Dapr
Conductor provides full visibility into both the Dapr control plane and the Dapr data plane (sidecars) running in each of your connected clusters. In addition to the observability and monitoring capabilities, Conductor can be configured to coordinate and execute a variety of Dapr operational tasks, alleviating the burden of Dapr OSS management while providing all of the necessary insights to troubleshoot any challenges that may arise.
Conductor Enterprise allows you to configure the below settings as part of the cluster connection create process; These settings can be modified at any point after the cluster has been successfully onboarded to Conductor.
The Conductor Free plan only supports a subset of Dapr configuration including:
- Performing Dapr installation/upgrades
- Enabling application rollouts
- Reverting Dapr version upgrades
Enable Dapr installation and/or upgrade
The Dapr control plane can be installed before or after connecting your cluster to Conductor.
During the cluster onboarding process, you can configure the Conductor agent to do one of the following after it is successfully deployed:
- Perform a fresh install of the Dapr control plane in the target cluster
- Manage the existing Dapr control plane installation present in the cluster and upgrade to a later version if available
Existing Dapr installations that were deployed using a sub-chart of a parent Helm chart can not be managed by the Conductor agent and therefore unsupported in Conductor.
Conductor supports the three latest major versions, four latest minor versions, and a select number of patch versions for Dapr. By default, Conductor will target the latest available Dapr version and install it in the dapr-system
namespace.
If you choose to offload Dapr management to Conductor, a set of additional Dapr settings will be available to customize how Conductor and the Dapr control plane interact. Optionally, you can choose to forego Dapr control plane management in Conductor, opting to perform Dapr management activities yourself (not recommended).
Perform managed application rollout
When the Conductor agent triggers any upgrade or downgrade of the Dapr control plane version in the cluster, an application rollout must be performed to ensure all Dapr sidecars in the data plane are restarted to match the new control plane version.
By enabling the rollout feature, no manual application restarts are required as Conductor will perform a rolling restart of all Dapr-enabled apps in the cluster.
Customize Control Plane deployment (Enterprise-only)
Customizing the Control Plane deployment is only available in Conductor Enterprise.
Conductor uses Helm to deploy and manage Dapr in the connected cluster. Two profiles of predefined Dapr Helm chart arguments are offered for you to select from, both of which can be customized. These profiles are pre-populated by Diagrid with recommended values based on extensive experience running Dapr at scale.
- Dev profile deploys a configuration of Dapr with MTLS enabled but without a Highly Available (HA) control plane.
- Prod profile deploys Dapr with settings suitable for a production environment.
You can set custom certificates for the Dapr upgrade using Helm values.
dapr_sentry:
tls:
root:
certPEM: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
issuer:
certPEM: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
keyPEM: |
-----BEGIN EC PRIVATE KEY-----
...
-----END EC PRIVATE KEY-----
If you are onboarding a cluster with ARM-based machines, or a combination of ARM and x86 nodes, you likely need to set a specific toleration within the control plane helm manifest. See Install Conductor on ARM Cluster
Enable Dapr configuration reconciliation (Enterprise-only)
In addition to installing and upgrading Dapr via Conductor, you can also configure Conductor to detect Dapr configuration drift and reconcile Dapr Helm settings in the connected cluster to match the desired state configuration defined in Conductor. By enabling this feature, any changes to Dapr control plane configuration made outside of Conductor will be overriden as part of the reconciliation process.
Enable Certificate Rotation (Enterprise-only)
Use Conductor's automatic certificate rotation feature to delegate the responsibility of managing Dapr's mTLS certificates entirely to Conductor, avoiding any downtime for the Dapr control plane and your applications.
Conductor will perform the certificate rotation and orchestrate the rollout of the Dapr control plane and your applications based on the renewal frequency and renewal window specified. If the feature is enabled, but no renewal frequency is set, the Dapr mTLS certificates will be automatically rotated after the default expiry period of 1 year.
If there is no suitable time matching the renewal window between the time it is configured and the expiry of the certificate, Conductor will rotate the certificate using its default renewal offset.
Perform Dapr upgrades
The Conductor console provides several visual notifications when an upgrade is available for a cluster's Dapr control plane. For an in-depth guide on upgrading Dapr on a connected cluster, visit the upgrade dapr guide.
When the control plane has been successfully updated, that does not automatically ensure all of the sidecars are restarted with the latest version. If you haven’t opted to rollout all applications during a Dapr upgrade via the cluster connection configuration, you can manually trigger a rollout of one or more apps via the console.
View Dapr control plane configuration (Enterprise-only)
To view a cluster's current Dapr settings in Conductor, you can use the action menu provided on both the Cluster List
view and the Cluster details
view. Clicking Desired Dapr Settings
will provide details regarding the current version, application rollout behavior and helm values as specified in Conductor.
You can also use this menu to quickly view the contents of the Dapr control plane configuration file in your cluster which is where settings like mtls, api logging and tracing are configured.
Edit Dapr control plane configuration (Enterprise-only)
To modify Dapr configuration values after a cluster has been onboarded to Conductor, use the Edit Cluster Connection
button on the Cluster overview.
Revert Dapr control plane settings
If a Dapr control plane change is made through Conductor that leads to unexpected behavior in a connected cluster, there is an option to revert to the previously applied control plane configuration. The revert functionality will only appear if a user has the appropriate RBAC permissions and one or more Dapr control plane changes have been made through Conductor.
When the revert option is available for a cluster, you will be able to view the current and previous Dapr control plane configuration versions and determine to proceed with the rollback process.
Condctor does not keep a version log of all Dapr changes applied to a cluster, but does store the n-1 configuration settings, where n represents the current cluster configuration.
For Conductor Free, revert will only allow you to rollback Dapr upgrades.