Configure the Dapr extension for your Azure Kubernetes Service (AKS) and Arc-enabled Kubernetes project
Once you've created the Dapr extension, you can configure the Dapr extension to work best for you and your project using various configuration options, like:
- Limiting which of your nodes use the Dapr extension
- Setting automatic CRD updates
- Configuring the Dapr release namespace
The extension enables you to set Dapr configuration options by using the --configuration-settings
parameter. For example, to provision Dapr with high availability (HA) enabled, set the global.ha.enabled
parameter to true
:
az k8s-extension create --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name dapr \
--extension-type Microsoft.Dapr \
--auto-upgrade-minor-version true \
--configuration-settings "global.ha.enabled=true" \
--configuration-settings "dapr_operator.replicaCount=2"
Note
If configuration settings are sensitive and need to be protected, for example cert related information, pass the --configuration-protected-settings
parameter and the value will be protected from being read.
If no configuration-settings are passed, the Dapr configuration defaults to:
ha:
enabled: true
replicaCount: 3
disruption:
minimumAvailable: ""
maximumUnavailable: "25%"
prometheus:
enabled: true
port: 9090
mtls:
enabled: true
workloadCertTTL: 24h
allowedClockSkew: 15m
For a list of available options, see Dapr configuration.
Limit the extension to certain nodes
In some configurations, you may only want to run Dapr on certain nodes. You can limit the extension by passing a nodeSelector
in the extension configuration. If the desired nodeSelector
contains .
, you must escape them from the shell and the extension. For example, the following configuration will install Dapr to only nodes with topology.kubernetes.io/zone: "us-east-1c"
:
az k8s-extension create --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name dapr \
--extension-type Microsoft.Dapr \
--auto-upgrade-minor-version true \
--configuration-settings "global.ha.enabled=true" \
--configuration-settings "dapr_operator.replicaCount=2" \
--configuration-settings "global.nodeSelector.kubernetes\.io/zone: us-east-1c"
For managing OS and architecture, use the supported versions of the global.daprControlPlaneOs
and global.daprControlPlaneArch
configuration:
az k8s-extension create --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name dapr \
--extension-type Microsoft.Dapr \
--auto-upgrade-minor-version true \
--configuration-settings "global.ha.enabled=true" \
--configuration-settings "dapr_operator.replicaCount=2" \
--configuration-settings "global.daprControlPlaneOs=linux” \
--configuration-settings "global.daprControlPlaneArch=amd64”
Install Dapr in multiple availability zones while in HA mode
By default, the placement service uses a storage class of type standard_LRS
. It is recommended to create a zone redundant storage class
while installing Dapr in HA mode across multiple availability zones. For example, to create a zrs
type storage class:
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: custom-zone-redundant-storage
provisioner: disk.csi.azure.com
reclaimPolicy: Delete
allowVolumeExpansion: true
volumeBindingMode: WaitForFirstConsumer
parameters:
storageaccounttype: Premium_ZRS
When installing Dapr, use the above storage class:
az k8s-extension create --cluster-type managedClusters
--cluster-name XXX
--resource-group XXX
--name XXX
--extension-type Microsoft.Dapr
--auto-upgrade-minor-version XXX
--version XXX
--configuration-settings "dapr_placement.volumeclaims.storageClassName=custom-zone-redundant-storage"
Configure the Dapr release namespace
You can configure the release namespace. The Dapr extension gets installed in the dapr-system
namespace by default. To override it, use --release-namespace
. Include the cluster --scope
to redefine the namespace.
az k8s-extension create \
--cluster-type managedClusters \
--cluster-name dapr-aks \
--resource-group dapr-rg \
--name my-dapr-ext \
--extension-type microsoft.dapr \
--release-train stable \
--auto-upgrade false \
--version 1.9.2 \
--scope cluster \
--release-namespace dapr-custom
Learn how to configure the Dapr release namespace if you already have Dapr installed.
Show current configuration settings
Use the az k8s-extension show
command to show the current Dapr configuration settings:
az k8s-extension show --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name dapr
Update configuration settings
Important
Some configuration options cannot be modified post-creation. Adjustments to these options require deletion and recreation of the extension, applicable to the following settings:
global.ha.*
dapr_placement.*
HA is enabled by default. Disabling it requires deletion and recreation of the extension.
To update your Dapr configuration settings, recreate the extension with the desired state. For example, assume we've previously created and installed the extension using the following configuration:
az k8s-extension create --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name dapr \
--extension-type Microsoft.Dapr \
--auto-upgrade-minor-version true \
--configuration-settings "global.ha.enabled=true" \
--configuration-settings "dapr_operator.replicaCount=2"
To update the dapr_operator.replicaCount
from two to three, use the following command:
az k8s-extension create --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name dapr \
--extension-type Microsoft.Dapr \
--auto-upgrade-minor-version true \
--configuration-settings "global.ha.enabled=true" \
--configuration-settings "dapr_operator.replicaCount=3"
Set the outbound proxy for Dapr extension for Azure Arc on-premises
If you want to use an outbound proxy with the Dapr extension for AKS, you can do so by:
- Setting the proxy environment variables using the
dapr.io/env
annotations:HTTP_PROXY
HTTPS_PROXY
NO_PROXY
- Installing the proxy certificate in the sidecar.
Updating your Dapr installation version
If you are on a specific Dapr version and you don't have --auto-upgrade-minor-version
available, you can use the following command to upgrade or downgrade Dapr:
az k8s-extension update --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name dapr \
--version 1.12.0 # Version to upgrade or downgrade to
The preceding command updates the Dapr control plane only. To update the Dapr sidecars, restart your application deployments:
kubectl rollout restart deploy/<DEPLOYMENT-NAME>
Using Azure Linux-based images
From Dapr version 1.8.0, you can use Azure Linux images with the Dapr extension. To use them, set theglobal.tag
flag:
az k8s-extension update --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name dapr \
--set global.tag=1.10.0-mariner
- Learn more about using Mariner-based images with Dapr.
- Learn more about deploying AzureLinux on AKS.
Disable automatic CRD updates
With Dapr version 1.9.2, CRDs are automatically upgraded when the extension upgrades. To disable this setting, you can set hooks.applyCrds
to false
.
az k8s-extension update --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name dapr \
--configuration-settings "hooks.applyCrds=false"
Note
CRDs are only applied in case of upgrades and are skipped during downgrades.
Meet network requirements
The Dapr extension for AKS and Arc for Kubernetes requires outbound URLs on https://:443
to function. In addition to the https://mcr.microsoft.com/daprio
URL for pulling Dapr artifacts, verify you've included the outbound URLs required for AKS or Arc for Kubernetes.
Next Steps
Once you have successfully provisioned Dapr in your AKS cluster, try deploying a sample application.
Feedback
Submit and view feedback for