Manage Dapr configuration on Dapr Docs

Dapr configuration

Mon, 01 Jan 0001 00:00:00 +0000

Dapr configurations are settings and policies that enable you to change both the behavior of individual Dapr applications, or the global behavior of the Dapr control plane system services.

for more information, read the configuration concept.

Application configuration

Set up application configuration

You can set up application configuration either in self-hosted or Kubernetes mode.

In self hosted mode, the Dapr configuration is a configuration file - for example, config.yaml. By default, the Dapr sidecar looks in the default Dapr folder for the runtime configuration:

How-To: Control concurrency and rate limit applications

Mon, 01 Jan 0001 00:00:00 +0000

Typically, in distributed computing, you may only want to allow for a given number of requests to execute concurrently. Using Dapr’s app-max-concurrency, you can control how many requests and events can invoke your application simultaneously.

Default app-max-concurreny is set to -1, meaning no concurrency limit is enforced.

Different approaches

While this guide focuses on app-max-concurrency, you can also limit request rate per second using the middleware.http.ratelimit middleware. However, it’s important to understand the difference between the two approaches:

How-To: Limit the secrets that can be read from secret stores

Mon, 01 Jan 0001 00:00:00 +0000

In addition to scoping which applications can access a given component, you can also scope a named secret store component to one or more secrets for an application. By defining allowedSecrets and/or deniedSecrets lists, you restrict applications to access only specific secrets.

For more information about configuring a Configuration resource:

Configure secrets access

The secrets section under the Configuration spec contains the following properties:

secrets:
 scopes:
 - storeName: kubernetes
 defaultAccess: allow
 allowedSecrets: ["redis-password"]
 - storeName: localstore
 defaultAccess: allow
 deniedSecrets: ["redis-password"]

The following table lists the properties for secret scopes:

How-To: Apply access control list configuration for service invocation

Mon, 01 Jan 0001 00:00:00 +0000

Using access control, you can configure policies that restrict what the operations calling applications can perform, via service invocation, on the called application. You can define an access control policy specification in the Configuration schema to limit access:

To a called application from specific operations, and
To HTTP verbs from the calling applications.

An access control policy is specified in Configuration and applied to the Dapr sidecar for the called application. Access to the called app is based on the matched policy action.

How-To: Selectively enable Dapr APIs on the Dapr sidecar

Mon, 01 Jan 0001 00:00:00 +0000

In scenarios such as zero trust networks or when exposing the Dapr sidecar to external traffic through a frontend, it’s recommended to only enable the Dapr sidecar APIs being used by the app. Doing so reduces the attack surface and helps keep the Dapr APIs scoped to the actual needs of the application.

Dapr allows you to control which APIs are accessible to the application by setting an API allowlist or denylist using a Dapr Configuration.

How-To: Configure Dapr to use gRPC

Mon, 01 Jan 0001 00:00:00 +0000

Dapr implements both an HTTP and a gRPC API for local calls. gRPC is useful for low-latency, high performance scenarios and has language integration using the proto clients. You can see the full list of auto-generated clients (Dapr SDKs).

The Dapr runtime implements a proto service that apps can communicate with via gRPC.

Not only can you call Dapr via gRPC, Dapr can communicate with an application via gRPC. To do that, the app needs to host a gRPC server and implement the Dapr appcallback service

How-To: Handle large HTTP header size

Mon, 01 Jan 0001 00:00:00 +0000

Dapr has a default limit of 4KB for the HTTP header read buffer size. If you’re sending HTTP headers larger than the default 4KB, you may encounter a Too big request header service invocation error.

You can increase the HTTP header size by using:

The dapr.io/http-read-buffer-size annotation, or
The --dapr-http-read-buffer-size flag when using the CLI.

When running in self-hosted mode, use the --dapr-http-read-buffer-size flag to configure Dapr to use non-default http header size:

How-To: Handle larger body requests

Mon, 01 Jan 0001 00:00:00 +0000

Note

The existing flag/annotationdapr-http-max-request-size has been deprecated and updated to max-body-size.

By default, Dapr has a limit for the request body size, set to 4MB. You can change this for both HTTP and gRPC requests by defining:

The dapr.io/max-body-size annotation, or
The --max-body-size flag.

When running in self-hosted mode, use the --max-body-size flag to configure Dapr to use non-default request body size:

How-To: Install certificates in the Dapr sidecar

Mon, 01 Jan 0001 00:00:00 +0000

The Dapr sidecar can be configured to trust certificates for communicating with external services. This is useful in scenarios where a self-signed certificate needs to be trusted, such as:

Using an HTTP binding
Configuring an outbound proxy for the sidecar

Both certificate authority (CA) certificates and leaf certificates are supported.

You can make the following configurations when the sidecar is running as a container.

How-To: Enable preview features

Mon, 01 Jan 0001 00:00:00 +0000

Preview features in Dapr are considered experimental when they are first released. These preview features require you to explicitly opt-in to use them. You specify this opt-in in Dapr’s Configuration file.

Preview features are enabled on a per application basis by setting configuration when running an application instance.

Configuration properties

The features section under the Configuration spec contains the following properties:

Property	Type	Description
`name`	string	The name of the preview feature that is enabled/disabled
`enabled`	bool	Boolean specifying if the feature is enabled or disabled

Enabling a preview feature

Preview features are specified in the configuration. Here is an example of a full configuration that contains multiple features:

How-To: Configure Environment Variables from Secrets for Dapr sidecar

Mon, 01 Jan 0001 00:00:00 +0000

In special cases, the Dapr sidecar needs an environment variable injected into it. This use case may be required by a component, a 3rd party library, or a module that uses environment variables to configure the said component or customize its behavior. This can be useful for both production and non-production environments.

Overview

In Dapr 1.15, the new dapr.io/env-from-secret annotation was introduced, similar to dapr.io/env. With this annotation, you can inject an environment variable into the Dapr sidecar, with a value from a secret.

How-To: Add custom annotations to the Dapr sidecar service

Mon, 01 Jan 0001 00:00:00 +0000

The Dapr operator automatically creates a Service (named with the -dapr suffix) for the Dapr sidecar when running in Kubernetes. In some cases, you may need to add custom annotations to this service, for example to support specific network policies (such as Illumio) or metrics scraping configurations.

Overview

The dapr.io/sidecar-svc-annotations annotation allows you to specify a comma-separated list of key=value pairs that will be added as annotations to the Dapr sidecar service.