The documentation you are viewing is for Dapr v1.13 which is an older version of Dapr. For up-to-date documentation, see the latest version.
Configuration spec
The basic spec for a Dapr Configuration resource
The Configuration is a Dapr resource that is used to configure the Dapr sidecar, control plane, and others.
Sidecar format
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
name: <REPLACE-WITH-NAME>
namespace: <REPLACE-WITH-NAMESPACE>
spec:
api:
allowed:
- name: <REPLACE-WITH-API>
version: <VERSION>
protocol: <HTTP-OR-GRPC>
tracing:
samplingRate: <REPLACE-WITH-INTEGER>
stdout: true
otel:
endpointAddress: <REPLACE-WITH-ENDPOINT-ADDRESS>
isSecure: <TRUE-OR-FALSE>
protocol: <HTTP-OR-GRPC>
metrics:
enabled: <TRUE-OR-FALSE>
rules:
- name: <METRIC-NAME>
labels:
- name: <LABEL-NAME>
regex: {}
http:
increasedCardinality: <TRUE-OR-FALSE>
httpPipeline: # for incoming http calls
handlers:
- name: <HANDLER-NAME>
type: <HANDLER-TYPE>
appHttpPipeline: # for outgoing http calls
handlers:
- name: <HANDLER-NAME>
type: <HANDLER-TYPE>
nameResolution:
component: <NAME-OF-NAME-RESOLUTION-COMPONENT>
version: <NAME-RESOLUTION-COMPONENT-VERSION>
configuration:
<NAME-RESOLUTION-COMPONENT-METADATA-CONFIGURATION>
secrets:
scopes:
- storeName: <NAME-OF-SCOPED-STORE>
defaultAccess: <ALLOW-OR-DENY>
deniedSecrets: <REPLACE-WITH-DENIED-SECRET>
components:
deny:
- <COMPONENT-TO-DENY>
accessControl:
defaultAction: <ALLOW-OR-DENY>
trustDomain: <REPLACE-WITH-TRUST-DOMAIN>
policies:
- appId: <APP-NAME>
defaultAction: <ALLOW-OR-DENY>
trustDomain: <REPLACE-WITH-TRUST-DOMAIN>
namespace: "default"
operations:
- name: <OPERATION-NAME>
httpVerb: ['POST', 'GET']
action: <ALLOW-OR-DENY>
Spec fields
| Field | Required | Details | Example |
|---|---|---|---|
| accessControl | N | Applied to Dapr sidecar for the called application. Enables the configuration of policies that restrict what operations calling applications can perform (via service invocation) on the called appliaction. | Learn more about the accessControl configuration. |
| api | N | Used to enable only the Dapr sidecar APIs used by the application. | Learn more about the api configuration. |
| httpPipeline | N | Configure API middleware pipelines | Middleware pipeline configuration overview Learn more about the httpPipeline configuration. |
| appHttpPipeline | N | Configure application middleware pipelines | Middleware pipeline configuration overview Learn more about the appHttpPipeline configuration. |
| components | N | Used to specify a denylist of component types that can’t be initialized. | Learn more about the components configuration. |
| features | N | Defines the preview features that are enabled/disabled. | Learn more about the features configuration. |
| logging | N | Configure how logging works in the Dapr runtime. | Learn more about the logging configuration. |
| 度量 | N | Enable or disable metrics for an application. | Learn more about the metrics configuration. |
| nameResolution | N | Name resolution configuration spec for the service invocation building block. | Learn more about the nameResolution configuration per components. |
| secrets | N | Limit the secrets to which your Dapr application has access. | Learn more about the secrets configuration. |
| tracing | N | Turns on tracing for an application. | Learn more about the tracing configuration. |
Control plane format
The daprsystem configuration file installed with Dapr applies global settings and is only set up when Dapr is deployed to Kubernetes.
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
name: daprsystem
namespace: default
spec:
mtls:
enabled: true
allowedClockSkew: 15m
workloadCertTTL: 24h
Spec fields
| Field | Required | Details | Example |
|---|---|---|---|
| mtls | N | Defines the mTLS configuration | allowedClockSkew: 15mworkloadCertTTL:24hLearn more about the mtls configuration. |
Related links
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.