From f4a5ad3f41e8fe4c185f577caa19c99a2b6ee8d9 Mon Sep 17 00:00:00 2001 From: Hannah Hunter Date: Tue, 27 Jun 2023 15:24:11 -0400 Subject: [PATCH 1/2] update headers for consistency Signed-off-by: Hannah Hunter --- .../resource-specs/component-schema.md | 2 +- .../resource-specs/configuration-schema.md | 76 +++++++++++++++++++ .../resource-specs/httpendpoints-schema.md | 2 +- .../resource-specs/resiliency-schema.md | 2 + .../resource-specs/subscription-schema.md | 4 +- 5 files changed, 82 insertions(+), 4 deletions(-) create mode 100644 daprdocs/content/en/reference/resource-specs/configuration-schema.md diff --git a/daprdocs/content/en/reference/resource-specs/component-schema.md b/daprdocs/content/en/reference/resource-specs/component-schema.md index c36bded5270..59169300f8e 100644 --- a/daprdocs/content/en/reference/resource-specs/component-schema.md +++ b/daprdocs/content/en/reference/resource-specs/component-schema.md @@ -26,7 +26,7 @@ spec: value: [METADATA-VALUE] ``` -## Fields +## Spec fields | Field | Required | Details | Example | |--------------------|:--------:|---------|---------| diff --git a/daprdocs/content/en/reference/resource-specs/configuration-schema.md b/daprdocs/content/en/reference/resource-specs/configuration-schema.md new file mode 100644 index 00000000000..86998d98b16 --- /dev/null +++ b/daprdocs/content/en/reference/resource-specs/configuration-schema.md @@ -0,0 +1,76 @@ +--- +type: docs +title: "Configuration spec" +linkTitle: "Configuration" +description: "The basic spec for a Dapr Configuration resource" +weight: 5000 +--- + +The `Configuration` is a Dapr resource that is used to configure the Dapr sidecar, control-plane, and others. + +## Format + +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Configuration +metadata: + name: + namespace: +spec: + tracing: + samplingRate: "1" + stdout: true + otel: + endpointAddress: "localhost:4317" + isSecure: false + protocol: "grpc" + httpPipeline: + handlers: + - name: oauth2 + type: middleware.http.oauth2 + secrets: + scopes: + - storeName: localstore + defaultAccess: allow + deniedSecrets: ["redis-password"] + components: + deny: + - bindings.smtp + - secretstores.local.file + accessControl: + defaultAction: deny + trustDomain: "public" + policies: + - appId: app1 + defaultAction: deny + trustDomain: 'public' + namespace: "default" + operations: + - name: /op1 + httpVerb: ['POST', 'GET'] + action: deny + - name: /op2/* + httpVerb: ["*"] + action: allow +``` + +## Spec fields + +| Field | Required | Details | Example | +|--------------------|:--------:|---------|---------| +| accessControl | Y | Defines the data structure for the configuration spec | | +| api | N | Describes the configuration for the Dapr APIs | | +| appHttpPipeline | N | Configuration spec for defining the middleware pipeline | | +| components | N | Describes the configuration for Dapr components | | +| features | N | Defines the features that are enabled/disabled | | +| httpPipeline | N | Configuration spec for defining the middleware pipeline | | +| logging | N | Used to configure logging | | +| metric | N | Defines the metrics configuration | | +| mtls | N | Defines the mTLS configuration | | +| nameResolution | N | Name resolution configuration spec | | +| secrets | N | Configures secrets for your sidecar or control-plane | | +| tracing | N | Defines distributed tracing configuration | | + +## Related links + +- [Learn more about how to use configuration specs]({{< ref configuration-overview.md >}}) \ No newline at end of file diff --git a/daprdocs/content/en/reference/resource-specs/httpendpoints-schema.md b/daprdocs/content/en/reference/resource-specs/httpendpoints-schema.md index d2f5429e7c5..62effc30e53 100644 --- a/daprdocs/content/en/reference/resource-specs/httpendpoints-schema.md +++ b/daprdocs/content/en/reference/resource-specs/httpendpoints-schema.md @@ -10,7 +10,7 @@ aliases: The `HTTPEndpoint` is a Dapr resource that is used to enable the invocation of non-Dapr endpoints from a Dapr application. -## HTTPEndpoint format +## Format ```yaml apiVersion: dapr.io/v1alpha1 diff --git a/daprdocs/content/en/reference/resource-specs/resiliency-schema.md b/daprdocs/content/en/reference/resource-specs/resiliency-schema.md index 58d60cb207e..d62061e091d 100644 --- a/daprdocs/content/en/reference/resource-specs/resiliency-schema.md +++ b/daprdocs/content/en/reference/resource-specs/resiliency-schema.md @@ -8,6 +8,8 @@ description: "The basic spec for a Dapr resiliency resource" The `Resiliency` Dapr resource allows you to define and apply fault tolerance resiliency policies. Resiliency specs are applied when the Dapr sidecar starts. +## Format + ```yml apiVersion: dapr.io/v1alpha1 kind: Resiliency diff --git a/daprdocs/content/en/reference/resource-specs/subscription-schema.md b/daprdocs/content/en/reference/resource-specs/subscription-schema.md index b3a4e638a0c..55b8bc76f5f 100644 --- a/daprdocs/content/en/reference/resource-specs/subscription-schema.md +++ b/daprdocs/content/en/reference/resource-specs/subscription-schema.md @@ -11,7 +11,7 @@ The `Subscription` Dapr resource allows you to subscribe declaratively to a topi - `v2alpha` (default spec) - `v1alpha1` (deprecated) -## `v2alpha1` +## `v2alpha1` format The following is the basic `v2alpha1` spec for a `Subscription` resource. `v2alpha1` is the default spec for the subscription API. @@ -48,7 +48,7 @@ scopes: | bulksubscribe | N | Enable bulk subscribe properties. | `true`, `false` | -## `v1alpha1` +## `v1alpha1` format The following is the basic version `v1alpha1` spec for a `Subscription` resource. `v1alpha1` is now deprecated. From 74b2ad71085e1d521fb6d2e0698033e520b5ddf9 Mon Sep 17 00:00:00 2001 From: Hannah Hunter Date: Wed, 28 Jun 2023 14:21:17 -0400 Subject: [PATCH 2/2] update config schema Signed-off-by: Hannah Hunter --- .../resource-specs/configuration-schema.md | 99 ++++++++++++------- 1 file changed, 64 insertions(+), 35 deletions(-) diff --git a/daprdocs/content/en/reference/resource-specs/configuration-schema.md b/daprdocs/content/en/reference/resource-specs/configuration-schema.md index 86998d98b16..16be2da2b1e 100644 --- a/daprdocs/content/en/reference/resource-specs/configuration-schema.md +++ b/daprdocs/content/en/reference/resource-specs/configuration-schema.md @@ -8,7 +8,7 @@ weight: 5000 The `Configuration` is a Dapr resource that is used to configure the Dapr sidecar, control-plane, and others. -## Format +## Sidecar format ```yaml apiVersion: dapr.io/v1alpha1 @@ -17,59 +17,88 @@ metadata: name: namespace: spec: + api: + allowed: + - name: + version: + protocol: tracing: - samplingRate: "1" + samplingRate: stdout: true otel: - endpointAddress: "localhost:4317" + endpointAddress: isSecure: false - protocol: "grpc" - httpPipeline: + protocol: + httpPipeline: # for incoming http calls handlers: - - name: oauth2 - type: middleware.http.oauth2 + - name: + type: + appHttpPipeline: # for outgoing http calls + handlers: + - name: + type: secrets: scopes: - - storeName: localstore - defaultAccess: allow - deniedSecrets: ["redis-password"] + - storeName: + defaultAccess: + deniedSecrets: components: deny: - - bindings.smtp - - secretstores.local.file + - accessControl: - defaultAction: deny - trustDomain: "public" + defaultAction: + trustDomain: policies: - - appId: app1 - defaultAction: deny - trustDomain: 'public' + - appId: + defaultAction: + trustDomain: namespace: "default" operations: - - name: /op1 + - name: httpVerb: ['POST', 'GET'] - action: deny - - name: /op2/* - httpVerb: ["*"] - action: allow + action: ``` -## Spec fields +### Spec fields | Field | Required | Details | Example | |--------------------|:--------:|---------|---------| -| accessControl | Y | Defines the data structure for the configuration spec | | -| api | N | Describes the configuration for the Dapr APIs | | -| appHttpPipeline | N | Configuration spec for defining the middleware pipeline | | -| components | N | Describes the configuration for Dapr components | | -| features | N | Defines the features that are enabled/disabled | | -| httpPipeline | N | Configuration spec for defining the middleware pipeline | | -| logging | N | Used to configure logging | | -| metric | N | Defines the metrics configuration | | -| mtls | N | Defines the mTLS configuration | | -| nameResolution | N | Name resolution configuration spec | | -| secrets | N | Configures secrets for your sidecar or control-plane | | -| tracing | N | Defines distributed tracing configuration | | +| accessControl | N | Applied to Dapr sidecar for the called application. Enables the configuration of policies that restrict what operations calling applications can perform (via service invocation) on the called appliaction. | [Learn more about the `accessControl` configuration.]({{< ref invoke-allowlist.md >}}) | +| api | N | Used to enable only the Dapr sidecar APIs used by the application. | [Learn more about the `api` configuration.]({{< ref api-allowlist.md >}}) | +| httpPipeline | N | Configure API middleware pipelines | [Middleware pipeline configuration overview]({{< ref "configuration-overview.md#middleware" >}})
[Learn more about the `httpPipeline` configuration.]({{< ref "middleware.md#configure-api-middleware-pipelines" >}}) | +| appHttpPipeline | N | Configure application middleware pipelines | [Middleware pipeline configuration overview]({{< ref "configuration-overview.md#middleware" >}})
[Learn more about the `appHttpPipeline` configuration.]({{< ref "middleware.md#configure-app-middleware-pipelines" >}}) | +| components | N | Used to specify a denylist of component types that can't be initialized. | [Learn more about the `components` configuration.]({{< ref "configuration-overview.md#disallow-usage-of-certain-component-types" >}}) | +| features | N | Defines the preview features that are enabled/disabled. | [Learn more about the `features` configuration.]({{< ref preview-features.md >}}) | +| logging | N | Configure how logging works in the Dapr runtime. | [Learn more about the `logging` configuration.]({{< ref "configuration-overview.md#logging" >}}) | +| metrics | N | Enable or disable metrics for an application. | [Learn more about the `metrics` configuration.]({{< ref "configuration-overview.md#metrics" >}}) | +| nameResolution | N | Name resolution configuration spec for the service invocation building block. | [Learn more about the `nameResolution` configuration per components.]({{< ref supported-name-resolution.md >}}) | +| secrets | N | Limit the secrets to which your Dapr application has access. | [Learn more about the `secrets` configuration.]({{< ref secret-scope.md >}}) | +| tracing | N | Turns on tracing for an application. | [Learn more about the `tracing` configuration.]({{< ref "configuration-overview.md#tracing" >}}) | + + +## Control-plane format + +The `daprsystem` configuration file installed with Dapr applies global settings and is only set up when Dapr is deployed to Kubernetes. + +```yml +apiVersion: dapr.io/v1alpha1 +kind: Configuration +metadata: + name: daprsystem + namespace: default +spec: + mtls: + enabled: true + allowedClockSkew: 15m + workloadCertTTL: 24h +``` + +### Spec fields + +| Field | Required | Details | Example | +|--------------------|:--------:|---------|---------| +| mtls | N | Defines the mTLS configuration | `allowedClockSkew: 15m`
`workloadCertTTL:24h`
[Learn more about the `mtls` configuration.]({{< ref "configuration-overview.md#mtls-mutual-tls" >}}) | + ## Related links