mirror of https://github.com/dapr/docs.git
Merge branch 'v1.12' into patch-1
This commit is contained in:
Yaron Schneider
GitHub
commit
096e5ce307
|
|
@ -59,7 +59,7 @@ public void ConfigureServices(IServiceCollection services)
|
|||
services.AddSingleton<BankService>();
|
||||
}
|
||||
```
|
||||
[See the .NET SDK documentation on registring actors]({{< ref "dotnet-actors-usage.md#registring-actors" >}}).
|
||||
[See the .NET SDK documentation on registering actors]({{< ref "dotnet-actors-usage.md#registring-actors" >}}).
|
||||
|
||||
{{% /codetab %}}
|
||||
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ public void ConfigureServices(IServiceCollection services)
|
|||
}
|
||||
```
|
||||
|
||||
[See the .NET SDK documentation on registring actors]({{< ref "dotnet-actors-usage.md#registring-actors" >}}).
|
||||
[See the .NET SDK documentation on registering actors]({{< ref "dotnet-actors-usage.md#registring-actors" >}}).
|
||||
|
||||
{{% /codetab %}}
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ Alternatively, you can use [Dapr SDKs to use actors]({{< ref "developing-applica
|
|||
|
||||
## Save state with actors
|
||||
|
||||
You can interact with Dapr via HTTP/gRPC endpoints to save state reliably using the Dapr actor state mangement capabaility.
|
||||
You can interact with Dapr via HTTP/gRPC endpoints to save state reliably using the Dapr actor state management capabaility.
|
||||
|
||||
To use actors, your state store must support multi-item transactions. This means your state store component must implement the `TransactionalStore` interface.
|
||||
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ While both HTTP and gRPC are supported in the alpha release, using the gRPC APIs
|
|||
|
||||
### Cryptographic components
|
||||
|
||||
The Dapr cryptography building block incldues two kinds of components:
|
||||
The Dapr cryptography building block includes two kinds of components:
|
||||
|
||||
- **Components that allow interacting with management services or vaults ("key vaults").**
|
||||
Similar to how Dapr offers an "abstraction layer" on top of various secret stores or state stores, these components allow interacting with various key vaults such as Azure Key Vault (with more coming in future Dapr releases). With these components, cryptographic operations on the private keys are performed within the vaults and Dapr never sees your private keys.
|
||||
|
|
|
|||
|
|
@ -160,7 +160,7 @@ The JSON payload then reflects the new `source` and `id` values:
|
|||
```
|
||||
|
||||
{{% alert title="Important" color="warning" %}}
|
||||
While you can replace `traceid`/`traceparent` and `tracestate`, doing this may interfere with tracing events and report inconsistent results in tracing tools. It's recommended to use Open Telementry for distributed traces. [Learn more about distributed tracing.]({{< ref tracing-overview.md >}})
|
||||
While you can replace `traceid`/`traceparent` and `tracestate`, doing this may interfere with tracing events and report inconsistent results in tracing tools. It's recommended to use Open Telemetry for distributed traces. [Learn more about distributed tracing.]({{< ref tracing-overview.md >}})
|
||||
|
||||
{{% /alert %}}
|
||||
|
||||
|
|
|
|||
|
|
@ -114,7 +114,7 @@ All Dapr pub/sub components support the at-least-once guarantee.
|
|||
|
||||
### Consumer groups and competing consumers pattern
|
||||
|
||||
Dapr handles the burden of dealing with consumer groups and the competing consumers pattern. In the competing consumers pattern, multiple application instances using a single consumer group compete for the message. Dapr enforces the competing consumer pattern when replicas use the same `app-id` without explict consumer group overrides.
|
||||
Dapr handles the burden of dealing with consumer groups and the competing consumers pattern. In the competing consumers pattern, multiple application instances using a single consumer group compete for the message. Dapr enforces the competing consumer pattern when replicas use the same `app-id` without explicit consumer group overrides.
|
||||
|
||||
When multiple instances of the same application (with same `app-id`) subscribe to a topic, Dapr delivers each message to *only one instance of **that** application*. This concept is illustrated in the diagram below.
