dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'v1.11' of https://github.com/dapr/docs into issue_3377

This commit is contained in:
Hannah Hunter 2023-05-16 12:16:18 -04:00
parent 6321112b85 8ee089446f
commit bbee91c16e
21 changed files with 386 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
daprdocs/content/en/developing-applications/building-blocks/state-management/state-store-ttl.md
View File

@ -28,7 +28,7 @@ Refer to the TTL column in the [state store components guide]({{< ref supported-
You can set state TTL in the metadata as part of the state store set request:
{{< tabs ".NET" Python Go "HTTP API (Bash)" "HTTP API (PowerShell)">}}
{{< tabs Python ".NET" Go "HTTP API (Bash)" "HTTP API (PowerShell)">}}
{{% codetab %}}

40
daprdocs/content/en/developing-applications/building-blocks/workflow/workflow-patterns.md
View File

@ -78,7 +78,7 @@ In the fan-out/fan-in design pattern, you execute multiple tasks simultaneously
<img src="/images/workflow-overview/workflows-fanin-fanout.png" width=800 alt="Diagram showing how the fan-out/fan-in workflow pattern works">
In addition to the challenges mentioned in [the previous pattern]({{< ref "workflow-overview.md#task-chaining" >}}), there are several important questions to consider when implementing the fan-out/fan-in pattern manually:
In addition to the challenges mentioned in [the previous pattern]({{< ref "workflow-patterns.md#task-chaining" >}}), there are several important questions to consider when implementing the fan-out/fan-in pattern manually:
- How do you control the degree of parallelism?
- How do you know when to trigger subsequent aggregation steps?
@ -143,35 +143,33 @@ The Dapr workflow HTTP API supports the asynchronous request-reply pattern out-o
The following `curl` commands illustrate how the workflow APIs support this pattern.
```bash
curl -X POST http://localhost:3500/v1.0-alpha1/workflows/dapr/OrderProcessingWorkflow/12345678/start -d '{"input":{"Name":"Paperclips","Quantity":1,"TotalCost":9.95}}'
curl -X POST http://localhost:3500/v1.0-alpha1/workflows/dapr/OrderProcessingWorkflow/start?instanceID=12345678 -d '{"Name":"Paperclips","Quantity":1,"TotalCost":9.95}'
```
The previous command will result in the following response JSON:
```json
{"instance_id":"12345678"}
{"instanceID":"12345678"}
```
The HTTP client can then construct the status query URL using the workflow instance ID and poll it repeatedly until it sees the "COMPLETE", "FAILURE", or "TERMINATED" status in the payload.
```bash
curl http://localhost:3500/v1.0-alpha1/workflows/dapr/OrderProcessingWorkflow/12345678
curl http://localhost:3500/v1.0-alpha1/workflows/dapr/12345678
```
The following is an example of what an in-progress workflow status might look like.
```json
{
"WFInfo": {
"instance_id": "12345678"
},
"start_time": "2023-02-05T00:32:05Z",
"metadata": {
"instanceID": "12345678",
"workflowName": "OrderProcessingWorkflow",
"createdAt": "2023-05-03T23:22:11.143069826Z",
"lastUpdatedAt": "2023-05-03T23:22:22.460025267Z",
"runtimeStatus": "RUNNING",
"properties": {
"dapr.workflow.custom_status": "",
"dapr.workflow.input": "{\"Name\":\"Paperclips\",\"Quantity\":1,\"TotalCost\":9.95}",
"dapr.workflow.last_updated": "2023-02-05T00:32:18Z",
"dapr.workflow.name": "OrderProcessingWorkflow",
"dapr.workflow.runtime_status": "RUNNING"
"dapr.workflow.input": "{\"Name\":\"Paperclips\",\"Quantity\":1,\"TotalCost\":9.95}"
}
}
```
@ -182,17 +180,15 @@ If the workflow has completed, the status might look as follows.
```json
{
"WFInfo": {
"instance_id": "12345678"
},
"start_time": "2023-02-05T00:32:05Z",
"metadata": {
"instanceID": "12345678",
"workflowName": "OrderProcessingWorkflow",
"createdAt": "2023-05-03T23:30:11.381146313Z",
"lastUpdatedAt": "2023-05-03T23:30:52.923870615Z",
"runtimeStatus": "COMPLETED",
"properties": {
"dapr.workflow.custom_status": "",
"dapr.workflow.input": "{\"Name\":\"Paperclips\",\"Quantity\":1,\"TotalCost\":9.95}",
"dapr.workflow.last_updated": "2023-02-05T00:32:23Z",
"dapr.workflow.name": "OrderProcessingWorkflow",
"dapr.workflow.output": "{\"Processed\":true}",
"dapr.workflow.runtime_status": "COMPLETED"
"dapr.workflow.output": "{\"Processed\":true}"
}
}
```

11
daprdocs/content/en/operations/configuration/configuration-overview.md
View File

@ -79,13 +79,22 @@ The following table lists the properties for tracing:
| `samplingRate` | string | Set sampling rate for tracing to be enabled or disabled.
| `stdout` | bool | True write more verbose information to the traces
| `otel.endpointAddress` | string | Set the Open Telemetry (OTEL) server address to send traces to
| `otel.isSecure` | bool | Is the connection to the endpoint address encryped
| `otel.isSecure` | bool | Is the connection to the endpoint address encrypted
| `otel.protocol` | string | Set to `http` or `grpc` protocol
| `zipkin.endpointAddress` | string | Set the Zipkin server address to send traces to
`samplingRate` is used to enable or disable the tracing. To disable the sampling rate ,
set `samplingRate : "0"` in the configuration. The valid range of samplingRate is between 0 and 1 inclusive. The sampling rate determines whether a trace span should be sampled or not based on value. `samplingRate : "1"` samples all traces. By default, the sampling rate is (0.0001) or 1 in 10,000 traces.
The OpenTelemetry (otel) endpoint can also be configured via an environment variables. The presence of the OTEL_EXPORTER_OTLP_ENDPOINT environment variable
turns on tracing for the sidecar.
| Environment Variable | Description |
|----------------------|-------------|
| `OTEL_EXPORTER_OTLP_ENDPOINT` | Sets the Open Telemetry (OTEL) server address, turns on tracing |
| `OTEL_EXPORTER_OTLP_INSECURE` | Sets the connection to the endpoint as unencrypted (true/false) |
| `OTEL_EXPORTER_OTLP_PROTOCOL` | Transport protocol (`grpc`, `http/protobuf`, `http/json`) |
See [Observability distributed tracing]({{< ref "tracing-overview.md" >}}) for more information.
#### Metrics

2
daprdocs/content/en/operations/hosting/self-hosted/self-hosted-with-podman.md
View File

@ -11,7 +11,7 @@ This article provides guidance on running Dapr with Podman on a Windows/Linux/ma
## Prerequisites
- [Dapr CLI]({{< ref install-dapr-cli.md >}})
- [Podman](https://podman.io/docs/tutorials/installation)
- [Podman](https://podman-desktop.io/downloads)
## Initialize Dapr environment

13
daprdocs/content/en/operations/monitoring/tracing/setup-tracing.md
View File

@ -33,7 +33,7 @@ The following table lists the properties for tracing:
| `samplingRate` | string | Set sampling rate for tracing to be enabled or disabled.
| `stdout` | bool | True write more verbose information to the traces
| `otel.endpointAddress` | string | Set the Open Telemetry (OTEL) server address.
| `otel.isSecure` | bool | Is the connection to the endpoint address encryped.
| `otel.isSecure` | bool | Is the connection to the endpoint address encrypted.
| `otel.protocol` | string | Set to `http` or `grpc` protocol.
| `zipkin.endpointAddress` | string | Set the Zipkin server address. If this is used, you do not need to specify the `otel` section.
@ -58,3 +58,14 @@ spec:
Dapr uses probabilistic sampling. The sample rate defines the probability a tracing span will be sampled and can have a value between 0 and 1 (inclusive). The default sample rate is 0.0001 (i.e. 1 in 10,000 spans is sampled).
Changing `samplingRate` to 0 disables tracing altogether.
## Environment variables
The OpenTelemetry (otel) endpoint can also be configured via an environment variables. The presence of the OTEL_EXPORTER_OTLP_ENDPOINT environment variable
turns on tracing for the sidecar.
| Environment Variable | Description |
|----------------------|-------------|
| `OTEL_EXPORTER_OTLP_ENDPOINT` | Sets the Open Telemetry (OTEL) server address, turns on tracing |
| `OTEL_EXPORTER_OTLP_INSECURE` | Sets the connection to the endpoint as unencrypted (true/false) |
| `OTEL_EXPORTER_OTLP_PROTOCOL` | Transport protocol (`grpc`, `http/protobuf`, `http/json`) |

10
daprdocs/content/en/reference/components-reference/supported-bindings/http.md
View File

@ -26,6 +26,8 @@ spec:
value: /Users/somepath/client.pem # OPTIONAL <path to client cert> or <pem encoded string>
- name: MTLSClientKey
value: /Users/somepath/client.key # OPTIONAL <path to client key> or <pem encoded string>
- name: MTLSRenegotiation
value: RenegotiateOnceAsClient # OPTIONAL one of: RenegotiateNever, RenegotiateOnceAsClient, RenegotiateFreelyAsClient
- name: securityToken # OPTIONAL <token to include as a header on HTTP requests>
secretKeyRef:
name: mysecret
@ -42,6 +44,7 @@ spec:
| MTLSRootCA | N | Output |Path to root ca certificate or pem encoded string |
| MTLSClientCert | N | Output |Path to client certificate or pem encoded string |
| MTLSClientKey | N | Output |Path client private key or pem encoded string |
| MTLSRenegotiation | N | Output |Type of TLS renegotiation to be used | `RenegotiateOnceAsClient`
| securityToken | N | Output |The value of a token to be added to an HTTP request as a header. Used together with `securityTokenHeader` |
| securityTokenHeader| N | Output |The name of the header for `securityToken` on an HTTP request that |
@ -317,6 +320,13 @@ These fields can be passed as a file path or as a pem encoded string.
- If the pem encoded string is provided, the string is used as is.
When these fields are configured, the Dapr sidecar uses the provided certificate to authenticate itself with the server during the TLS handshake process.
If the remote server is enforcing TLS renegotiation, you also need to set the metadata field `MTLSRenegotiation`. This field accepts one of following options:
- `RenegotiateNever`
- `RenegotiateOnceAsClient`
- `RenegotiateFreelyAsClient`.
For more details see [the Go `RenegotiationSupport` documentation](https://pkg.go.dev/crypto/tls#RenegotiationSupport).
### When to use:
You can use this when the server with which the HTTP binding is configured to communicate requires mTLS or client TLS authentication.

