{ "description": "Configuration describes an Dapr configuration setting.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "ConfigurationSpec is the spec for a configuration.", "properties": { "accessControl": { "description": "AccessControlSpec is the spec object in ConfigurationSpec.", "properties": { "defaultAction": { "type": "string" }, "policies": { "items": { "description": "AppPolicySpec defines the policy data structure for each app.", "properties": { "appId": { "type": "string" }, "defaultAction": { "type": "string" }, "namespace": { "type": "string" }, "operations": { "items": { "description": "AppOperationAction defines the data structure for each app operation.", "properties": { "action": { "type": "string" }, "httpVerb": { "items": { "type": "string" }, "type": "array" }, "name": { "type": "string" } }, "required": [ "action", "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "trustDomain": { "type": "string" } }, "required": [ "appId" ], "type": "object", "additionalProperties": false }, "type": "array" }, "trustDomain": { "type": "string" } }, "type": "object", "additionalProperties": false }, "api": { "description": "APISpec describes the configuration for Dapr APIs.", "properties": { "allowed": { "description": "List of allowed APIs. Can be used in conjunction with denied.", "items": { "description": "APIAccessRule describes an access rule for allowing or denying a Dapr API.", "properties": { "name": { "type": "string" }, "protocol": { "type": "string" }, "version": { "type": "string" } }, "required": [ "name", "version" ], "type": "object", "additionalProperties": false }, "type": "array" }, "denied": { "description": "List of denied APIs. Can be used in conjunction with allowed.", "items": { "description": "APIAccessRule describes an access rule for allowing or denying a Dapr API.", "properties": { "name": { "type": "string" }, "protocol": { "type": "string" }, "version": { "type": "string" } }, "required": [ "name", "version" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "appHttpPipeline": { "description": "PipelineSpec defines the middleware pipeline.", "properties": { "handlers": { "items": { "description": "HandlerSpec defines a request handlers.", "properties": { "name": { "type": "string" }, "selector": { "description": "SelectorSpec selects target services to which the handler is to be applied.", "properties": { "fields": { "items": { "description": "SelectorField defines a selector fields.", "properties": { "field": { "type": "string" }, "value": { "type": "string" } }, "required": [ "field", "value" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "fields" ], "type": "object", "additionalProperties": false }, "type": { "type": "string" } }, "required": [ "name", "type" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "handlers" ], "type": "object", "additionalProperties": false }, "components": { "description": "ComponentsSpec describes the configuration for Dapr components", "properties": { "deny": { "description": "Denylist of component types that cannot be instantiated", "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "features": { "items": { "description": "FeatureSpec defines the features that are enabled/disabled.", "properties": { "enabled": { "type": "boolean" }, "name": { "type": "string" } }, "required": [ "enabled", "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "httpPipeline": { "description": "PipelineSpec defines the middleware pipeline.", "properties": { "handlers": { "items": { "description": "HandlerSpec defines a request handlers.", "properties": { "name": { "type": "string" }, "selector": { "description": "SelectorSpec selects target services to which the handler is to be applied.", "properties": { "fields": { "items": { "description": "SelectorField defines a selector fields.", "properties": { "field": { "type": "string" }, "value": { "type": "string" } }, "required": [ "field", "value" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "fields" ], "type": "object", "additionalProperties": false }, "type": { "type": "string" } }, "required": [ "name", "type" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "handlers" ], "type": "object", "additionalProperties": false }, "logging": { "description": "LoggingSpec defines the configuration for logging.", "properties": { "apiLogging": { "description": "Configure API logging.", "properties": { "enabled": { "description": "Default value for enabling API logging. Sidecars can always override this by setting `--enable-api-logging` to true or false explicitly.