dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'v1.0' into aacrawfi-links-fix

This commit is contained in:
Ori Zohar 2021-03-05 14:55:27 -08:00 committed by GitHub
parent 3a49a34b65 1205be514d
commit 4a2a4679ad
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 198 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
daprdocs/assets/scss/_code.scss
View File

@ -47,6 +47,8 @@
margin: 0rem 0;
padding: 0rem;
margin-bottom: 2rem;
max-width: 100%;
pre {

73
daprdocs/content/en/operations/hosting/kubernetes/kubernetes-deploy.md
View File

@ -10,12 +10,7 @@ aliases:
When setting up Kubernetes you can use either the Dapr CLI or Helm.
As part of the Dapr initialization the following pods are installed:
- **dapr-operator:** Manages component updates and Kubernetes services endpoints for Dapr (state stores, pub/subs, etc.)
- **dapr-sidecar-injector:** Injects Dapr into annotated deployment pods
- **dapr-placement:** Used for actors only. Creates mapping tables that map actor instances to pods
- **dapr-sentry:** Manages mTLS between services and acts as a certificate authority
For more information on what is deployed to your Kubernetes cluster read the [Kubernetes overview]({{< ref kubernetes-overview.md >}})
## Prerequisites
@ -45,19 +40,18 @@ You can install Dapr to a Kubernetes cluster using the [Dapr CLI]({{< ref instal
The `-k` flag initializes Dapr on the Kubernetes cluster in your current context.
{{% alert title="Target cluster" color="primary" %}}
{{% alert title="Ensure correct cluster is set" color="warning" %}}
Make sure the correct "target" cluster is set. Check `kubectl context (kubectl config get-contexts)` to verify. You can set a different context using `kubectl config use-context <CONTEXT>`.
{{% /alert %}}
Run on your local machine:
Run the following command on your local machine to init Dapr on your cluster:
```bash
dapr init -k
```
```
```bash
⌛ Making the jump to hyperspace...
Note: To install Dapr using Helm, see here: https://github.com/dapr/docs/blob/master/getting-started/environment-setup.md#using-helm-advanced
✅ Deploying the Dapr control plane to your cluster...
✅ Success! Dapr has been installed to namespace dapr-system. To verify, run "dapr status -k" in your terminal. To get started, go here: https://aka.ms/dapr-getting-started
@ -72,7 +66,7 @@ dapr init -k -n mynamespace
```
### Install in highly available mode:
### Install in highly available mode
You can run Dapr with 3 replicas of each control plane pod in the dapr-system namespace for [production scenarios]({{< ref kubernetes-production.md >}}).
@ -90,26 +84,23 @@ dapr init -k --enable-mtls=false
### Uninstall Dapr on Kubernetes with CLI
```bash
dapr uninstall --kubernetes
```
Run the following command on your local machine to uninstall Dapr on your cluster:
### Upgrade Dapr on a cluster
To upgrade Dapr on a Kubernetes cluster you can use the CLI. See [upgrade Dapr on Kubernetes]({{< ref kubernetes-upgrade.md >}}) for more information.
```bash
dapr uninstall -k
```
## Install with Helm (advanced)
You can install Dapr on Kubernetes using a Helm 3 chart.
{{% alert title="Note" color="primary" %}}
{{% alert title="Ensure you are on Helm v3" color="primary" %}}
The latest Dapr helm chart no longer supports Helm v2. Please migrate from Helm v2 to Helm v3 by following [this guide](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/).
