mirror of https://github.com/dapr/docs.git
update config schema
Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>
This commit is contained in:
Hannah Hunter
parent
f4a5ad3f41
commit
74b2ad7108
|
|
@ -8,7 +8,7 @@ weight: 5000
|
||||||
|
|
||||||
The `Configuration` is a Dapr resource that is used to configure the Dapr sidecar, control-plane, and others.
|
The `Configuration` is a Dapr resource that is used to configure the Dapr sidecar, control-plane, and others.
|
||||||
|
|
||||||
## Format
|
## Sidecar format
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
apiVersion: dapr.io/v1alpha1
|
apiVersion: dapr.io/v1alpha1
|
||||||
|
|
@ -17,59 +17,88 @@ metadata:
|
||||||
name: <REPLACE-WITH-NAME>
|
name: <REPLACE-WITH-NAME>
|
||||||
namespace: <REPLACE-WITH-NAMESPACE>
|
namespace: <REPLACE-WITH-NAMESPACE>
|
||||||
spec:
|
spec:
|
||||||
|
api:
|
||||||
|
allowed:
|
||||||
|
- name: <REPLACE-WITH-API>
|
||||||
|
version: <VERSION>
|
||||||
|
protocol: <HTTP-OR-GRPC>
|
||||||
tracing:
|
tracing:
|
||||||
samplingRate: "1"
|
samplingRate: <REPLACE-WITH-INTEGER>
|
||||||
stdout: true
|
stdout: true
|
||||||
otel:
|
otel:
|
||||||
endpointAddress: "localhost:4317"
|
endpointAddress: <REPLACE-WITH-ENDPOINT-ADDRESS>
|
||||||
isSecure: false
|
isSecure: false
|
||||||
protocol: "grpc"
|
protocol: <HTTP-OR-GRPC>
|
||||||
httpPipeline:
|
httpPipeline: # for incoming http calls
|
||||||
handlers:
|
handlers:
|
||||||
- name: oauth2
|
- name: <HANDLER-NAME>
|
||||||
type: middleware.http.oauth2
|
type: <HANDLER-TYPE>
|
||||||
|
appHttpPipeline: # for outgoing http calls
|
||||||
|
handlers:
|
||||||
|
- name: <HANDLER-NAME>
|
||||||
|
type: <HANDLER-TYPE>
|
||||||
secrets:
|
secrets:
|
||||||
scopes:
|
scopes:
|
||||||
- storeName: localstore
|
- storeName: <NAME-OF-SCOPED-STORE>
|
||||||
defaultAccess: allow
|
defaultAccess: <ALLOW-OR-DENY>
|
||||||
deniedSecrets: ["redis-password"]
|
deniedSecrets: <REPLACE-WITH-DENIED-SECRET>
|
||||||
components:
|
components:
|
||||||
deny:
|
deny:
|
||||||
- bindings.smtp
|
- <COMPONENT-TO-DENY>
|
||||||
- secretstores.local.file
|
|
||||||
accessControl:
|
accessControl:
|
||||||
defaultAction: deny
|
defaultAction: <ALLOW-OR-DENY>
|
||||||
trustDomain: "public"
|
trustDomain: <REPLACE-WITH-TRUST-DOMAIN>
|
||||||
policies:
|
policies:
|
||||||
- appId: app1
|
- appId: <APP-NAME>
|
||||||
defaultAction: deny
|
defaultAction: <ALLOW-OR-DENY>
|
||||||
trustDomain: 'public'
|
trustDomain: <REPLACE-WITH-TRUST-DOMAIN>
|
||||||
namespace: "default"
|
namespace: "default"
|
||||||
operations:
|
operations:
|
||||||
- name: /op1
|
- name: <OPERATION-NAME>
|
||||||
httpVerb: ['POST', 'GET']
|
httpVerb: ['POST', 'GET']
|
||||||
action: deny
|
action: <ALLOW-OR-DENY>
|
||||||
- name: /op2/*
|
|
||||||
httpVerb: ["*"]
|
|
||||||
action: allow
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Spec fields
|
### Spec fields
|
||||||
|
|
||||||
| Field | Required | Details | Example |
|
| Field | Required | Details | Example |
|
||||||
|--------------------|:--------:|---------|---------|
|
|--------------------|:--------:|---------|---------|
|
||||||
| accessControl | Y | Defines the data structure for the configuration spec | |
|
| accessControl | N | Applied to Dapr sidecar for the called application. Enables the configuration of policies that restrict what operations calling applications can perform (via service invocation) on the called appliaction. | [Learn more about the `accessControl` configuration.]({{< ref invoke-allowlist.md >}}) |
|
||||||
| api | N | Describes the configuration for the Dapr APIs | |
|