|
||||
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ dapr init
|
|||
|
||||
#### Example: create a Java Dev Container for Dapr
|
||||
|
||||
This is an exmaple of creating a Dev Container for creating Java apps that use Dapr, based on the [official Java 17 Dev Container image](https://github.com/devcontainers/images/tree/main/src/java).
|
||||
This is an example of creating a Dev Container for creating Java apps that use Dapr, based on the [official Java 17 Dev Container image](https://github.com/devcontainers/images/tree/main/src/java).
|
||||
|
||||
Place this in a file called `.devcontainer/devcontainer.json` in your project:
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ The Multi-App Run template file is a YAML file that you can use to run multiple
|
|||
- Use the multi-app template
|
||||
- View started applications
|
||||
- Stop the multi-app template
|
||||
- Stucture the multi-app template file
|
||||
- Structure the multi-app template file
|
||||
|
||||
## Use the multi-app template
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ While Dapr's built-in components come [included with the runtime](https://github
|
|||
1. Pluggable components need to be started and ready to take requests _before_ Dapr itself is started.
|
||||
2. The [Unix Domain Socket][uds] file used for the pluggable component communication need to be made accessible to both Dapr and pluggable component.
|
||||
|
||||
In standalone mode, pluggable components run as processes or containers. On Kubernetes, pluggable components run as containers and are automatically injected to the application's pod by Dapr's sidecar injector, allowing customization via the standard [Kubernets Container spec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core).
|
||||
In standalone mode, pluggable components run as processes or containers. On Kubernetes, pluggable components run as containers and are automatically injected to the application's pod by Dapr's sidecar injector, allowing customization via the standard [Kubernetes Container spec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core).
|
||||
|
||||
This also changes the approach to share [Unix Domain Socket][uds] files between Dapr and pluggable components.
|
||||
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ Using Dapr, you can control how many requests and events will invoke your applic
|
|||
|
||||
*Note that this rate limiting is guaranteed for every event that's coming from Dapr, meaning Pub/Sub events, direct invocation from other services, bindings events etc. Dapr can't enforce the concurrency policy on requests that are coming to your app externally.*
|
||||
|
||||
*Note that rate limiting per second can be achieved by using the **middleware.http.ratelimit** middleware. However, there is an imporant difference between the two approaches. The rate limit middlware is time bound and limits the number of requests per second, while the `app-max-concurrency` flag specifies the number of concurrent requests (and events) at any point of time. See [Rate limit middleware]({{< ref middleware-rate-limit.md >}}). *
|
||||
*Note that rate limiting per second can be achieved by using the **middleware.http.ratelimit** middleware. However, there is an important difference between the two approaches. The rate limit middleware is time bound and limits the number of requests per second, while the `app-max-concurrency` flag specifies the number of concurrent requests (and events) at any point of time. See [Rate limit middleware]({{< ref middleware-rate-limit.md >}}). *
|
||||
|
||||
Watch this [video](https://youtu.be/yRI5g6o_jp8?t=1710) on how to control concurrency and rate limiting ".
|
||||
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ spec:
|
|||
defaultAccess: deny
|
||||
```
|
||||
|
||||
For applications that need to be deined access to the Kubernetes secret store, follow [these instructions]({{< ref kubernetes-overview >}}), and add the following annotation to the application pod.
|
||||
For applications that need to be denied access to the Kubernetes secret store, follow [these instructions]({{< ref kubernetes-overview >}}), and add the following annotation to the application pod.
|
||||
|
||||
```yaml
|
||||
dapr.io/config: appconfig
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ The baseline test included direct, non-encrypted traffic, without telemetry, dir
|
|||
|
||||
### Control plane performance
|
||||
|
||||
The Dapr control plane uses a total of 0.009 vCPU and 61.6 Mb when running in non-HA mode, meaning a single replica per system compoment.
|
||||
The Dapr control plane uses a total of 0.009 vCPU and 61.6 Mb when running in non-HA mode, meaning a single replica per system component.
|
||||
When running in a highly available production setup, the Dapr control plane consumes ~0.02 vCPU and 185 Mb.
