Dapr Management in Kubernetes
This skill covers the setup and stabilization of Dapr within a Kubernetes cluster (specifically Minikube/local environments).
Core Concepts
1. Security (mTLS)
Dapr sidecars require a Configuration resource to successfully initialize mTLS. Without this, you may see PermissionDenied errors during sidecar startup.
Essential appconfig.yaml:
yaml
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
name: appconfig
spec:
mtls:
enabled: true
workloadCertTTL: 24h
allowedClockSkew: 15m
tracing:
samplingRate: "1"
zipkin:
endpointAddress: "http://jaeger-collector.default.svc.cluster.local:9411/api/v2/spans"
2. Sidecar Injection
Ensure deployments have the correct annotations. On resource-constrained nodes, it is critical to increase the sidecar probe delays.
Deployment Annotations:
yaml
annotations: dapr.io/enabled: "true" dapr.io/app-id: "my-service" dapr.io/app-port: "8000" dapr.io/config: "appconfig" # Crucial for slow-starting nodes dapr.io/sidecar-liveness-probe-delay-seconds: "120" dapr.io/sidecar-readiness-probe-delay-seconds: "60"
3. Component Stabilization
- •State Store: If Redis is unavailable, use
state.in-memoryto avoid sidecar crashes. - •PubSub: Use Kafka (Strimzi) for reliable distributed messaging.
Troubleshooting
- •Sidecar CrashLoopBackOff: Check the
daprdcontainer logs. If it saysfailed to get configuration, verify theappconfigresource exists in the namespace. - •Connection Refused: If the sidecar can't find the app, ensure the application is binding to
0.0.0.0(not127.0.0.1).