| api | N | Used to enable only the Dapr sidecar APIs used by the application. | [Learn more about the `api` configuration.]({{< ref api-allowlist.md >}}) |
|
||||||
| appHttpPipeline | N | Configuration spec for defining the middleware pipeline | |
|
| httpPipeline | N | Configure API middleware pipelines | [Middleware pipeline configuration overview]({{< ref "configuration-overview.md#middleware" >}})<br>[Learn more about the `httpPipeline` configuration.]({{< ref "middleware.md#configure-api-middleware-pipelines" >}}) |
|
||||||
| components | N | Describes the configuration for Dapr components | |
|
| appHttpPipeline | N | Configure application middleware pipelines | [Middleware pipeline configuration overview]({{< ref "configuration-overview.md#middleware" >}})<br>[Learn more about the `appHttpPipeline` configuration.]({{< ref "middleware.md#configure-app-middleware-pipelines" >}}) |
|
||||||
| features | N | Defines the features that are enabled/disabled | |
|
| components | N | Used to specify a denylist of component types that can't be initialized. | [Learn more about the `components` configuration.]({{< ref "configuration-overview.md#disallow-usage-of-certain-component-types" >}}) |
|
||||||
| httpPipeline | N | Configuration spec for defining the middleware pipeline | |
|
| features | N | Defines the preview features that are enabled/disabled. | [Learn more about the `features` configuration.]({{< ref preview-features.md >}}) |
|
||||||
| logging | N | Used to configure logging | |
|
| logging | N | Configure how logging works in the Dapr runtime. | [Learn more about the `logging` configuration.]({{< ref "configuration-overview.md#logging" >}}) |
|
||||||
| metric | N | Defines the metrics configuration | |
|
| metrics | N | Enable or disable metrics for an application. | [Learn more about the `metrics` configuration.]({{< ref "configuration-overview.md#metrics" >}}) |
|
||||||
| mtls | N | Defines the mTLS configuration | |
|
| nameResolution | N | Name resolution configuration spec for the service invocation building block. | [Learn more about the `nameResolution` configuration per components.]({{< ref supported-name-resolution.md >}}) |
|
||||||
| nameResolution | N | Name resolution configuration spec | |
|
| secrets | N | Limit the secrets to which your Dapr application has access. | [Learn more about the `secrets` configuration.]({{< ref secret-scope.md >}}) |
|
||||||
| secrets | N | Configures secrets for your sidecar or control-plane | |
|
| tracing | N | Turns on tracing for an application. | [Learn more about the `tracing` configuration.]({{< ref "configuration-overview.md#tracing" >}}) |
|
||||||
| tracing | N | Defines distributed tracing configuration | |
|
|
||||||
|
|
||||||
|
## Control-plane format
|
||||||
|
|
||||||
|
The `daprsystem` configuration file installed with Dapr applies global settings and is only set up when Dapr is deployed to Kubernetes.
|
||||||
|
|
||||||
|
```yml
|
||||||
|
apiVersion: dapr.io/v1alpha1
|
||||||
|
kind: Configuration
|
||||||
|
metadata:
|
||||||
|
name: daprsystem
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
mtls:
|
||||||
|
enabled: true
|
||||||
|
allowedClockSkew: 15m
|
||||||
|
workloadCertTTL: 24h
|
||||||
|
```
|
||||||
|
|
||||||
|
### Spec fields
|
||||||
|
|
||||||
|
| Field | Required | Details | Example |
|
||||||
|
|--------------------|:--------:|---------|---------|
|
||||||
|
| mtls | N | Defines the mTLS configuration | `allowedClockSkew: 15m`<br>`workloadCertTTL:24h`<br>[Learn more about the `mtls` configuration.]({{< ref "configuration-overview.md#mtls-mutual-tls" >}}) |
|
||||||
|
|
||||||
|
|
||||||
## Related links
|
## Related links
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue