Configure the Dapr extension for your Azure Kubernetes Service (AKS) and Arc-enabled Kubernetes project

Article
10/18/2023

Once you've created the Dapr extension, you can configure the Dapr extension to work best for you and your project using various configuration options, like:

Limiting which of your nodes use the Dapr extension
Setting automatic CRD updates
Configuring the Dapr release namespace

The extension enables you to set Dapr configuration options by using the --configuration-settings parameter. For example, to provision Dapr with high availability (HA) enabled, set the global.ha.enabled parameter to true:

az k8s-extension create --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name dapr \
--extension-type Microsoft.Dapr \
--auto-upgrade-minor-version true \
--configuration-settings "global.ha.enabled=true" \
--configuration-settings "dapr_operator.replicaCount=2"

Note

If configuration settings are sensitive and need to be protected, for example cert related information, pass the --configuration-protected-settings parameter and the value will be protected from being read.

If no configuration-settings are passed, the Dapr configuration defaults to:

  ha:
    enabled: true
    replicaCount: 3
    disruption:
      minimumAvailable: ""
      maximumUnavailable: "25%"
  prometheus:
    enabled: true
    port: 9090
  mtls:
    enabled: true
    workloadCertTTL: 24h
    allowedClockSkew: 15m

For a list of available options, see Dapr configuration.

Limit the extension to certain nodes

In some configurations, you may only want to run Dapr on certain nodes. You can limit the extension by passing a nodeSelector in the extension configuration. If the desired nodeSelector contains ., you must escape them from the shell and the extension. For example, the following configuration will install Dapr to only nodes with topology.kubernetes.io/zone: "us-east-1c":

az k8s-extension create --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name dapr \
--extension-type Microsoft.Dapr \
--auto-upgrade-minor-version true \
--configuration-settings "global.ha.enabled=true" \
--configuration-settings "dapr_operator.replicaCount=2" \
--configuration-settings "global.nodeSelector.kubernetes\.io/zone=us-east-1c"

For managing OS and architecture, use the supported versions of the global.daprControlPlaneOs and global.daprControlPlaneArch configuration:

az k8s-extension create --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name dapr \
--extension-type Microsoft.Dapr \
--auto-upgrade-minor-version true \
--configuration-settings "global.ha.enabled=true" \
--configuration-settings "dapr_operator.replicaCount=2" \
--configuration-settings "global.daprControlPlaneOs=linux” \
--configuration-settings "global.daprControlPlaneArch=amd64”

Install Dapr in multiple availability zones while in HA mode

By default, the placement service uses a storage class of type standard_LRS. It is recommended to create a zone redundant storage class while installing Dapr in HA mode across multiple availability zones. For example, to create a zrs type storage class:

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: custom-zone-redundant-storage
provisioner: disk.csi.azure.com
reclaimPolicy: Delete
allowVolumeExpansion: true
volumeBindingMode: WaitForFirstConsumer
parameters:
  storageaccounttype: Premium_ZRS

When installing Dapr, use the above storage class:

az k8s-extension create --cluster-type managedClusters  
--cluster-name XXX  
--resource-group XXX  
--name XXX  
--extension-type Microsoft.Dapr  
--auto-upgrade-minor-version XXX  
--version XXX  
--configuration-settings "dapr_placement.volumeclaims.storageClassName=custom-zone-redundant-storage"

Configure the Dapr release namespace

You can configure the release namespace. The Dapr extension gets installed in the dapr-system namespace by default. To override it, use --release-namespace. Include the cluster --scope to redefine the namespace.

az k8s-extension create \
--cluster-type managedClusters \
--cluster-name dapr-aks \
--resource-group dapr-rg \
--name my-dapr-ext \
--extension-type microsoft.dapr \
--release-train stable \
--auto-upgrade false \
--version 1.9.2 \
--scope cluster \
--release-namespace dapr-custom

Learn how to configure the Dapr release namespace if you already have Dapr installed.

Show current configuration settings

Use the az k8s-extension show command to show the current Dapr configuration settings:

az k8s-extension show --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name dapr

Update configuration settings

Important

Some configuration options cannot be modified post-creation. Adjustments to these options require deletion and recreation of the extension, applicable to the following settings:

global.ha.*
dapr_placement.*

HA is enabled by default. Disabling it requires deletion and recreation of the extension.

To update your Dapr configuration settings, recreate the extension with the desired state. For example, assume we've previously created and installed the extension using the following configuration:

az k8s-extension create --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name dapr \
--extension-type Microsoft.Dapr \
--auto-upgrade-minor-version true \  
--configuration-settings "global.ha.enabled=true" \
--configuration-settings "dapr_operator.replicaCount=2"

To update the dapr_operator.replicaCount from two to three, use the following command:

az k8s-extension create --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name dapr \
--extension-type Microsoft.Dapr \
--auto-upgrade-minor-version true \
--configuration-settings "global.ha.enabled=true" \
--configuration-settings "dapr_operator.replicaCount=3"

Set the outbound proxy for Dapr extension for Azure Arc on-premises

If you want to use an outbound proxy with the Dapr extension for AKS, you can do so by:

Setting the proxy environment variables using the dapr.io/env annotations:
- HTTP_PROXY
- HTTPS_PROXY
- NO_PROXY
Installing the proxy certificate in the sidecar.

Updating your Dapr installation version

If you are on a specific Dapr version and you don't have --auto-upgrade-minor-version available, you can use the following command to upgrade or downgrade Dapr:

az k8s-extension update --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name dapr \
--version 1.12.0 # Version to upgrade or downgrade to

The preceding command updates the Dapr control plane only. To update the Dapr sidecars, restart your application deployments:

kubectl rollout restart deploy/<DEPLOYMENT-NAME>

Using Azure Linux-based images

From Dapr version 1.8.0, you can use Azure Linux images with the Dapr extension. To use them, set theglobal.tag flag:

az k8s-extension update --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name dapr \
--set global.tag=1.10.0-mariner

Disable automatic CRD updates

With Dapr version 1.9.2, CRDs are automatically upgraded when the extension upgrades. To disable this setting, you can set hooks.applyCrds to false.

az k8s-extension update --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name dapr \
--configuration-settings "hooks.applyCrds=false"

Note

CRDs are only applied in case of upgrades and are skipped during downgrades.

Meet network requirements

The Dapr extension for AKS and Arc for Kubernetes requires the following outbound URLs on https://:443 to function:

https://mcr.microsoft.com/daprio URL for pulling Dapr artifacts.
https://linuxgeneva-microsoft.azurecr.io/ URL for pulling some Dapr dependencies.
The outbound URLs required for AKS or Arc for Kubernetes.

Next Steps

Once you have successfully provisioned Dapr in your AKS cluster, try deploying a sample application.