|
||||
|
||||
| Component | vCPU | Memory
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ To rotate the configured token in self-hosted, update the `DAPR_API_TOKEN` envir
|
|||
|
||||
### Kubernetes
|
||||
|
||||
To rotate the configured token in Kubernates, update the previously-created secret with the new token in each namespace. You can do that using `kubectl patch` command, but a simpler way to update these in each namespace is by using a manifest:
|
||||
To rotate the configured token in Kubernetes, update the previously-created secret with the new token in each namespace. You can do that using `kubectl patch` command, but a simpler way to update these in each namespace is by using a manifest:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ To rotate the configured token in self-hosted, update the `APP_API_TOKEN` enviro
|
|||
|
||||
### Kubernetes
|
||||
|
||||
To rotate the configured token in Kubernates, update the previously-created secret with the new token in each namespace. You can do that using `kubectl patch` command, but a simpler way to update these in each namespace is by using a manifest:
|
||||
To rotate the configured token in Kubernetes, update the previously-created secret with the new token in each namespace. You can do that using `kubectl patch` command, but a simpler way to update these in each namespace is by using a manifest:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
|
|
|
|||
|
|
@ -486,7 +486,7 @@ By default, system services will look for the credentials in `/var/run/dapr/cred
|
|||
*Note: If you signed the cert root with a different private key, restart the Dapr instances.*
|
||||
|
||||
## Community call video on certificate rotation
|
||||
Watch this [video](https://www.youtube.com/watch?v=Hkcx9kBDrAc&feature=youtu.be&t=1400) on how to perform certificate rotation if your certicates are expiring.
|
||||
Watch this [video](https://www.youtube.com/watch?v=Hkcx9kBDrAc&feature=youtu.be&t=1400) on how to perform certificate rotation if your certificates are expiring.
|
||||
|
||||
<div class="embed-responsive embed-responsive-16by9">
|
||||
<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/Hkcx9kBDrAc?start=1400"></iframe>
|
||||
|
|
|
|||
|
|
@ -12,4 +12,4 @@ The Dapr organization and team makes security a central focus of how we operate
|
|||
|
||||
To report a security issue, please privately email the [Dapr Maintainers (dapr@dapr.io)](mailto:dapr@dapr.io?subject=[Security%20Disclosure]:%20ISSUE%20TITLE)
|
||||
|
||||
The Dapr maintainers will triage and respond ASAP and then patch and send an annoucement within 30 days.
|
||||
The Dapr maintainers will triage and respond ASAP and then patch and send an announcement within 30 days.
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ dapr mtls renew-certificate [flags]
|
|||
| Name | Environment Variable | Default | Description |
|
||||
| -------------- | -------------------- | ----------------- | ------------------------------------------- |
|
||||
| `--help`, `-h` | | | help for renew-certificate
|
||||
| `--kubernetes`, `-k` | | `false` | supprted platform| |
|
||||
| `--kubernetes`, `-k` | | `false` | supported platform| |
|
||||
| `--valid-until` | | 365 days | Validity for newly created certificates |
|
||||
| `--restart` | | false | Restarts Dapr control plane services (Sentry service, Operator service and Placement server) |
|
||||
| `--timeout` | | 300 sec | The timeout for the certificate renewal process |
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ dapr stop [flags]
|
|||
| -------------------- | -------------------- | ------- | -------------------------------- |
|
||||
| `--app-id`, `-a` | `APP_ID` | | The application id to be stopped |
|
||||
| `--help`, `-h` | | | Print this help message |
|
||||
| `--run-file`, `-f` | | | Stop running multiple applications at once using a Multi-App Run template file. Currently in [alpha]({{< ref "support-preview-features.md" >}}) and only availale in Linux/MacOS |
|
||||
| `--run-file`, `-f` | | | Stop running multiple applications at once using a Multi-App Run template file. Currently in [alpha]({{< ref "support-preview-features.md" >}}) and only available in Linux/MacOS |
|
||||
|
||||
### Examples
|
||||
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ Note that you can not use secret just for username/password. If you use secret,
|
|||
| `maxIdleConns` | N | Output | The max idle connections. Integer greater than 0 | `"10"` |
|
||||
| `maxOpenConns` | N | Output | The max open connections. Integer greater than 0 | `"10"` |
|
||||
| `connMaxLifetime` | N | Output | The max connection lifetime. Duration string | `"12s"` |
|
||||
| `connMaxIdleTime` | N | Output | The max connection idel time. Duration string | `"12s"` |
|
||||
| `connMaxIdleTime` | N | Output | The max connection idle time. Duration string | `"12s"` |
|
||||
|
||||
### SSL connection
|
||||
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ spec:
