaultAction: <ALLOW-OR-DENY>
trustDomain: <REPLACE-WITH-TRUST-DOMAIN>
policies:
- appId: <APP-NAME>
defaultAction: <ALLOW-OR-DENY>
trustDomain: <REPLACE-WITH-TRUST-DOMAIN>
namespace: "default"
operations:
- name: <OPERATION-NAME>
httpVerb: ['POST', 'GET']
action: <ALLOW-OR-DENY>
Spec fields
Field | Required | Details | Example |
---|---|---|---|
accessControl | N | Applied to Dapr sidecar for the called application. Enables the configuration of policies that restrict what operations calling applications can perform (via service invocation) on the called appliaction. | Learn more about the accessControl configuration. |
api | N | Used to enable only the Dapr sidecar APIs used by the application. | Learn more about the api configuration. |
httpPipeline | N | Configure API middleware pipelines | Middleware pipeline configuration overview Learn more about the httpPipeline configuration. |
appHttpPipeline | N | Configure application middleware pipelines | Middleware pipeline configuration overview Learn more about the appHttpPipeline configuration. |
components | N | Used to specify a denylist of component types that can’t be initialized. | Learn more about the components configuration. |
features | N | Defines the preview features that are enabled/disabled. | Learn more about the features configuration. |
logging | N | Configure how logging works in the Dapr runtime. | Learn more about the logging configuration. |
metrics | N | Enable or disable metrics for an application. | Learn more about the metrics configuration. |
nameResolution | N | Name resolution configuration spec for the service invocation building block. | Learn more about the nameResolution configuration per components. |
secrets | N | Limit the secrets to which your Dapr application has access. | Learn more about the secrets configuration. |
tracing | N | Turns on tracing for an application. | Learn more about the tracing configuration. |
Control plane format
The daprsystem
configuration file installed with Dapr applies global settings and is only set up when Dapr is deployed to Kubernetes.
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
name: daprsystem
namespace: default
spec:
mtls:
enabled: true
allowedClockSkew: 15m
workloadCertTTL: 24h
Spec fields
Field | Required | Details | Example |
---|---|---|---|
mtls | N | Defines the mTLS configuration | allowedClockSkew: 15m workloadCertTTL:24h Learn more about the mtls configuration. |
Related links
Last modified October 11, 2024: Fixed typo (#4389) (fe17926)