dapr icon indicating copy to clipboard operation
dapr copied to clipboard

Published 20 hours ago verified publisher icon dapr

Configuration CRD mtls required fields

Open artyom-p opened this issue 5 months ago • 2 comments

In what area(s)?

/area operator

What version of Dapr?

1.15.4

Expected Behavior

Our DAPR installation is configured not to use mtls:

dapr helm chart values:

mtls:
  enabled: false

Dapr configuration CRD also has the same flag:

apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
  name: my-dapr-config
spec:
  mtls:
    enabled: false

Expected - no mtls configuration.

Actual Behavior

After upgrading to 1.15 I see that CRD definition for Configuration changed, and now two more fields are defined as required.

 mtls:
  description: MTLSSpec defines mTLS configuration.
  properties:
    allowedClockSkew:
      type: string
    controlPlaneTrustDomain:
      type: string
    enabled:
      type: boolean
    sentryAddress:
      type: string
    ...
    workloadCertTTL:
      type: string
  required:
  - controlPlaneTrustDomain
  - enabled
  - sentryAddress
  type: object

We are not able to create configuration without specifying those required fields:

dry-run failed (Invalid): Configuration.dapr.io "my-dapr-config" is invalid: [spec.mtls.controlPlaneTrustDomain: Required value, spec.mtls.sentryAddress: Required value]

Is it by design that sentryAddress and controlPlaneTrustDomain need to be specified even if mtls is set to false?

artyom-p avatar May 15 '25 12:05 artyom-p

Hi @artyom-p, indeed this field is required because setting mtls to false, still means that the dapr control plane will control to use mtls with each other, as well as daprd sidecars. They therefore need to know the mTLS configuration to connect to the control plane.

Which version of dapr are you upgrading from? Have you upgraded the dapr CRDs as part of the upgrade as well?

kubectl replace -f https://raw.githubusercontent.com/dapr/dapr/release-1.15/charts/dapr/crds/configuration.yaml

JoshVanL avatar May 16 '25 00:05 JoshVanL

Ok, got it, im upgrading from 1.14 and yes I have latest crds installed

artyom-p avatar May 16 '25 07:05 artyom-p

This issue has been automatically marked as stale because it has not had activity in the last 90 days. It will be closed in the next 7 days unless it is tagged (pinned, good first issue, help wanted or triaged/resolved) or other activity occurs. Thank you for your contributions.

dapr-bot avatar Aug 14 '25 07:08 dapr-bot

This issue has been automatically closed because it has not had activity in the last 97 days. If this issue is still valid, please ping a maintainer and ask them to label it as pinned, good first issue, help wanted or triaged/resolved. Thank you for your contributions.

dapr-bot avatar Aug 21 '25 07:08 dapr-bot