14
daprdocs/content/en/reference/components-reference/supported-bindings/rabbitmq.md
View File

@ -41,6 +41,14 @@ spec:
value: "text/plain"
- name: reconnectWaitInSeconds
value: 5
- name: externalSasl
value: false
- name: caCert
value: null
- name: clientCert
value: null
- name: clientKey
value: null
```
{{% alert title="Warning" color="warning" %}}
@ -52,7 +60,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| Field | Required | Binding support | Details | Example |
|--------------------|:--------:|------------|-----|---------|
| queueName | Y | Input/Output | The RabbitMQ queue name | `"myqueue"` |
| host | Y | Input/Output | The RabbitMQ host address | `"amqp://[username][:password]@host.domain[:port]"` |
| host | Y | Input/Output | The RabbitMQ host address | `"amqp://[username][:password]@host.domain[:port]"` or with TLS: `"amqps://[username][:password]@host.domain[:port]"` |
| durable | N | Output | Tells RabbitMQ to persist message in storage. Defaults to `"false"` | `"true"`, `"false"` |
| deleteWhenUnused | N | Input/Output | Enables or disables auto-delete. Defaults to `"false"` | `"true"`, `"false"` |
| ttlInSeconds | N | Output | Set the [default message time to live at RabbitMQ queue level](https://www.rabbitmq.com/ttl.html). If this parameter is omitted, messages won't expire, continuing to exist on the queue until processed. See [also](#specifying-a-ttl-per-message) | `60` |
@ -61,6 +69,10 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| maxPriority| N | Input/Output | Parameter to set the [priority queue](https://www.rabbitmq.com/priority.html). If this parameter is omitted, queue will be created as a general queue instead of a priority queue. Value between 1 and 255. See [also](#specifying-a-priority-per-message) | `"1"`, `"10"` |
| contentType | N | Input/Output | The content type of the message. Defaults to "text/plain". | `"text/plain"`, `"application/cloudevent+json"` and so on |
| reconnectWaitInSeconds | N | Input/Output | Represents the duration in seconds that the client should wait before attempting to reconnect to the server after a disconnection occurs. Defaults to `"5"`. | `"5"`, `"10"` |
| externalSasl | N | Input/Output | With TLS, should the username be taken from an additional field (e.g. CN.) See [RabbitMQ Authentication Mechanisms](https://www.rabbitmq.com/access-control.html#mechanisms). Defaults to `"false"`. | `"true"`, `"false"` |
| caCert | N | Input/Output | The CA certificate to use for TLS connection. Defaults to `null`. | `"-----BEGIN CERTIFICATE-----\nMI..."` |
| clientCert | N | Input/Output | The client certificate to use for TLS connection. Defaults to `null`. | `"-----BEGIN CERTIFICATE-----\nMI..."` |
| clientKey | N | Input/Output | The client key to use for TLS connection. Defaults to `null`. | `"-----BEGIN PRIVATE KEY-----\nMI..."` |
## Binding support
This component supports both **input and output** binding interfaces.

69
daprdocs/content/en/reference/components-reference/supported-bindings/s3.md
View File

@ -70,6 +70,11 @@ The above example uses secrets as plain strings. It is recommended to use a secr
When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernetes), if you're using a node/pod that has already been attached to an IAM policy defining access to AWS resources, you **must not** provide AWS access-key, secret-key, and tokens in the definition of the component spec you're using.
{{% /alert %}}
### S3 Bucket Creation
{{< tabs "Minio" "LocalStack" "AWS" >}}
{{% codetab %}}
### Using with Minio
[Minio](https://min.io/) is a service that exposes local storage as S3-compatible block storage, and it's a popular alternative to S3 especially in development environments. You can use the S3 binding with Minio too, with some configuration tweaks:
@ -78,6 +83,70 @@ When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernet
3. The value for `region` is not important; you can set it to `us-east-1`.
4. Depending on your environment, you may need to set `disableSSL` to `true` if you're connecting to Minio using a non-secure connection (using the `http://` protocol). If you are using a secure connection (`https://` protocol) but with a self-signed certificate, you may need to set `insecureSSL` to `true`.
{{% /codetab %}}
{{% codetab %}}
For local development, the [LocalStack project](https://github.com/localstack/localstack) is used to integrate AWS S3. Follow [these instructions](https://github.com/localstack/localstack#running) to run LocalStack.
To run LocalStack locally from the command line using Docker, use a `docker-compose.yaml` similar to the following:
```yaml
version: "3.8"
services:
localstack:
container_name: "cont-aws-s3"
image: localstack/localstack:1.4.0
ports:
- "127.0.0.1:4566:4566"
environment:
- DEBUG=1
- DOCKER_HOST=unix:///var/run/docker.sock
volumes:
- "<PATH>/init-aws.sh:/etc/localstack/init/ready.d/init-aws.sh" # init hook
- "${LOCALSTACK_VOLUME_DIR:-./volume}:/var/lib/localstack"
- "/var/run/docker.sock:/var/run/docker.sock"
```
To use the S3 component, you need to use an existing bucket. The example above uses a [LocalStack Initialization Hook](https://docs.localstack.cloud/references/init-hooks/) to setup the bucket.
To use LocalStack with your S3 binding, you need to provide the `endpoint` configuration in the component metadata. The `endpoint` is unnecessary when running against production AWS.
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: aws-s3
namespace: default
spec:
type: bindings.aws.s3
version: v1
metadata:
- name: bucket
value: conformance-test-docker
- name: endpoint
value: "http://localhost:4566"
- name: accessKey
value: "my-access"
- name: secretKey
value: "my-secret"
- name: region
value: "us-east-1"
```
{{% /codetab %}}
{{% codetab %}}
To use the S3 component, you need to use an existing bucket. Follow the [AWS documentation for creating a bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html).
{{% /codetab %}}
{{< /tabs >}}
## Binding support
This component supports **output binding** with the following operations:

103
daprdocs/content/en/reference/components-reference/supported-bindings/wasm.md Normal file
View File

@ -0,0 +1,103 @@
---
type: docs
title: "Wasm"
linkTitle: "Wasm"
description: "Detailed documentation on the WebAssembly binding component"
aliases:
- "/operations/components/setup-bindings/supported-bindings/wasm/"
---
## Overview
With WebAssembly, you can safely run code compiled in other languages. Runtimes
execute WebAssembly Modules (Wasm), which are most often binaries with a `.wasm`
extension.
The Wasm Binding allows you to invoke a program compiled to Wasm by passing
commandline args or environment variables to it, similar to how you would with
a normal subprocess. For example, you can satisfy an invocation using Python,
even though Dapr is written in Go and is running on a platform that doesn't have
Python installed!
The Wasm binary must be a program compiled with the WebAssembly System
Interface (WASI). The binary can be a program you've written such as in Go, or
an interpreter you use to run inlined scripts, such as Python.
Minimally, you must specify a Wasm binary compiled with the canonical WASI
version `wasi_snapshot_preview1` (a.k.a. `wasip1`), often abbreviated to `wasi`.
> **Note:** If compiling in Go 1.21+, this is `GOOS=wasip1 GOARCH=wasm`. In TinyGo, Rust, and Zig, this is the target `wasm32-wasi`.
You can also re-use an existing binary. For example, [Wasm Language Runtimes](https://github.com/vmware-labs/webassembly-language-runtimes)
distributes interpreters (including PHP, Python, and Ruby) already compiled to
WASI.
Wasm binaries are loaded from a URL. For example, the URL `file://rewrite.wasm`
loads `rewrite.wasm` from the current directory of the process. On Kubernetes,
see [How to: Mount Pod volumes to the Dapr sidecar]({{< ref kubernetes-volume-mounts.md >}})
to configure a filesystem mount that can contain Wasm binaries.
Dapr uses [wazero](https://wazero.io) to run these binaries, because it has no
dependencies. This allows use of WebAssembly with no installation process
except Dapr itself.
## Component format
To configure a Wasm binding, create a component of type
`bindings.wasm`. See [this guide]({{< ref "howto-bindings.md#1-create-a-binding" >}})
on how to create and apply a binding configuration.
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: wasm
spec:
type: bindings.wasm
version: v1
metadata:
- name: url
value: "file://uppercase.wasm"
```
## Spec metadata fields
| Field | Details | Required | Example |
|-------|----------------------------------------------------------------|----------|----------------|
| url | The URL of the resource including the Wasm binary to instantiate. The supported schemes include `file://`. The path of a `file://` URL is relative to the Dapr process unless it begins with `/`. | true | `file://hello.wasm` |
## Binding support
This component supports **output binding** with the following operations:
- `execute`
## Example request
The `data` field, if present will be the program's STDIN. You can optionally
pass metadata properties with each request:
- `args` any CLI arguments, comma-separated. This excludes the program name.
For example, if the binding `url` was a Ruby interpreter, such as from
[webassembly-language-runtimes](https://github.com/vmware-labs/webassembly-language-runtimes/releases/tag/ruby%2F3.2.0%2B20230215-1349da9),
the following request would respond back with "Hello, salaboy":
```json
{
"operation": "execute",
"metadata": {
"args": "-ne,'print \"Hello, \"; print'"
},
"data": "salaboy"
}
```
## Related links
- [Basic schema for a Dapr component]({{< ref component-schema >}})
- [Bindings building block]({{< ref bindings >}})
- [How-To: Trigger application with input binding]({{< ref howto-triggers.md >}})
- [How-To: Use bindings to interface with external resources]({{< ref howto-bindings.md >}})
- [Bindings API reference]({{< ref bindings_api.md >}})

27
daprdocs/content/en/reference/components-reference/supported-middleware/middleware-wasm.md
View File

@ -1,8 +1,8 @@
---
type: docs
title: "WASM"
linkTitle: "WASM"
description: "Use WASM middleware in your HTTP pipeline"
title: "Wasm"
linkTitle: "Wasm"
description: "Use Wasm middleware in your HTTP pipeline"
aliases:
- /developing-applications/middleware/supported-middleware/middleware-wasm/
---
@ -17,9 +17,10 @@ binary. In other words, you can extend Dapr using external files that are not
pre-compiled into the `daprd` binary. Dapr embeds [wazero](https://wazero.io)
to accomplish this without CGO.
Wasm modules are loaded from a filesystem path. On Kubernetes, see [mounting
volumes to the Dapr sidecar]({{< ref kubernetes-volume-mounts.md >}}) to configure
a filesystem mount that can contain Wasm modules.
Wasm binaries are loaded from a URL. For example, the URL `file://rewrite.wasm`
loads `rewrite.wasm` from the current directory of the process. On Kubernetes,
see [How to: Mount Pod volumes to the Dapr sidecar]({{< ref kubernetes-volume-mounts.md >}})
to configure a filesystem mount that can contain Wasm modules.
## Component format
@ -32,8 +33,8 @@ spec:
type: middleware.http.wasm
version: v1
metadata:
- name: path
value: "./router.wasm"
- name: url
value: "file://router.wasm"
```
## Spec metadata fields
@ -41,9 +42,9 @@ spec:
Minimally, a user must specify a Wasm binary implements the [http-handler](https://http-wasm.io/http-handler/).
How to compile this is described later.
| Field | Details | Required | Example |
|----------|----------------------------------------------------------------|----------|----------------|
| path | A relative or absolute path to the Wasm binary to instantiate. | true | "./hello.wasm" |
| Field | Details | Required | Example |
|-------|----------------------------------------------------------------|----------|----------------|
| url | The URL of the resource including the Wasm binary to instantiate. The supported schemes include `file://`. The path of a `file://` URL is relative to the Dapr process unless it begins with `/`. | true | `file://hello.wasm` |
## Dapr configuration
@ -109,7 +110,7 @@ func handleRequest(req api.Request, resp api.Response) (next bool, reqCtx uint32
```
If using TinyGo, compile as shown below and set the spec metadata field named
"path" to the location of the output (ex "router.wasm"):
"url" to the location of the output (for example, `file://router.wasm`):
```bash
tinygo build -o router.wasm -scheduler=none --no-debug -target=wasi router.go`
@ -145,7 +146,7 @@ func rewrite(requestURI []byte) ([]byte, error) {
```
If using TinyGo, compile as shown below and set the spec metadata field named
"path" to the location of the output (ex "example.wasm"):
"url" to the location of the output (for example, `file://example.wasm`):
```bash
tinygo build -o example.wasm -scheduler=none --no-debug -target=wasi example.go

75
daprdocs/content/en/reference/components-reference/supported-pubsub/setup-gcp-pubsub.md
View File

@ -25,6 +25,10 @@ spec:
value: service_account
- name: projectId
value: <PROJECT_ID> # replace
- name: endpoint # Optional.
value: "http://localhost:8085"
- name: consumerID # Optional - defaults to the app's own ID
value: <CONSUMER_ID>
- name: identityProjectId
value: <IDENTITY_PROJECT_ID> # replace
- name: privateKeyId
@ -46,11 +50,17 @@ spec:
- name: disableEntityManagement
value: "false"
- name: enableMessageOrdering
value: "false"
value: "false"
- name: orderingKey # Optional
value: <ORDERING_KEY>
- name: maxReconnectionAttempts # Optional
value: 30
- name: connectionRecoveryInSec # Optional
value: 2
- name: deadLetterTopic # Optional
value: <EXISTING_PUBSUB_TOPIC>
- name: maxDeliveryAttempts # Optional
value: 5
```
{{% alert title="Warning" color="warning" %}}
The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}).
@ -60,8 +70,9 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| Field | Required | Details | Example |
|--------------------|:--------:|---------|---------|
| type | N | GCP credentials type. Only `service_account` is supported. Defaults to `service_account` | `service_account`
| projectId | Y | GCP project id| `myproject-123`
| endpoint | N | GCP endpoint for the component to use. Only used for local development (for example) with [GCP Pub/Sub Emulator](https://cloud.google.com/pubsub/docs/emulator). The `endpoint` is unnecessary when running against the GCP production API. | `"http://localhost:8085"`
| `consumerID` | N | The Consumer ID organizes one or more consumers into a group. Consumers with the same consumer ID work as one virtual consumer; for example, a message is processed only once by one of the consumers in the group. If the consumer ID is not set, the Dapr runtime will set it to the Dapr application ID. The `consumerID`, along with the `topic` provided as part of the request, are used to build the Pub/Sub subscription ID |
| identityProjectId | N | If the GCP pubsub project is different from the identity project, specify the identity project using this attribute | `"myproject-123"`
| privateKeyId | N | If using explicit credentials, this field should contain the `private_key_id` field from the service account json document | `"my-private-key"`
| privateKey | N | If using explicit credentials, this field should contain the `private_key` field from the service account json | `-----BEGIN PRIVATE KEY-----MIIBVgIBADANBgkqhkiG9w0B`
@ -73,18 +84,78 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| clientX509CertUrl | N | If using explicit credentials, this field should contain the `client_x509_cert_url` field from the service account json | `https://www.googleapis.com/robot/v1/metadata/x509/myserviceaccount%40myproject.iam.gserviceaccount.com`
| disableEntityManagement | N | When set to `"true"`, topics and subscriptions do not get created automatically. Default: `"false"` | `"true"`, `"false"`
| enableMessageOrdering | N | When set to `"true"`, subscribed messages will be received in order, depending on publishing and permissions configuration. | `"true"`, `"false"`
| orderingKey |N | The key provided in the request. It's used when `enableMessageOrdering` is set to `true` to order messages based on such key. | "my-orderingkey"
| maxReconnectionAttempts | N |Defines the maximum number of reconnect attempts. Default: `30` | `30`
| connectionRecoveryInSec | N |Time in seconds to wait between connection recovery attempts. Default: `2` | `2`
| deadLetterTopic | N | Name of the GCP Pub/Sub Topic. This topic **must** exist before using this component. | `"myapp-dlq"`
| maxDeliveryAttempts | N | Maximum number of attempts to deliver the message. If `deadLetterTopic` is specified, `maxDeliveryAttempts` is the maximum number of attempts for failed processing of messages. Once that number is reached, the message will be moved to the dead-letter topic. Default: `5` | `5`
| type | N | **DEPRECATED** GCP credentials type. Only `service_account` is supported. Defaults to `service_account` | `service_account`
{{% alert title="Warning" color="warning" %}}
If `enableMessageOrdering` is set to "true", the roles/viewer or roles/pubsub.viewer role will be required on the service account in order to guarantee ordering in cases where order tokens are not embedded in the messages. If this role is not given, or the call to Subscription.Config() fails for any other reason, ordering by embedded order tokens will still function correctly.
{{% /alert %}}
## GCP Credentials
Since the GCP Pub/Sub component uses the GCP Go Client Libraries, by default it authenticates using **Application Default Credentials**. This is explained further in the [Authenticate to GCP Cloud services using client libraries](https://cloud.google.com/docs/authentication/client-libraries) guide.
## Create a GCP Pub/Sub
{{< tabs "Self-Hosted" "GCP" >}}
{{% codetab %}}
For local development, the [GCP Pub/Sub Emulator](https://cloud.google.com/pubsub/docs/emulator) is used to test the GCP Pub/Sub Component. Follow [these instructions](https://cloud.google.com/pubsub/docs/emulator#start) to run the GCP Pub/Sub Emulator.
To run the GCP Pub/Sub Emulator locally using Docker, use the following `docker-compose.yaml`:
```yaml
version: '3'
services:
pubsub:
image: gcr.io/google.com/cloudsdktool/cloud-sdk:422.0.0-emulators
ports:
- "8085:8085"
container_name: gcp-pubsub
entrypoint: gcloud beta emulators pubsub start --project local-test-prj --host-port 0.0.0.0:8085
```
In order to use the GCP Pub/Sub Emulator with your pub/sub binding, you need to provide the `endpoint` configuration in the component metadata. The `endpoint` is unnecessary when running against the GCP Production API.
The **projectId** attribute must match the `--project` used in either the `docker-compose.yaml` or Docker command.
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: gcp-pubsub
spec:
type: pubsub.gcp.pubsub
version: v1
metadata:
- name: projectId
value: "local-test-prj"
- name: consumerID
value: "testConsumer"
- name: endpoint
value: "localhost:8085"
```
{{% /codetab %}}
{{% codetab %}}
You can use either "explicit" or "implicit" credentials to configure access to your GCP pubsub instance. If using explicit, most fields are required. Implicit relies on dapr running under a Kubernetes service account (KSA) mapped to a Google service account (GSA) which has the necessary permissions to access pubsub. In implicit mode, only the `projectId` attribute is needed, all other are optional.
Follow the instructions [here](https://cloud.google.com/pubsub/docs/quickstart-console) on setting up Google Cloud Pub/Sub system.
{{% /codetab %}}
{{< /tabs >}}
## Related links
- [Basic schema for a Dapr component]({{< ref component-schema >}})
- Read [this guide]({{< ref "howto-publish-subscribe.md#step-2-publish-a-topic" >}}) for instructions on configuring pub/sub components

8
daprdocs/content/en/reference/components-reference/supported-pubsub/setup-rocketmq.md
View File

@ -58,12 +58,20 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| producerQueueSelector (queueSelector) | N | Producer Queue selector. There are five implementations of queue selector: `hash`, `random`, `manual`, `roundRobin`, `dapr`. | `dapr` | `hash` |
| consumerModel | N | Message model that defines how messages are delivered to each consumer client. RocketMQ supports two message models: `clustering` and `broadcasting`. | `clustering` | `broadcasting` , `clustering` |
| fromWhere (consumeFromWhere) | N | Consuming point on consumer booting. There are three consuming points: `CONSUME_FROM_LAST_OFFSET`, `CONSUME_FROM_FIRST_OFFSET`, `CONSUME_FROM_TIMESTAMP` | `CONSUME_FROM_LAST_OFFSET` | `CONSUME_FROM_LAST_OFFSET` |
| consumeTimestamp | N | Backtracks consumption time with second precision. Time format is `yyyymmddhhmmss`. For example, `20131223171201` implies the time of 17:12:01 and date of December 23, 2013 | ` time.Now().Add(time.Minute * (-30)).Format("20060102150405")` | `20131223171201` |
| consumeOrderly | N | Determines if it's an ordered message using FIFO order. | `false` | `false` |
| consumeMessageBatchMaxSize | N | Batch consumption size out of range `[1, 1024]` | `512` | `10` |
| consumeConcurrentlyMaxSpan | N | Concurrently max span offset. This has no effect on sequential consumption. Range: `[1, 65535]` | `1000` | `1000` |
| maxReconsumeTimes | N | Max re-consume times. `-1` means 16 times. If messages are re-consumed more than {@link maxReconsumeTimes} before success, they'll be directed to a deletion queue. | Orderly message is `MaxInt32`; Concurrently message is `16` | `16` |
| autoCommit | N | Enable auto commit | `true` | `false` |
| consumeTimeout | N | Maximum amount of time a message may block the consuming thread. Time unit: Minute | `15` | `15` |
| consumerPullTimeout | N | The socket timeout in milliseconds | | |
| pullInterval | N | Message pull interval | `100` | `100` |
| pullBatchSize | N | The number of messages pulled from the broker at a time. If `pullBatchSize` is `null`, use `ConsumerBatchSize`. `pullBatchSize` out of range `[1, 1024]` | `32` | `10` |
| pullThresholdForQueue | N | Flow control threshold on queue level. Each message queue will cache a maximum of 1000 messages by default. Consider the `PullBatchSize` - the instantaneous value may exceed the limit. Range: `[1, 65535]` | `1024` | `1000` |
| pullThresholdForTopic | N | Flow control threshold on topic level. The value of `pullThresholdForQueue` will be overwritten and calculated based on `pullThresholdForTopic` if it isn't unlimited. For example, if the value of `pullThresholdForTopic` is 1000 and 10 message queues are assigned to this consumer, then `pullThresholdForQueue` will be set to 100. Range: `[1, 6553500]` | `-1(Unlimited)` | `10` |
| pullThresholdSizeForQueue | N | Limit the cached message size on queue level. Consider the `pullBatchSize` - the instantaneous value may exceed the limit. The size of a message is only measured by message body, so it's not accurate. Range: `[1, 1024]` | `100` | `100` |
| pullThresholdSizeForTopic | N | Limit the cached message size on topic level. The value of `pullThresholdSizeForQueue` will be overwritten and calculated based on `pullThresholdSizeForTopic` if it isn't unlimited. For example, if the value of `pullThresholdSizeForTopic` is 1000 MiB and 10 message queues are assigned to this consumer, then `pullThresholdSizeForQueue` will be set to 100 MiB. Range: `[1, 102400]` | `-1` | `100` |
| content-type | N | Message content type. | `"text/plain"` | `"application/cloudevents+json; charset=utf-8"`, `"application/octet-stream"` |
| logLevel | N | Log level | `warn` | `info` |
| sendTimeOut | N | Send message timeout to connect RocketMQ's broker, measured in nanoseconds. **Deprecated**. | 3 seconds | `10000000000` |

46
daprdocs/content/en/reference/components-reference/supported-state-stores/setup-firestore.md
View File

@ -21,30 +21,32 @@ spec:
type: state.gcp.firestore
version: v1
metadata:
- name: type
value: <REPLACE-WITH-CREDENTIALS-TYPE> # Required. Example: "serviceaccount"
- name: project_id
value: <REPLACE-WITH-PROJECT-ID> # Required.
- name: endpoint # Optional.
value: "http://localhost:8432"
- name: private_key_id
value: <REPLACE-WITH-PRIVATE-KEY-ID> # Required.
value: <REPLACE-WITH-PRIVATE-KEY-ID> # Optional.
- name: private_key
value: <REPLACE-WITH-PRIVATE-KEY> # Required.
value: <REPLACE-WITH-PRIVATE-KEY> # Optional, but Required if `private_key_id` is specified.
- name: client_email
value: <REPLACE-WITH-CLIENT-EMAIL> # Required.
value: <REPLACE-WITH-CLIENT-EMAIL> # Optional, but Required if `private_key_id` is specified.
- name: client_id
value: <REPLACE-WITH-CLIENT-ID> # Required.
value: <REPLACE-WITH-CLIENT-ID> # Optional, but Required if `private_key_id` is specified.
- name: auth_uri
value: <REPLACE-WITH-AUTH-URI> # Required.
value: <REPLACE-WITH-AUTH-URI> # Optional.
- name: token_uri
value: <REPLACE-WITH-TOKEN-URI> # Required.
value: <REPLACE-WITH-TOKEN-URI> # Optional.
- name: auth_provider_x509_cert_url
value: <REPLACE-WITH-AUTH-X509-CERT-URL> # Required.
value: <REPLACE-WITH-AUTH-X509-CERT-URL> # Optional.
- name: client_x509_cert_url
value: <REPLACE-WITH-CLIENT-x509-CERT-URL> # Required.
value: <REPLACE-WITH-CLIENT-x509-CERT-URL> # Optional.
- name: entity_kind
value: <REPLACE-WITH-ENTITY-KIND> # Optional. default: "DaprState"
- name: noindex
value: <REPLACE-WITH-BOOLEAN> # Optional. default: "false"
- name: type
value: <REPLACE-WITH-CREDENTIALS-TYPE> # Deprecated.
```
{{% alert title="Warning" color="warning" %}}
@ -55,17 +57,23 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| Field | Required | Details | Example |
|--------------------|:--------:|---------|---------|
| type | Y | The credentials type | `"serviceaccount"`
| project_id | Y | The ID of the GCP project to use | `"project-id"`
| private_key_id | Y | The ID of the prvate key to use | `"private-key-id"`
| client_email | Y | The email address for the client | `"eample@example.com"`
| client_id | Y | The client id value to use for authentication | `"client-id"`
| auth_uri | Y | The authentication URI to use | `"https://accounts.google.com/o/oauth2/auth"`
| token_uri | Y | The token URI to query for Auth token | `"https://oauth2.googleapis.com/token"`
| auth_provider_x509_cert_url | Y | The auth provider certificate URL | `"https://www.googleapis.com/oauth2/v1/certs"`
| client_x509_cert_url | Y | The client certificate URL | `"https://www.googleapis.com/robot/v1/metadata/x509/x"`
| endpoint | N | GCP endpoint for the component to use. Only used for local development with (for example) [GCP Datastore Emulator](https://cloud.google.com/datastore/docs/tools/datastore-emulator). The `endpoint` is unnecessary when running against the GCP production API. | `"localhost:8432"`
| private_key_id | N | The ID of the prvate key to use | `"private-key-id"`
| privateKey | N | If using explicit credentials, this field should contain the `private_key` field from the service account json | `-----BEGIN PRIVATE KEY-----MIIBVgIBADANBgkqhkiG9w0B`
| client_email | N | The email address for the client | `"eample@example.com"`
| client_id | N | The client id value to use for authentication | `"client-id"`
| auth_uri | N | The authentication URI to use | `"https://accounts.google.com/o/oauth2/auth"`
| token_uri | N | The token URI to query for Auth token | `"https://oauth2.googleapis.com/token"`
| auth_provider_x509_cert_url | N | The auth provider certificate URL | `"https://www.googleapis.com/oauth2/v1/certs"`
| client_x509_cert_url | N | The client certificate URL | `"https://www.googleapis.com/robot/v1/metadata/x509/x"`
| entity_kind | N | The entity name in Filestore. Defaults to `"DaprState"` | `"DaprState"`
| noindex | N | Whether to disable indexing of state entities. Use this setting if you encounter Firestore index size limitations. Defaults to `"false"` | `"true"`
| type | N | **DEPRECATED** The credentials type | `"serviceaccount"`
## GCP Credentials
Since the GCP Firestore component uses the GCP Go Client Libraries, by default it authenticates using **Application Default Credentials**. This is explained in the [Authenticate to GCP Cloud services using client libraries](https://cloud.google.com/docs/authentication/client-libraries) guide.
## Setup GCP Firestore
@ -74,7 +82,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr
{{% codetab %}}
You can use the GCP Datastore emulator to run locally using the instructions [here](https://cloud.google.com/datastore/docs/tools/datastore-emulator).
You can then interact with the server using `localhost:8081`.
You can then interact with the server using `http://localhost:8432`.
{{% /codetab %}}
{{% codetab %}}

3
daprdocs/content/en/reference/environment/_index.md
View File

@ -24,3 +24,6 @@ The following table lists the environment variables used by the Dapr runtime, CL
| DAPR_HELM_REPO_URL | Your private Dapr Helm chart url | Specifies a private Dapr Helm chart url, which defaults to the official Helm chart URL: `https://dapr.github.io/helm-charts`|
| DAPR_HELM_REPO_USERNAME | A username for a private Helm chart | The username required to access the private Dapr Helm chart. If it can be accessed publicly, this env variable does not need to be set|
| DAPR_HELM_REPO_PASSWORD | A password for a private Helm chart |The password required to access the private Dapr helm chart. If it can be accessed publicly, this env variable does not need to be set|
| OTEL_EXPORTER_OTLP_ENDPOINT | OpenTelemetry Tracing | Sets the Open Telemetry (OTEL) server address, turns on tracing. (Example: `http://localhost:4318`) |
| OTEL_EXPORTER_OTLP_INSECURE | OpenTelemetry Tracing | Sets the connection to the endpoint as unencrypted. (`true`, `false`) |
| OTEL_EXPORTER_OTLP_PROTOCOL | OpenTelemetry Tracing | The OTLP protocol to use Transport protocol. (`grpc`, `http/protobuf`, `http/json`) |

4
daprdocs/data/components/bindings/aws.yaml
View File

@ -8,9 +8,9 @@
output: true
- component: AWS S3
link: s3
state: Alpha
state: Stable
version: v1
since: "1.0"
since: "1.11"
features:
input: false
output: true

8
daprdocs/data/components/bindings/generic.yaml
View File

@ -142,3 +142,11 @@
features:
input: true
output: true
- component: Wasm
link: wasm
state: Alpha
version: v1
since: "1.11"
features:
input: false
output: true

8
daprdocs/data/components/configuration_stores/generic.yaml
View File

@ -1,13 +1,13 @@
- component: Redis
link: redis-configuration-store
state: Alpha
state: Stable
version: v1
since: "1.5"
since: "1.11"
- component: Postgres
link: postgres-configuration-store
state: Alpha
state: Stable
version: v1
since: "1.9"
since: "1.11"
- component: Azure App Configuration
link: azure-appconfig-configuration-store
state: Alpha

7
daprdocs/data/components/middleware/http.yaml
View File

@ -15,7 +15,8 @@
description: Enables the [OAuth2 Client Credentials Grant flow](https://tools.ietf.org/html/rfc6749#section-4.4) on a Web API
- component: OpenID Connect
link: /reference/components-reference/supported-middleware/middleware-bearer
state: Alpha
state: Stable
since: "1.11"
version: v1
description: Verifies a [Bearer Token](https://tools.ietf.org/html/rfc6750) using [OpenID Connect](https://openid.net/connect/) on a Web API
- component: Rego/OPA Policies
@ -43,8 +44,8 @@
state: Stable
version: v1
description: Converts the body of the request to uppercase letters (demo)
- component: WASM
- component: Wasm
link: /reference/components-reference/supported-middleware/middleware-wasm
state: Alpha
version: v1
description: Use WASM middleware in your HTTP pipeline
description: Use Wasm middleware in your HTTP pipeline

4
daprdocs/data/components/pubsub/gcp.yaml
View File

@ -1,8 +1,8 @@
- component: GCP Pub/Sub
link: setup-gcp-pubsub
state: Alpha
state: Stable
version: v1
since: "1.0"
since: "1.11"
features:
bulkPublish: false
bulkSubscribe: false

4
daprdocs/data/components/state_stores/gcp.yaml
View File

@ -1,8 +1,8 @@
- component: GCP Firestore
link: setup-firestore
state: Alpha
state: Stable
version: v1
since: "1.0"
since: "1.11"
features:
crud: true
transactions: false

4
daprdocs/data/components/state_stores/generic.yaml
View File

@ -165,9 +165,9 @@
query: false
- component: SQLite
link: setup-sqlite
state: Beta
state: Stable
version: v1
since: "1.10"
since: "1.11"
features:
crud: true
transactions: true