docs/release_notes/v1.14.3.md
⚠️ When upgrading from Dapr versions v1.14.0, v1.14.1, or v1.14.2 to v1.14.3, the upgrade fails with the following error:
Error: UPGRADE FAILED: cannot patch "dapr-scheduler-server" with kind StatefulSet: StatefulSet.apps "dapr-scheduler-server" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'ordinals', 'template', 'updateStrategy', 'persistentVolumeClaimRetentionPolicy' and 'minReadySeconds' are forbidden
The workaround for the user is to Delete the Scheduler StatefulSet before re-running the upgrade with the new storage size, but we recommend skipping this version and upgrading to v1.14.4 instead.
This update includes bug fixes:
When using AWS Secrets Manager and Parameter Store daprd would fail on initialisation if the IAM policy would only allow access for certain secrets.
Dapr wouldn't be able to start if the IAM policy would only allow access to certain secrets.
On initialisation daprd would try to verify access to the AWS Secrets Manager and Parameter Store services by trying to read a dummy secret which would fail if the IAM policy in place would only allow access to certain secrets.
The additional check was removed.
Creating a reasonable number of Jobs or Actor Reminders (also through workflows) with the Scheduler, would case the embedded Scheduler to run out of memory.
The Jobs, Actor Reminders, and Workflow APIs would become unavailable.
The default storage size of the embedded ETCD database was too small, as well as the purging of deleted data was not sufficiently aggressive enough.
Increase the default storage size of the embedded ETCD database from 2Gi to 16Gi, increase the frequency of purging of deleted data. More options are now exposed on the Scheduler to tune these values further.
When handling a Job trigger in a HTTP application, the value content of the request body could be base64 encoded, causing application serialization errors.
The Job trigger would not be processed by the application correctly.
The Job trigger was erroneously encoding the request body value content when sending the request to the applicaiton.
daprd now sends the request body value content as a standard JSON string.
The HTTP Job API request body data field previously accepted fully qualified protobuf messages.
The HTTP API was less approachable for users who wanted to test and develop with the HTTP API, often times using curl or Postman etc.
The HTTP Job API used the same request schema as the gRPC API.
The HTTP Job API now accepts JSON strings for the request body data field.
daprd sidecar is missing the securityContext/runAsGroup and/or securityContext/runAsUser settings.
daprd sidecar was not passing security checks by some policy enforcement solutions and could not run.
Missing the ability to set the securityContext/runAsGroup and/or securityContext/runAsUser settings.
Added the dapr_sidecar_injector.sidecarRunAsUser and/or dapr_sidecar_injector.sidecarRunAsGroup helm chart settings.