{{% /alert %}}
### Add and install Dapr Helm chart
1. Make sure [Helm 3](https://github.com/helm/helm/releases) is installed on your machine
2. Add Helm repo and update
```bash
@ -118,7 +109,6 @@ The latest Dapr helm chart no longer supports Helm v2. Please migrate from Helm
# See which chart versions are available
helm search repo dapr --devel --versions
```
3. Install the Dapr chart on your cluster in the `dapr-system` namespace.
```bash
@ -129,8 +119,8 @@ The latest Dapr helm chart no longer supports Helm v2. Please migrate from Helm
--wait
```
To install in high availability mode:
To install in high availability mode:
```bash
helm upgrade --install dapr dapr/dapr \
--version=1.0.0 \
@ -139,26 +129,9 @@ To install in high availability mode:
--set global.ha.enabled=true \
--wait
```
See [Guidelines for production ready deployments on Kubernetes]({{<ref kubernetes-production.md>}}) for more information on installing and upgrading Dapr using Helm.
### Verify installation
Once the chart installation is complete, verify that the dapr-operator, dapr-placement, dapr-sidecar-injector and dapr-sentry pods are running in the `dapr-system` namespace:
```bash
kubectl get pods --namespace dapr-system
```
```
NAME READY STATUS RESTARTS AGE
dapr-dashboard-7bd6cbf5bf-xglsr 1/1 Running 0 40s
dapr-operator-7bd6cbf5bf-xglsr 1/1 Running 0 40s
dapr-placement-7f8f76778f-6vhl2 1/1 Running 0 40s
dapr-sidecar-injector-8555576b6f-29cqm 1/1 Running 0 40s
dapr-sentry-9435776c7f-8f7yd 1/1 Running 0 40s
```
See [Guidelines for production ready deployments on Kubernetes]({{<ref kubernetes-production.md>}}) for more information on installing and upgrading Dapr using Helm.
### Uninstall Dapr on Kubernetes
@ -171,6 +144,22 @@ helm uninstall dapr --namespace dapr-system
- Read [this guide]({{< ref kubernetes-production.md >}}) for recommended Helm chart values for production setups
- See [this page](https://github.com/dapr/dapr/blob/master/charts/dapr/README.md) for details on Dapr Helm charts.
## Verify installation
Once the installation is complete, verify that the dapr-operator, dapr-placement, dapr-sidecar-injector and dapr-sentry pods are running in the `dapr-system` namespace:
```bash
kubectl get pods --namespace dapr-system
```
```bash
NAME READY STATUS RESTARTS AGE
dapr-dashboard-7bd6cbf5bf-xglsr 1/1 Running 0 40s
dapr-operator-7bd6cbf5bf-xglsr 1/1 Running 0 40s
dapr-placement-7f8f76778f-6vhl2 1/1 Running 0 40s
dapr-sidecar-injector-8555576b6f-29cqm 1/1 Running 0 40s
dapr-sentry-9435776c7f-8f7yd 1/1 Running 0 40s
```
## Next steps

197
daprdocs/content/en/operations/hosting/kubernetes/kubernetes-hybrid-clusters.md
View File

@ -22,21 +22,21 @@ You will need a Kubernetes cluster with Windows nodes. Many Kubernetes providers
2. Once you have set up the cluster, you should see that it has both Windows and Linux nodes available
```bash
kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
aks-nodepool1-11819434-vmss000000 Ready agent 6d v1.17.9 10.240.0.4 <none> Ubuntu 16.04.6 LTS 4.15.0-1092-azure docker://3.0.10+azure
aks-nodepool1-11819434-vmss000001 Ready agent 6d v1.17.9 10.240.0.35 <none> Ubuntu 16.04.6 LTS 4.15.0-1092-azure docker://3.0.10+azure
aks-nodepool1-11819434-vmss000002 Ready agent 5d10h v1.17.9 10.240.0.129 <none> Ubuntu 16.04.6 LTS 4.15.0-1092-azure docker://3.0.10+azure
akswin000000 Ready agent 6d v1.17.9 10.240.0.66 <none> Windows Server 2019 Datacenter 10.0.17763.1339 docker://19.3.5
akswin000001 Ready agent 6d v1.17.9 10.240.0.97 <none> Windows Server 2019 Datacenter 10.0.17763.1339 docker://19.3.5
```
## Installing the Dapr Control Plane
```bash
kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
aks-nodepool1-11819434-vmss000000 Ready agent 6d v1.17.9 10.240.0.4 <none> Ubuntu 16.04.6 LTS 4.15.0-1092-azure docker://3.0.10+azure
aks-nodepool1-11819434-vmss000001 Ready agent 6d v1.17.9 10.240.0.35 <none> Ubuntu 16.04.6 LTS 4.15.0-1092-azure docker://3.0.10+azure
aks-nodepool1-11819434-vmss000002 Ready agent 5d10h v1.17.9 10.240.0.129 <none> Ubuntu 16.04.6 LTS 4.15.0-1092-azure docker://3.0.10+azure
akswin000000 Ready agent 6d v1.17.9 10.240.0.66 <none> Windows Server 2019 Datacenter 10.0.17763.1339 docker://19.3.5
akswin000001 Ready agent 6d v1.17.9 10.240.0.97 <none> Windows Server 2019 Datacenter 10.0.17763.1339 docker://19.3.5
```
## Installing the Dapr control plane
If you are installing using the Dapr CLI or via a helm chart, simply follow the normal deployment procedures:
[Installing Dapr on a Kubernetes cluster]({{< ref "install-dapr-selfhost.md#installing-Dapr-on-a-kubernetes-cluster" >}})
Affinity will be automatically set for kubernetes.io/os=linux. This will be sufficient for most users, as Kubernetes requires at least one Linux node pool.
Affinity will be automatically set for `kubernetes.io/os=linux`. This will be sufficient for most users, as Kubernetes requires at least one Linux node pool.
> **Note:** Dapr control plane containers are built and tested for both windows and linux, however, we generally recommend using the linux control plane containers. They tend to be smaller and have a much larger user base.
@ -53,109 +53,112 @@ In order to launch a Dapr application on Windows, you'll first need to create a
1. Create a deployment YAML
Here is a sample deployment with nodeAffinity set to "windows". Modify as needed for your application.
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: yourwinapp
labels:
app: applabel
spec:
replicas: 1
selector:
matchLabels:
app: applablel
template:
metadata:
labels:
app: applabel
annotations:
dapr.io/enabled: "true"
dapr.io/id: "addapp"
dapr.io/port: "6000"
dapr.io/config: "appconfig"
spec:
containers:
- name: add
image: yourreponsitory/your-windows-dapr-container:your-tag
ports:
- containerPort: 6000
imagePullPolicy: Always
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- windows
```
This deployment yaml will be the same as any other dapr application, with an additional spec.template.spec.affinity section as shown above.
Here is a sample deployment with nodeAffinity set to "windows". Modify as needed for your application.
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: yourwinapp
labels:
app: applabel
spec:
replicas: 1
selector:
matchLabels:
app: applablel
template:
metadata:
labels:
app: applabel
annotations:
dapr.io/enabled: "true"
dapr.io/id: "addapp"
dapr.io/port: "6000"
dapr.io/config: "appconfig"
spec:
containers:
- name: add
image: yourreponsitory/your-windows-dapr-container:your-tag
ports:
- containerPort: 6000
imagePullPolicy: Always
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- windows
```
This deployment yaml will be the same as any other dapr application, with an additional spec.template.spec.affinity section as shown above.
2. Deploy to your Kubernetes cluster
```bash
kubectl apply -f deploy_windows.yaml
```
```bash
kubectl apply -f deploy_windows.yaml
```
### Linux applications
If you have already got a dapr application with runs on Linux, you'll still need to add affinity rules as above, but choose linux affinity instead.
1. Create a deployment YAML
Here is a sample deployment with nodeAffinity set to "linux". Modify as needed for your application.
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: yourlinuxapp
labels:
app: yourlabel
spec:
replicas: 1
selector:
matchLabels:
app: yourlabel
template:
metadata:
labels:
app: yourlabel
annotations:
dapr.io/enabled: "true"
dapr.io/id: "addapp"
dapr.io/port: "6000"
dapr.io/config: "appconfig"
spec:
containers:
- name: add
image: yourreponsitory/your-application:your-tag
ports:
- containerPort: 6000
imagePullPolicy: Always
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
```
Here is a sample deployment with nodeAffinity set to "linux". Modify as needed for your application.
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: yourlinuxapp
labels:
app: yourlabel
spec:
replicas: 1
selector:
matchLabels:
app: yourlabel
template:
metadata:
labels:
app: yourlabel
annotations:
dapr.io/enabled: "true"
dapr.io/id: "addapp"
dapr.io/port: "6000"
dapr.io/config: "appconfig"
spec:
containers:
- name: add
image: yourreponsitory/your-application:your-tag
ports:
- containerPort: 6000
imagePullPolicy: Always
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
```
2. Deploy to your Kubernetes cluster
```bash
kubectl apply -f deploy_linux.yaml
```
```bash
kubectl apply -f deploy_linux.yaml
```
## Cleanup
```
```bash
kubectl delete -f deploy_linux.yaml
kubectl delete -f deploy_windows.yaml
helm uninstall dapr
```
## Related links
- See the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) for examples of more advanced configuration via node affinity

26
daprdocs/content/en/operations/hosting/kubernetes/kubernetes-overview.md
View File

@ -6,12 +6,22 @@ weight: 10000
description: "Overview of how to get Dapr running on your Kubernetes cluster"
---
Dapr can be configured to run on any [Kubernetes cluster](https://github.com/dapr/quickstarts/tree/master/hello-kubernetes). In Kubernetes the `dapr-sidecar-injector` and `dapr-operator` services provide first class integration to launch Dapr as a sidecar container in the same pod as the service container and provide notifications of Dapr component updates provisioned into the cluster. Additionally, the `dapr-sidecar-injector` also injects the environment variables `DAPR_HTTP_PORT` and `DAPR_GRPC_PORT` into **all** the containers in the pod to enable user defined applications to easily communicate with Dapr without hardcoding Dapr port values.
## Dapr on Kubernetes
The `dapr-sentry` service is a certificate authority that enables mutual TLS between Dapr sidecar instances for secure data encryption. For more information on the `Sentry` service read the [security overview]({{< ref "security-concept.md" >}})
Dapr can be configured to run on any Kubernetes cluster. To achieve this, Dapr begins by deploying the `dapr-sidecar-injector`, `dapr-operator`, `dapr-placement`, and `dapr-sentry` Kubernetes services. These provide first-class integration to make running applications with Dapr easy.
- **dapr-operator:** Manages [component]({{< ref components >}}) updates and Kubernetes services endpoints for Dapr (state stores, pub/subs, etc.)
- **dapr-sidecar-injector:** Injects Dapr into [annotated](#adding-dapr-to-a-kubernetes-cluster) deployment pods and adds the environment variables `DAPR_HTTP_PORT` and `DAPR_GRPC_PORT` to enable user-defined applications to easily communicate with Dapr without hard-coding Dapr port values.
- **dapr-placement:** Used for [actors]({{< ref actors >}}) only. Creates mapping tables that map actor instances to pods
- **dapr-sentry:** Manages mTLS between services and acts as a certificate authority. For more information read the [security overview]({{< ref "security-concept.md" >}}).
<img src="/images/overview_kubernetes.png" width=800>
## Deploying Dapr to a Kubernetes cluster
Read [this guide]({{< ref kubernetes-deploy.md >}}) to learn how to deploy Dapr to your Kubernetes cluster.
## Adding Dapr to a Kubernetes deployment
Deploying and running a Dapr enabled application into your Kubernetes cluster is a simple as adding a few annotations to the deployment schemes. To give your service an `id` and `port` known to Dapr, turn on tracing through configuration and launch the Dapr sidecar container, you annotate your Kubernetes deployment like this.