|
|||
value: 403
|
||||
|
||||
# `readBody` controls whether the middleware reads the entire request body in-memory and make it
|
||||
# availble for policy decisions.
|
||||
# available for policy decisions.
|
||||
- name: readBody
|
||||
value: "false"
|
||||
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ How to compile this is described later.
|
|||
| Field | Details | Required | Example |
|
||||
|-------|----------------------------------------------------------------|----------|----------------|
|
||||
| url | The URL of the resource including the Wasm binary to instantiate. The supported schemes include `file://`, `http://`, and `https://`. The path of a `file://` URL is relative to the Dapr process unless it begins with `/`. | true | `file://hello.wasm`, `https://example.com/hello.wasm` |
|
||||
| guestConfig | An optional configuration passed to Wasm guests. Users can pass an arbitrary string to be parsed by the guest code. | false | `enviroment=production`,`{"environment":"production"}` |
|
||||
| guestConfig | An optional configuration passed to Wasm guests. Users can pass an arbitrary string to be parsed by the guest code. | false | `environment=production`,`{"environment":"production"}` |
|
||||
|
||||
## Dapr configuration
|
||||
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@ The above example uses secrets as plain strings. It is recommended to use [a sec
|
|||
| secretKey | Y | Secret for the AWS user/role. If using an `AssumeRole` access, you will also need to provide a `sessionToken` |`"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"`
|
||||
| region | Y | The AWS region where the SNS/SQS assets are located or be created in. See [this page](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/?p=ugi&l=na) for valid regions. Ensure that SNS and SQS are available in that region | `"us-east-1"`
|
||||
| consumerID | N | Consumer ID (consumer tag) organizes one or more consumers into a group. Consumers with the same consumer ID work as one virtual consumer; for example, a message is processed only once by one of the consumers in the group. If the `consumerID` is not provided, the Dapr runtime set it to the Dapr application ID (`appID`) value. See the [pub/sub broker component file]({{< ref setup-pubsub.md >}}) to learn how ConsumerID is automatically generated. | `"channel1"`
|
||||
| endpoint | N | AWS endpoint for the component to use. Only used for local development with, for example, [localstack](https://github.com/localstack/localstack). The `endpoint` is unncessary when running against production AWS | `"http://localhost:4566"`
|
||||
| endpoint | N | AWS endpoint for the component to use. Only used for local development with, for example, [localstack](https://github.com/localstack/localstack). The `endpoint` is unnecessary when running against production AWS | `"http://localhost:4566"`
|
||||
| sessionToken | N | AWS session token to use. A session token is only required if you are using temporary security credentials | `"TOKEN"`
|
||||
| messageReceiveLimit | N | Number of times a message is received, after processing of that message fails, that once reached, results in removing of that message from the queue. If `sqsDeadLettersQueueName` is specified, `messageReceiveLimit` is the number of times a message is received, after processing of that message fails, that once reached, results in moving of the message to the SQS dead-letters queue. Default: `10` | `10`
|
||||
| sqsDeadLettersQueueName | N | Name of the dead letters queue for this application | `"myapp-dlq"`
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ spec:
|
|||
For security reasons, this component cannot be used to access these environment variables:
|
||||
|
||||
- `APP_API_TOKEN`
|
||||
- Any variable whose name begines with the `DAPR_` prefix
|
||||
- Any variable whose name begins with the `DAPR_` prefix
|
||||
|
||||
## Related Links
|
||||
- [Secrets building block]({{< ref secrets >}})
|
||||
|
|
|
|||
Loading…
Reference in New Issue