\nThe default value is false.", "type": "boolean" }, "obfuscateURLs": { "description": "When enabled, obfuscates the values of URLs in HTTP API logs, logging the route name rather than the full path being invoked, which could contain PII.\nDefault: false.\nThis option has no effect if API logging is disabled.", "type": "boolean" }, "omitHealthChecks": { "description": "If true, health checks are not reported in API logs. Default: false.\nThis option has no effect if API logging is disabled.", "type": "boolean" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "metric": { "default": { "enabled": true }, "description": "MetricSpec defines metrics configuration.", "properties": { "enabled": { "type": "boolean" }, "http": { "description": "MetricHTTP defines configuration for metrics for the HTTP server", "properties": { "excludeVerbs": { "description": "If true (default is false) HTTP verbs (e.g., GET, POST) are excluded from the metrics.", "type": "boolean" }, "increasedCardinality": { "description": "If false, metrics for the HTTP server are collected with increased cardinality.\nThe default is true in Dapr 1.13, but will be changed to false in 1.15+", "type": "boolean" }, "pathMatching": { "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "latencyDistributionBuckets": { "description": "The LatencyDistributionBuckets variable specifies the latency distribution buckets (in milliseconds) used for\nhistograms in the application. If this variable is not set or left empty, the application will default to using the standard histogram buckets.\nThe default histogram latency buckets (in milliseconds) are as follows:\n 1, 2, 3, 4, 5, 6, 8, 10, 13, 16, 20, 25, 30, 40, 50, 65, 80, 100, 130, 160, 200, 250, 300, 400, 500, 650, 800, 1,000, 2,000, 5,000, 10,000, 20,000, 50,000, 100,000.", "items": { "type": "integer" }, "type": "array" }, "recordErrorCodes": { "type": "boolean" }, "rules": { "items": { "description": "MetricsRule defines configuration options for a metric.", "properties": { "labels": { "items": { "description": "MetricsLabel defines an object that allows to set regex expressions for a label.", "properties": { "name": { "type": "string" }, "regex": { "additionalProperties": { "type": "string" }, "type": "object" } }, "required": [ "name", "regex" ], "type": "object", "additionalProperties": false }, "type": "array" }, "name": { "type": "string" } }, "required": [ "labels", "name" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "enabled" ], "type": "object", "additionalProperties": false }, "metrics": { "default": { "enabled": true }, "description": "MetricSpec defines metrics configuration.", "properties": { "enabled": { "type": "boolean" }, "http": { "description": "MetricHTTP defines configuration for metrics for the HTTP server", "properties": { "excludeVerbs": { "description": "If true (default is false) HTTP verbs (e.g., GET, POST) are excluded from the metrics.", "type": "boolean" }, "increasedCardinality": { "description": "If false, metrics for the HTTP server are collected with increased cardinality.\nThe default is true in Dapr 1.13, but will be changed to false in 1.15+", "type": "boolean" }, "pathMatching": { "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "latencyDistributionBuckets": { "description": "The LatencyDistributionBuckets variable specifies the latency distribution buckets (in milliseconds) used for\nhistograms in the application. If this variable is not set or left empty, the application will default to using the standard histogram buckets.\nThe default histogram latency buckets (in milliseconds) are as follows:\n 1, 2, 3, 4, 5, 6, 8, 10, 13, 16, 20, 25, 30, 40, 50, 65, 80, 100, 130, 160, 200, 250, 300, 400, 500, 650, 800, 1,000, 2,000, 5,000, 10,000, 20,000, 50,000, 100,000.", "items": { "type": "integer" }, "type": "array" }, "recordErrorCodes": { "type": "boolean" }, "rules": { "items": { "description": "MetricsRule defines configuration options for a metric.", "properties": { "labels": { "items": { "description": "MetricsLabel defines an object that allows to set regex expressions for a label.", "properties": { "name": { "type": "string" }, "regex": { "additionalProperties": { "type": "string" }, "type": "object" } }, "required": [ "name", "regex" ], "type": "object", "additionalProperties": false }, "type": "array" }, "name": { "type": "string" } }, "required": [ "labels", "name" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "enabled" ], "type": "object", "additionalProperties": false }, "mtls": { "description": "MTLSSpec defines mTLS configuration.", "properties": { "allowedClockSkew": { "type": "string" }, "controlPlaneTrustDomain": { "type": "string" }, "enabled": { "type": "boolean" }, "sentryAddress": { "type": "string" }, "tokenValidators": { "description": "Additional token validators to use.