```yml
@ -21,6 +31,14 @@ Deploying and running a Dapr enabled application into your Kubernetes cluster is
dapr.io/app-port: "3000"
dapr.io/config: "tracing"
```
You can see some examples [here](https://github.com/dapr/quickstarts/tree/master/hello-kubernetes/deploy) in the Kubernetes getting started sample.
Explore additional [Kubernetes related topics]({{<ref kubernetes>}}) for more information about working with Dapr on Kubernetes.
## Quickstart
You can see some examples [here](https://github.com/dapr/quickstarts/tree/master/hello-kubernetes) in the Kubernetes getting started quickstart.
## Related links
- [Deploy Dapr to a Kubernetes cluster]({{< ref kubernetes-deploy >}})
- [Upgrade Dapr on a Kubernetes cluster]({{< ref kubernetes-upgrade >}})
- [Production guidelines for Dapr on Kubernetes]({{< ref kubernetes-production.md >}})
- [Dapr Kubernetes Quickstart](https://github.com/dapr/quickstarts/tree/master/hello-kubernetes)

69
daprdocs/content/en/operations/hosting/kubernetes/kubernetes-production.md
View File

@ -15,11 +15,13 @@ Use the following resource settings might serve as a starting point. Requirement
| Deployment | CPU | Memory
|-------------|-----|-------
| Operator | Limit: 1, Request: 100m | Limit: 200Mi, Request: 100Mi
| Sidecar Injector | Limit: 1, Request: 100m | Limit: 200Mi, Request: 30Mi
| Sentry | Limit: 1, Request: 100m | Limit: 200Mi, Request: 30Mi
| Placement | Limit: 1, Request: 250m | Limit: 150Mi, Request: 75Mi
| Dashboard | Limit: 200m, Request: 50m | Limit: 200Mi, Request: 20Mi
| **Operator** | Limit: 1, Request: 100m | Limit: 200Mi, Request: 100Mi
| **Sidecar Injector** | Limit: 1, Request: 100m | Limit: 200Mi, Request: 30Mi
| **Sentry** | Limit: 1, Request: 100m | Limit: 200Mi, Request: 30Mi
| **Placement** | Limit: 1, Request: 250m | Limit: 150Mi, Request: 75Mi
| **Dashboard** | Limit: 200m, Request: 50m | Limit: 200Mi, Request: 20Mi
### Helm
When installing Dapr using Helm, no default limit/request values are set. Each component has a `resources` option (for example, `dapr_dashboard.resources`), which you can use to tune the Dapr control plane to fit your environment. The [Helm chart readme](https://github.com/dapr/dapr/blob/master/charts/dapr/README.md) has detailed information and examples. For local/dev installations, you might simply want to skip configuring the `resources` options.
@ -27,23 +29,23 @@ When installing Dapr using Helm, no default limit/request values are set. Each c
The following Dapr control plane deployments are optional:
* Placement - Needed for Dapr Actors
* Sentry - Needed for mTLS for service to service invocation
* Dashboard - Needed for operational view of the cluster
- **Placement** - Needed for Dapr Actors
- **Sentry** - Needed for mTLS for service to service invocation
- **Dashboard** - Needed for operational view of the cluster
## Sidecar resource settings
To set the resource assignments for the Dapr sidecar, see the annotations [here]({{< ref "kubernetes-annotations.md" >}}).
The specific annotations related to resource constraints are:
* `dapr.io/sidecar-cpu-limit`
* `dapr.io/sidecar-memory-limit`
* `dapr.io/sidecar-cpu-request`
* `dapr.io/sidecar-memory-request`
- `dapr.io/sidecar-cpu-limit`
- `dapr.io/sidecar-memory-limit`
- `dapr.io/sidecar-cpu-request`
- `dapr.io/sidecar-memory-request`
If not set, the dapr sidecar will run without resource settings, which may lead to issues. For a production-ready setup it is strongly recommended to configure these settings.
For more details on configuring resource in Kubernetes see [Assign Memory Resources to Containers and Pods](https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/) and [Assign CPU Resources to Containers and Pods](https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/)
For more details on configuring resource in Kubernetes see [Assign Memory Resources to Containers and Pods](https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/) and [Assign CPU Resources to Containers and Pods](https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/).
Example settings for the dapr sidecar in a production-ready setup:
@ -55,13 +57,16 @@ Example settings for the dapr sidecar in a production-ready setup:
The CPU and memory limits above account for the fact that Dapr is intended to a high number of I/O bound operations. It is strongly recommended that you use a tool monitoring tool to baseline the sidecar (and app) containers and tune these settings based on those baselines.
## Highly-available mode
When deploying Dapr in a production-ready configuration, it's recommended to deploy with a highly available configuration of the control plane, which creates 3 replicas of each control plane pod in the dapr-system namespace.
## Deploying Dapr with Helm
When deploying to a production cluster, it's recommended to use Helm. Although the Dapr CLI can install Dapr onto a Kubernetes cluster, it is intended for use in dev/test scenarios.
You can find information [here]({{< ref "install-dapr-selfhost.md#using-helm-advanced" >}}) on how to deploy Dapr using Helm.
When deploying Dapr in a production-ready configuration, it's recommended to deploy with a highly available configuration of the control plane. It is recommended to create a values file instead of specifying parameters on the command-line. This file should be checked in to source control so that you can track changes made to it.
For a full guide on deploying Dapr with Helm visit [this guide]({{< ref "kubernetes-deploy.md#install-with-helm-advanced" >}}).
### Parameters file
It is recommended to create a values file instead of specifying parameters on the command-line. This file should be checked in to source control so that you can track changes made to it.
For a full list of all available options you can set in the values file (or by using the `--set` command-line option), see https://github.com/dapr/dapr/blob/master/charts/dapr/README.md.
@ -108,18 +113,18 @@ Dapr supports zero downtime upgrades. The upgrade path includes the following st
### Upgrading the CLI
To upgrade the Dapr CLI, [download the latest version](https://github.com/dapr/cli/releases) of the CLI. After you downloaded the binary, it's recommended you put the CLI binary in your path.
To upgrade the Dapr CLI, [download the latest version](https://github.com/dapr/cli/releases) of the CLI and ensure it's in your path.
### Upgrading the control plane
See [Steps to upgrade Dapr on a Kubernetes cluster]({{< ref kubernetes-upgrade.md >}})
See [steps to upgrade Dapr on a Kubernetes cluster]({{< ref "kubernetes-upgrade.md#helm" >}}).
### Updating the data plane (sidecars)
The last step is to update pods that are running Dapr to pick up the new version of the Dapr runtime.
