Dapr 1.11

We're happy to announce the release of Dapr 1.11!

We would like to extend our thanks to all the new and existing contributors who helped make this release happen.

If you're new to Dapr, visit the getting started page and familiarize yourself with Dapr.

Docs have been updated with all the new features and changes of this release. To get started with new capabilities introduced in this release, go to the Concepts and the Developing applications pages.

Note: This release contains a few breaking changes.

See the upgrading section for instructions on upgrading Dapr to version 1.11.

Acknowledgements

Thanks to everyone who made this release possible!

@AaronCrawfis, @abhi314e, @abossard, @AdamKorcz, @addjuarez, @alicejgibbons, @artursouza, @ASHIQUEMD, @berndverst, @binnn6, @bruth, @cciobanu98, @cgillum, @champel, @cmoulliard, @codefromthecrypt, @DeepanshuA, @dmutterSF, @drewby, @ehalsey, @fernandosmither, @filintod, @Flern, @gaofeihang, @greenie-msft, @handlerww, @hhunter-ms, @HiltonGiesenow, @hunter007, @iamnicoj, @ItalyPaleAle, @jackycsl, @JaimeStill, @JaydipGabani, @jjcollinge, @JoshVanL, @Juneezee, @k0da, @KarlisAG, @kayayarai, @kubemq, @kushalnl7, @LaurenceLiZhixin, @leepa, @letmerecall, @liu-song, @louisquach, @macel94, @MatejNedic, @matzew, @mcandeia, @mdarii, @MregXN, @msfussell, @mukundansundar, @naah69, @NickLarsenNZ, @nponraj, @nyemade-uversky, @obenarchid, @owainow, @owenchenxy, @ParrySMS, @paulyuk, @philliphoff, @pimmerks, @pravinpushkar, @riverar, @robertojrojas, @rosdi, @RyanLettieri, @ryou90, @sab-codes, @salmankhan-prs, @sarsharma, @serpentfabric, @shivamkm07, @shivanisinghnitp, @shubham1172, @sicoyle, @SoTrx, @SpikeWong, @stuartleeks, @sunzhaochang, @Taction, @taenyang, @tanopanta, @tharun634, @thombrn, @ThorstenHans, @tianyax, @timcallaghan, @tmacam, @tomkerkhove,@tottoto, @Vishal07051999, @wolvever, @worming004, @wralith, @XavierGeerinck, @xclayl, @yaron2, @yash-nisar, @ZhangSetSail

*** Questions - These need docs? ***
- https://github.com/dapr/dapr/issues/6031 - Does this need Docs and breaking change?

Highlights

These are the v1.11 release highlights:

Configuration API is now v1 stable

• The configuration building block is now a v1 stable API including the APIs in all SDKs. Read more on the Configuration API reference docs. Stable APIs are non-breaking in future versions and change go through versioning. Read more on versioning

Service Invocation can now call non-Dapr endpoints (preview feature)

• This release extended service invocation to be able to call non-Dapr endpoints. For example:
  • You may choose to only use Dapr in part of your overall application, including brownfield development.
  • You may not have access to the code to migrate an existing application to use Dapr.
  • You want Dapr features like resiliency policies and observability applied to non-Dapr service calls.
  • You need to call an external HTTP service.
• For more information read How-To: Invoke Non-Dapr Endpoints using HTTP

Dapr Workflow updates (preview feature)

• Workflow had several updates including
  • You now have the ability to pause, restart and purge workflows in the management API.
  • You can now have a workflow wait on an external event for example a person responding to a request.
  • The Python SDK now supports Dapr Workflow along with the .NET SDK.
• Note In this release there have been breaking changes to the Workflow APIs. For example workflow instanceID is now supplied as a query parameter when starting a workflow You can read more on the workflow APIs here

Cryptography building block (preview feature)

• A new alpha cryptography building block has been introduced to enable the enryption and decryption of data using key information.
  With the cryptography building block, you can leverage cryptography in a safe and consistent way.
  Dapr exposes APIs that allows you to perform operations, such as encrypting and decrypting messages, within the Dapr sidecar, without exposing cryptographic keys to your application.
• There are also alpha cryptography components that you can use with the building block.
• Try out the cryptography quickstart to see this in action.

Choice of Dapr sidecar build variations: all components or stable components only

• From this release there are two built versions of dapr available
  • The default image contains all components which is the same as has been done for all release to date.
  • A new variation containing only stable components, using the stablecomponents tag.

Dapr dashboard no longer installed with control plane

• The Dapr dashboard is no longer installed by default with the Dapr control plane when installing via Helm. To install the dashboard, use the new dapr-dashboard chart:

sh helm repo add dapr https://dapr.github.io/helm-charts/ helm repo update kubectl create namespace dapr-system helm install dapr dapr/dapr-dashboard --namespace dapr-system

• When using dapr init or dapr init -k with Dapr CLI, the Dapr Dashboard is still installed. On Kubernetes, it will automatically use the new dapr-dashboard Helm chart.

Windows Server 2022 container images

Dapr 1.11 offers container images for Windows Server 2022, using the windows-ltsc2022 tag. This is in addition to the images based on Windows Server 1809.

App channel supports HTTP/2 and HTTP/2 Cleartext

In Dapr 1.11, the CLI flag --app-protocol can now assume 3 more values in addition to http and grpc:

• https and grpcs use HTTP and gRPC, respectively, but enable TLS.

Note: With Dapr 1.11, using --app-protocol=https and --app-protocol=grpcs is preferred to the previous option of setting --app-ssl=true (which is still supported but considered deprecated).

• h2c is a new value that configures Dapr to connect to your app using HTTP/2 Cleartext.

Using HTTP/2 (including HTTP/2 Cleartext) can offer noticeable performance benefits when Dapr communicates with your app. It requires your app to expose a HTTP/2-capable server.

Multi-app run improved output

• You can now write app logs to the console as well as to a local log file with multi-app run command dapr run -f .

Actor State TTL (preview)

A new preview feature enables a TTL on actor state which enables you to have the state automatically removed after a certain time

Metrics

• Metrics for actor reminders and timers are now reported
• Metrics for resiliency policies are now reported

Preview Features now stable

The following features are now stable, having been in preview for at least 2 releases.
- App Health Checks is now stable, changing the default HTTP healthcheck path to /healthz 6217

Component updates

New Components

There are now over 100+ components in Dapr (115 in total). New components added in this release:

• Bindings:
  • WASM (alpha)
  • Kitex (alpha)
• State stores:
  • etcd (beta)
• Cryptography:
  • Azure Key Vault (alpha)
  • Local storage (Built-in cryptographic engine) (alpha)
  • JWKS (Built-in cryptographic engine)(alpha)
  • Kubernetes Secrets (Built-in cryptographic engine)(alpha)

Azure components authentication improvements

Starting with Dapr 1.11, support for authenticating with Azure AD has been added to these components:

• Azure Storage Queues binding
• SQL Server (Azure SQL) state store

Additionally, all Azure components that support Azure AD now support authentication using:

• Azure AD Workload Identity on Kubernetes
• Credentials from the Azure CLI, useful for local development and testing

Support for TTLs has been added to the following state stores

• Azure CosmosDB
• CockroachDB
• MongoDB
• MySQL and MariaDB
• SQL Server (Azure SQL)

Component stabilization

This release focused on preparing more components for beta and stable designation. This means certification tests are added and quality issues are addressed. Read component certification lifecycle for details.

The following components are now stable
- Bindings:
- AWS S3
- Middlewares:
- Rate limit
- OpenID Connect (bearer token)
- PubSub:
- GCP Pub/Sub
- State stores:
- GCP Firestore
- SQLite
- Configuration stores:
- PostgreSQL
- Redis

Removed Components

The following components that were deprecated in a previous version of Dapr have been removed from Dapr 1.11:

• Bindings:
• Twitter
• PubSub:
• Hazelcast

SDK Improvements

Java SDK

• FIXED DaprGrpcClient making blocking calls. 787

.Net SDK

• ADDED Support for suspending, resuming, and raising events to workflows 1052

Python SDK

• ADDED Support for Dapr Workflow management 542
• ADDED New Dapr Workflow authoring SDK dapr-ext-workflow 559

Javascript SDK

• UPDATED Configuration API to use v1 endpoint 496
• ADDED Support for cryptography APIs 491

Go SDK

• ADDED Support for cryptography APIs 387

CLI

Multi-app run can now write to multiple outputs including the console

• You can now write log to the console as well as to a local log file with multi-app run command

Set Dapr to talk to non-localhost addresses

• By setting the --app-channel-address flag, you can instruct Dapr to send all events to the configured address

Support multiple resource paths

• You can now provide multiple resource paths. Example: dapr run --resources-path ./mycomponents --resources-path ./mysubscriptions

Quickstarts Improvements

New Quickstarts

The following new Quickstarts have been added
- Configuration (Go)
- Actors quickstart (C#)
- Workflow quickstart (Python)
- Cryptography quickstarts (Go and JavaScript)

Updates

• All quickstarts snap to the latest SDKs
• Numerous quality improvements and fixes

Next Steps

If you're new to Dapr, visit the getting started page and familiarize yourself with Dapr.

Docs have been updated with all the new features and changes of this release. To get started with new capabilities introduced in this release, go to the Concepts and the Developing applications.

Note: This release contains a few breaking changes.

See this section on upgrading Dapr to version 1.11.0.

New in this release

Dapr Runtime

• ADDED Multiple build variations of Dapr sidecar: stablecomponents and allcomponents 3168 6465
• ADDED Kubernetes labels dapr.io/sidecar-injected and dapr.io/app-id when Dapr sidecar is injected 4366 6275
• ADDED Extend Service invocation to non-Dapr endpoints 4549
• UPDATED Dapr Dashboard has been moved from dapr Helm chart to a new dapr-dashboard chart 4724
• FIXED Distinguish between retrialable and non-retriable errors when publishing messages with pubsub 5136
• UPDATED Make Configuration API stable 5522
• FIXED Dapr Operator uses lots of memory when there are lots of pods that aren't Dapr-enabled 5693
• ADDED Accept traceparent for incoming CloudEvent 5757
• ADDED Ingress template for the dashboard helm chart 5778
• UPDATED Use ERR_OUTBOUND_HEALTH_NOT_READY for Dapr's outbound health error 5813
• ADDED Option to Operator to disable the reconciler for Services 5896
• ADDED Dynamic allowed service accounts watcher for injector 5898
• ADDED Dynamic watch for serviceaccount UIDs so injector can inject sidecar created by a synced serviceaccount from a virtual cluster 5906
• ADDED Support for multiple --resources-path flags on daprd 5909
• ADDED When the port for the internal gRPC server is unset, return a "stable" value for better local developer experience 5914
• ADDED Support for seccompProfile in Dapr sidecar via injector 5916
• ADDED Option to skip installing the Dapr Sidecar Injector with Helm charts 5926
• FIXED Sentry to preserve original secret metadata 5930
• ADDED Pluggable components injector 5935
• UPDATED Granularity on resiliency metrics 5939
• FIXED Reduced memory consumption in Dapr Operator cache 5944
• FIXED Allow trace header propagation without trace exporting 5967
• ADDED API denylist to Dapr config, complementing API allowlist 5977
• ADDED Publishing Docker images based on Windows 2022 5999
• ADDED Support for multiple workflow apps in a single cluster 6013
• FIXED Create/delete reminder throwing "possible etag mismatch" after enabling resiliency 6018
• FIXED Dapr returns 200 response instead of 302 for application redirect (version 1.10.2) 6028
• ADDED Support Min TLS Version via Configuration 6031
• ADDED Metrics for Actor reminder and timer 6032
• ADDED Support for Argo Rollouts Controller 6034
• FIXED Panic when subscriber listen message in Redis 6036
• ADDED New workflow APIs:
• Pause and Resume 6042
• Purge 6043
• Support for Raise Event 6045
• UPDATED Enforce minimum TLS version 1.2 for communication between internal Dapr services and sidecars 6069 6077 6094
• UPDATED Enforce minimum TLS version to 1.2 for HTTP and gRPC app channels 6078
• FIXED Bulk pubsub subscriber panics when tracing is disabled 6099
• FIXED Service invocation not forwarding multiple headers with same name from response 6104
• ADDED Ability to configure TTL in Actor State Store operations as a preview feature 6125 6400
• FIXED Alicloud tablestore is not registered in daprd 6138
• FIXED: Health checks do not work when using HTTPS for app channel 6141
• FIXED Workflows: actor ID should not use the # character (Workflows not working with Cosmos DB) 6156 6294
• FIXED Fixed: deleting a reminder should be a no-op when the reminder doesn't exist 6161 6387
• ADDED Option to disable Dapr Placement service 6173
• ADDED Allow setting OTEL endpoint with the OTEL_EXPORTER_OTLP_ENDPOINT env var 6176
• ADDED Allow overriding app channel address 6177
• ADDED High-level crypto APIs for gRPC and HTTP 6197
• ADDED https and h2c to app-protocol for better HTTP/2 support, and deprecate app-ssl 6205
• ADDED Case-insensitive parsing of metadata properties actorStateStore and keyPrefix 6206
• ADDED Azure Key Vault component for Crypto building block 6215
• UPDATED App Health Checks are stable (and change the default HTTP healthcheck path to /healthz) 6217
• FIXED Panic in bulk publish while unmarshalling incorrect cloudevent 6234
• FIXED HTTP Channel: Add "Content-Type" header only if not empty 6236
• FIXED Unsubscribe config api: response with incorrect subscriptionID 6272
• FIXED Connection leak problem of app callback gRPC client 6274
• FIXED Implement nil-check for CEL program in matchRoutingRule 6280
• ADDED App channel address is now configurable 6281
• ADDED dapr_http_server_response_count metric 6312
• FIXED Panic while decrypting empty value from state stores 6321
• FIXED State store: make BulkSet/BulkDelete not transactional in all state stores 6342
• ADDED dapr-http-max-request-size now applies to gRPC proxying too 6349 6353
• ADDED reinvocationPolicy: IfNeeded to Dapr Sidecar injector 6350
• FIXED Bulk pubsub subscriber panics when tracing is disabled 6360
• ADDED Namespace to Helm chart resources 6375
• FIXED RBAC permissions for operator-admin 6408
• FIXED Bulk subscription - sidecar crashes after first batch is delivered 6414
• FIXED Decoding slash in url 6418
• FIXED Bulk subscribe response when app replies back with some incorrect message 6420

Dapr CLI

• ADDED Add root name property to run file 1204
• UPDATED Log message to reflect the container runtime 1209
• ADDED DAPR_CONTAINER_RUNTIME env in addition to --container-runtime arg. 1210
• ADDED Support for multiple --resources-path flags 1216
• UPDATED Send merged STDOUT to console on dapr run -f 1238
• ADDED Option to initialise Dapr cluster with custom certificates 1239
• FIXED Enabling App Health Checks causes unexpected behaviour in dapr list 1241
• FIXED ~ does not resolve to home folder in in dapr run -f 1245
• ADDED Initialize Dapr dashboard from separate helm chart 1266
• ADDED Add new protocols to app-protocol, including HTTP/2 Cleartext, and deprecate app-ssl 1267
• FIXED Wrong target HTTP Unix Domain Socket 1271
• ADDED Allow app channel address to be passed via CLI 1281
• ADDED Add httpendpoint resource on dapr init -k 1285

Components

• Bindings:
• AWS SES:
  • Remove required checks for secretKey and accessKey 2698 2699
• Azure Service Bus:
  • Allow configuring message headers 2745
• Azure Storage Queues:
  • Added support for authentication with Azure AD 2600
  • Polling interval is now configurable 2602 2781
• GraphQL:
  • Add support for query variables 2517 2701
• HTTP:
  • Response timeout is now customizable 2540
  • Added support for mTLS 2765 2766
  • Added TLS renegotiation 2822
• KubeMQ:
  • Fixed panic and small production issues 2821
• RabbitMQ:
  • New reconnectWaitInSeconds metadata property 2565
  • Support for mTLS and external authentication with SASL 2656
• Redis:
  • Support GetDel operation 2661 2662
  • Support Increment Operation and TTL 2654
• State stores:
• All state stores:
  • Allow storing empty string values in all state stores 2722
  • Remove native/transactional BulkSet/BulkDelete support for consistency 2834
  • etag failures return the proper error on all components 2841
• AWS DynamoDB:
  • Added transaction support 2712 2809
• Azure Cosmos DB:
  • Add support for merge partitions 2824
• CockroachDB:
  • Added support for TTLs 2618
• MongoDB:
  • Added support for TTLs 2535
  • Can now connect to MongoDB using a connectionString metadata option 2659
  • Detect replica sets to improve error reporting and transaction support 2732
  • Improve BSON serialization to address issues with storing actor reminders 2837
• MySQL:
  • Added support for TTLs 2641
  • Improved BulkGet performance with native support 2762
• Oracle database:
  • Component is now beta, including many fixes 2702
• Redis:
  • Fixed handling of JSON in Multi 2734
• RethinkDB:
  • Disable (undocumented) transaction support that was not working correctly 2733
• SQL Server (Azure SQL):
  • Added support for authenticating with Azure AD 2790
  • Added support for TTLs 2682
  • Case-insensitive matching for database in connstring 2694
• SQLite:
  • Improved handling of concurrent access by multiple processes 2485 2717
• PubSub:
• Apache Pulsar
  • Add support for End-to-End encryption 2812 2531
  • Added partition support 2647
• Azure Service Bus components:
  • Allow configuring message headers 2745
• JetStream:
  • Fixed: Competing consumers pattern doesn't work in JetStream 2827 2835
• RabbitMQ:
  • Add support for priority queues 2029 2680
  • Support for external authentication with SASL 2515
  • Fixed exchange declare 2764 2836
• RocketMQ:
  • Add new configuration options for RocketMQ 2756 2811
• Middlewares:
• OAuth2:
  • Fixed: Oauth2 middleware adds Bearer token to request headers. 2615
• OpenID Connect (Bearer):
  • Multiple fixes for Bearer HTTP Middleware 2673
• Open Policy Agent (OPA):
  • Fixed: additional_headers not set on allowed requests 2713 2795
• WASM:
  • Changed config to url instead of path 2817
• Nameresolvers:
• Consul:
  • Consul nameresolver has been improved for performance and stability 2594
• Secret stores:
• Hashicorp Vault:
  • Fix vault prefix empty 2741
• Local env:
  • Adedd prefix metadata option 2761
• All Azure components now support Azure AD Workload Identity 1567 2655
• All Azure components can now authenticate using Azure AD with credentials from the Azure CLI, for local development 2469

.NET SDK

• UPDATED DurableTask SDK dependency to get ARM64 compatibility 1024
• UPDATED Improvements to Dapr Client APIs for Workflow 1027
• ADDED .NET Runtime Support Policy 1046
• ADDED Support for suspending, resuming, and raising events to workflows 1052
• UPDATED Rename WorkflowEngineClient to DaprWorkflowClient and added additional APIs. 1053
• UPDATED Config API to stable 1077
• ADDED Workflow Sample to Pause/Resume and Raise Event as part of workflow 1079
• FIXED Incorrect TaskFailedException is used when exceptions are thrown from workflow activities 1081
• ADDED Proper workflow retry support 1090
• REMOVED Obsolete attribute from config API classes 1098
• ADDED Workflow demo to how to 1099

Go SDK

• FIXED Create new client error 341
• CHANGED Switched router from gorilla/mux to chi 357
• ADDED gRPC options on gRPC server 366
• ADDED Support to set own gRPC server when calling NewService 400
• ADDED Support for app to use HTTP protocol with customized headers 404
• UPDATED Update Configuration API Subscribe method 388
• UPDATED Update client's configuration methods with stable config api 392
• ADDED Support for cryptography APIs (alpha) 387

Java SDK

• FIXED DaprGrpcClient making blocking calls. 787
• ADDED PubSub subscriber examples over gPRC 833
• UPDATED Config API to use stable endpoints. 846

Python SDK

• ADDED Async support for Python SDK (dapr.aio.clients.DaprClient) 90
• ADDED Support for Dapr Workflow management 542
• ADDED New Dapr Workflow authoring SDK dapr-ext-workflow 559
• CHANGED Configuration API now stable and implementation uses stable APIs 556
• FIXED RecursionError in conf settings class when accessing unimplemented settings 539

JavaScript SDK

• ADDED HTTP support for Distributed Locking 414
• ADDED Support for saveBulkState 433
• FIXED State query returns empty string instead of StateQueryResponseType 460
• ADDED Support for optional attributes in state management 475
• DEPRECATED createHTTPMetadataQueryParam in favor of createHTTPQueryParam 479
• UPDATED Configuration API to use stable endpoint 496
• ADDED Support for cryptography APIs (alpha) 491

Upgrading to Dapr 1.11

To upgrade to this release of Dapr, follow the steps here to ensure a smooth upgrade. You know, the one where you don't get red errors on the terminal.. we all hate that, right?

Local Machine / Self-hosted

Uninstall Dapr using the CLI you currently have installed. Note that this will remove the default $HOME/.dapr directory, binaries and all containers dapr_redis, dapr_placement and dapr_zipkin. Linux users need to run sudo if docker command needs sudo:

dapr uninstall --all

For RC releases like this, download the latest and greatest release from here and put the dapr binary in your PATH.

Once you have installed the CLI, run:

dapr init --runtime-version=1.11

Wait for the update to finish, ensure you are using the latest version of Dapr(1.11) with:

$ dapr --version

CLI version: 1.11
Runtime version: 1.11

Kubernetes

Upgrading from previous version

You can perform zero-downtime upgrades using both Helm 3 and the Dapr CLI.

Upgrade using the CLI

Download the latest RC release from here and put the dapr binary in your PATH.

To upgrade Dapr, run:

dapr upgrade --runtime-version 1.11 -k

To upgrade with high availability mode:

dapr upgrade --runtime-version 1.11 --enable-ha=true -k

Wait until the operation is finished and check your status with dapr status -k.

All done!

Note: Make sure your deployments are restarted to pick the latest version of the Dapr sidecar

Upgrade using Helm

To upgrade Dapr using Helm, run:

helm repo add dapr https://dapr.github.io/helm-charts/
helm repo update

helm upgrade dapr dapr/dapr --version 1.11 --namespace=dapr-system --wait

Wait until the operation is finished and check your status with dapr status -k.

All done!

Note: Make sure your deployments are restarted to pick the latest version of the Dapr sidecar

Starting a fresh install on a cluster

Please see how to deploy Dapr on a Kubernetes cluster for a complete guide to installing Dapr on Kubernetes

You can use Helm 3 to install Dapr:

helm repo add dapr https://dapr.github.io/helm-charts/
helm repo update

kubectl create namespace dapr-system

helm install dapr dapr/dapr --version 1.11 --namespace dapr-system --wait

Alternatively, you can use the latest version of CLI:

dapr init --runtime-version=1.11 -k

Post installation

Verify the control plane pods are running and are healthy:

$ dapr status -k
  NAME                   NAMESPACE    HEALTHY  STATUS   REPLICAS  VERSION  AGE  CREATED
  dapr-sidecar-injector  dapr-system  True     Running  1         1.11   15s  2023-06-02 13:07.39
  dapr-sentry            dapr-system  True     Running  1         1.11   15s  2023-06-02 13:07.39
  dapr-operator          dapr-system  True     Running  1         1.11   15s  2023-06-02 13:07.39
  dapr-placement         dapr-system  True     Running  1         1.11   15s  2023-06-02 13:07.39

After Dapr 1.11 has been installed, perform a rolling restart for your deployments to pick up the new version of the sidecar.
This can be done with:

kubectl rollout restart deploy/<deployment-name>

Breaking Changes

Dapr Runtime

• When communicating with apps using HTTPS or gRPC with TLS, Dapr now enforces the use of TLS 1.2 or higher. This behavior can be disabled temporarily using a Configuration option. 6078 6031
• The default path for HTTP app health checks has been changed to /healthz. The old path /health can still be used if configured explicitly. 6225
• Dapr's Helm chart does not include the Dapr Dashboard anymore 4724
• Workflows:
• Added support for multiple workflow apps in a single cluster 6013
• Breaking changes to workflow management API 6218

Components

The following components have been removed from Dapr 1.11 (2597):

• Twitter binding
• Hazelcast PubSub component

Go SDK

• UPDATED Update Configuration API Subscribe method 388
• UPDATED Update client's configuration methods with stable config api 392

Java SDK

• UPDATED Bump from reactor 2.3.5.RELEASE to 2.7.8 830
• UPDATED Convert Config API to Stable endpoints. 846

.Net SDK

• UPDATED Rename WorkflowEngineClient to DaprWorkflowClient and added additional APIs. 1053

Deprecation Notices

• The CLI flag --app-ssl (in both the Dapr CLI and daprd) has been deprecated in favor of using --app-protocol with values https or grpcs. daprd:6158 cli:1267