\nWhen Dapr is running in Kubernetes mode, this is in addition to the built-in \"kubernetes\" validator.\nIn self-hosted mode, enabling a custom validator will disable the built-in \"insecure\" validator.", "items": { "description": "ValidatorSpec contains additional token validators to use.", "properties": { "name": { "description": "Name of the validator", "enum": [ "jwks" ], "type": "string" }, "options": { "description": "Options for the validator, if any", "type": "object", "x-kubernetes-preserve-unknown-fields": true } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "workloadCertTTL": { "type": "string" } }, "required": [ "controlPlaneTrustDomain", "enabled", "sentryAddress" ], "type": "object", "additionalProperties": false }, "nameResolution": { "description": "NameResolutionSpec is the spec for name resolution configuration.", "properties": { "component": { "type": "string" }, "configuration": { "description": "DynamicValue is a dynamic value struct for the component.metadata pair value.", "type": "object", "x-kubernetes-preserve-unknown-fields": true }, "version": { "type": "string" } }, "required": [ "component", "configuration", "version" ], "type": "object", "additionalProperties": false }, "secrets": { "description": "SecretsSpec is the spec for secrets configuration.", "properties": { "scopes": { "items": { "description": "SecretsScope defines the scope for secrets.", "properties": { "allowedSecrets": { "items": { "type": "string" }, "type": "array" }, "defaultAccess": { "type": "string" }, "deniedSecrets": { "items": { "type": "string" }, "type": "array" }, "storeName": { "type": "string" } }, "required": [ "storeName" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "scopes" ], "type": "object", "additionalProperties": false }, "tracing": { "description": "TracingSpec defines distributed tracing configuration.", "properties": { "otel": { "description": "OtelSpec defines Otel exporter configurations.", "properties": { "endpointAddress": { "type": "string" }, "isSecure": { "type": "boolean" }, "protocol": { "type": "string" } }, "required": [ "endpointAddress", "isSecure", "protocol" ], "type": "object", "additionalProperties": false }, "samplingRate": { "type": "string" }, "stdout": { "type": "boolean" }, "zipkin": { "description": "ZipkinSpec defines Zipkin trace configurations.", "properties": { "endpointAddress": { "type": "string" } }, "required": [ "endpointAddress" ], "type": "object", "additionalProperties": false } }, "required": [ "samplingRate" ], "type": "object", "additionalProperties": false }, "wasm": { "description": "WasmSpec describes the security profile for all Dapr Wasm components.", "properties": { "strictSandbox": { "description": "Force enabling strict sandbox mode for all WASM components.\nWhen this is enabled, WASM components always run in strict mode regardless of their configuration.\nStrict mode enhances security of the WASM sandbox by limiting access to certain capabilities such as real-time clocks and random number generators.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "workflow": { "description": "WorkflowSpec defines the configuration for Dapr workflows.", "properties": { "maxConcurrentActivityInvocations": { "description": "maxConcurrentActivityInvocations is the maximum number of concurrent activities that can be processed by a single Dapr instance.\nAttempted invocations beyond this will be queued until the number of concurrent invocations drops below this value.\nIf If omitted, no maximum will be enforced.", "format": "int32", "type": "integer" }, "maxConcurrentWorkflowInvocations": { "description": "maxConcurrentWorkflowInvocations is the maximum number of concurrent workflow invocations that can be scheduled by a single Dapr instance.\nAttempted invocations beyond this will be queued until the number of concurrent invocations drops below this value.\nIf omitted, no maximum will be enforced.", "format": "int32", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object" }