To do that, simply issue a rollout restart command for any deployment that has the `dapr.io/enabled` annotation:
```
```bash
kubectl rollout restart deploy/<Application deployment name>
```
@ -138,27 +143,29 @@ When properly configured, Dapr ensures secure communication. It can also make yo
It is recommended that a production-ready deployment includes the following settings:
1. Mutual Authentication (mTLS) should be enabled. Note that Dapr has mTLS on by default. For details on how to bring your own certificates, see [here]({{< ref "mtls.md#bringing-your-own-certificates" >}})
1. **Mutual Authentication (mTLS)** should be enabled. Note that Dapr has mTLS on by default. For details on how to bring your own certificates, see [here]({{< ref "mtls.md#bringing-your-own-certificates" >}})
2. App to Dapr API authentication is enabled. This is the communication between your application and the Dapr sidecar. To secure the Dapr API from unauthorized application access, it is recommended to enable Dapr's token based auth. See [enable API token authentication in Dapr]({{< ref "api-token.md" >}}) for details
2. **App to Dapr API authentication** is enabled. This is the communication between your application and the Dapr sidecar. To secure the Dapr API from unauthorized application access, it is recommended to enable Dapr's token based auth. See [enable API token authentication in Dapr]({{< ref "api-token.md" >}}) for details
3. Dapr to App API authentication is enabled. This is the communication between Dapr and your application. This ensures that Dapr knows that it is communicating with an authorized application. See [Authenticate requests from Dapr using token authentication]({{< ref "app-api-token.md" >}}) for details
3. **Dapr to App API authentication** is enabled. This is the communication between Dapr and your application. This ensures that Dapr knows that it is communicating with an authorized application. See [Authenticate requests from Dapr using token authentication]({{< ref "app-api-token.md" >}}) for details
4. All component YAMLs should have secret data configured in a secret store and not hard-coded in the YAML file. See [here]({{< ref "component-secrets.md" >}}) on how to use secrets with Dapr components
4. All component YAMLs should have **secret data configured in a secret store** and not hard-coded in the YAML file. See [here]({{< ref "component-secrets.md" >}}) on how to use secrets with Dapr components
5. The Dapr control plane is installed on a dedicated namespace such as `dapr-system`.
5. The Dapr **control plane is installed on a dedicated namespace** such as `dapr-system`.
6. Dapr also supports scoping components for certain applications. This is not a required practice, and can be enabled according to your security needs. See [here]({{< ref "component-scopes.md" >}}) for more info.
6. Dapr also supports **scoping components for certain applications**. This is not a required practice, and can be enabled according to your security needs. See [here]({{< ref "component-scopes.md" >}}) for more info.
## Tracing and metrics configuration
Dapr has tracing and metrics enabled by default.
To configure a tracing backend for Dapr visit [this]({{< ref "setup-tracing.md" >}}) link.
Dapr has tracing and metrics enabled by default. It is *recommended* that you set up distributed tracing and metrics for your applications and the Dapr control plane in production.
For metrics, Dapr exposes a Prometheus endpoint listening on port 9090 which can be scraped by Prometheus.
It is *recommended* that you set up distributed tracing and metrics for your applications and the Dapr control plane in production.
If you already have your own observability set-up, you can disable tracing and metrics for Dapr.
### Tracing
To configure a tracing backend for Dapr visit [this]({{< ref "setup-tracing.md" >}}) link.
### Metrics
For metrics, Dapr exposes a Prometheus endpoint listening on port 9090 which can be scraped by Prometheus.
To setup Prometheus, Grafana and other monitoring tools with Dapr, visit [this]({{< ref "monitoring" >}}) link.

8
daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md
View File

@ -8,14 +8,15 @@ description: "Follow these steps to upgrade Dapr on Kubernetes and ensure a smoo
## Prerequisites
- [Dapr CLI]({{< ref install-dapr-cli.md >}}))
- [Dapr CLI]({{< ref install-dapr-cli.md >}})
- [Helm 3](https://github.com/helm/helm/releases) (if using Helm)
## Upgrade existing cluster to 1.0.0
There are two ways to upgrade the Dapr control plane on a Kubernetes cluster using either the Dapr CLI or Helm. The preferred way is to use the Dapr CLI.
There are two ways to upgrade the Dapr control plane on a Kubernetes cluster using either the Dapr CLI or Helm.
### Dapr CLI
The example below shows how to upgrade to version 1.0.0
The example below shows how to upgrade to version 1.0.0:
```bash
dapr upgrade -k --runtime-version=1.0.0
@ -25,6 +26,7 @@ You can provide all the available Helm chart configurations using the Dapr CLI.
See [here](https://github.com/dapr/cli#supplying-helm-values) for more info.
### Helm
From version 1.0.0 onwards, upgrading Dapr using Helm is no longer a disruptive action since existing certificate values will automatically be re-used.
1. Upgrade Dapr from 1.0.0 (or newer) to any [NEW VERSION] > v1.0.0: