dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Upmerge 2021 05 03 (#1457) 

* Added table to show Kubernetes options

When I read this doc it was unclear that the cert could be provided as a secret. The only table on the original version showed `spnCertificateFile` as a required option. I added a second table to make it clear that in Kubernetes there is a `spnCertificate` option that does not require a file on disk.

* incorporating feedback

* Update concepts and add terminology page

* Add note on gRPC

* Update concepts docs

* Fix typo

Add a missing word

* Clarify state management examples

* Add info on reporting security issues

* Update daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md

* Update daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md

* Fix self-hosted docs

* Remove name-resolution reference

* Simplify options

* Update components-concept.md

* Update configuration-concept.md

* Update overview.md

* Update terminology.md

* fix pulsar pubsub conponent metadata fields enableTLS to not required

* Fix self-hosted description

* clarify integrations

* Removed duplicate word

Removed additional "are"

* Don't mark as stale if waiting on code pr

Co-authored-by: Donovan Brown <dbrown@microsoft.com>
Co-authored-by: Ori Zohar <orzohar@microsoft.com>
Co-authored-by: Esteban Luchsinger <eluchsingerm@hotmail.com>
Co-authored-by: Mark Fussell <mfussell@microsoft.com>
Co-authored-by: zhangchao <zchao9100@gmail.com>
This commit is contained in:
Aaron Crawfis 2021-05-04 10:38:23 -07:00 committed by GitHub
parent 1cabb2cec3
commit c83b62396d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 285 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/stale-pr-monitor.yml vendored
View File

@ -17,5 +17,5 @@ jobs:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-pr-message: 'Stale PR, paging all reviewers'
stale-pr-label: 'stale'
exempt-pr-labels: 'question,"help wanted",do-not-merge'
exempt-pr-labels: 'question,"help wanted",do-not-merge,waiting-on-code-pr'
days-before-stale: 5

44
daprdocs/content/en/concepts/components-concept.md
View File

@ -14,18 +14,42 @@ Dapr uses a modular design where functionality is delivered as a component. Each
The following are the component types provided by Dapr:
* [Bindings](https://github.com/dapr/components-contrib/tree/master/bindings)
* [Pub/sub](https://github.com/dapr/components-contrib/tree/master/pubsub)
* [Middleware](https://github.com/dapr/components-contrib/tree/master/middleware)
* [Service discovery name resolution](https://github.com/dapr/components-contrib/tree/master/nameresolution)
* [Secret stores](https://github.com/dapr/components-contrib/tree/master/secretstores)
* [State](https://github.com/dapr/components-contrib/tree/master/state)
## State stores
State store components are data stores (databases, files, memory) that store key-value pairs as part of the [state management]({{< ref "state-management-overview.md" >}}) building block.
- [List of state stores]({{< ref supported-state-stores >}})
- [State store implementations](https://github.com/dapr/components-contrib/tree/master/state)
## Service discovery
### Service invocation and service discovery components
Service discovery components are used with the [service invocation]({{<ref "service-invocation-overview.md">}}) building block to integrate with the hosting environment to provide service-to-service discovery. For example, the Kubernetes service discovery component integrates with the Kubernetes DNS service and self hosted uses mDNS.
### Service invocation and middleware components
- [Service discovery name resolution implementations](https://github.com/dapr/components-contrib/tree/master/nameresolution)
## Middleware
Dapr allows custom [middleware]({{<ref "middleware-concept.md">}}) to be plugged into the request processing pipeline. Middleware can perform additional actions on a request, such as authentication, encryption and message transformation before the request is routed to the user code, or before the request is returned to the client. The middleware components are used with the [service invocation]({{<ref "service-invocation-overview.md">}}) building block.
### Secret store components
In Dapr, a [secret]({{<ref "secrets-overview.md">}}) is any piece of private information that you want to guard against unwanted users. Secrets stores, used to store secrets, are Dapr components and can be used by any of the building blocks.
- [Middleware implementations](https://github.com/dapr/components-contrib/tree/master/middleware)
## Pub/sub brokers
Pub/sub broker components are message brokers that can pass messages to/from services as part of the [publish & subscribe]({{< ref pubsub-overview.md >}}) building block.
- [List of pub/sub brokers]({{< ref supported-pubsub >}})
- [Pub/sub broker implementations](https://github.com/dapr/components-contrib/tree/master/pubsub)
## Bindings
External resources can connect to Dapr in order to trigger a service or be called from a service as part of the [bindings]({{< ref bindings-overview.md >}}) building block.
- [List of supported bindings]({{< ref supported-bindings >}})
- [Binding implementations](https://github.com/dapr/components-contrib/tree/master/bindings)
## Secret stores
In Dapr, a [secret]({{<ref "secrets-overview.md">}}) is any piece of private information that you want to guard against unwanted users. Secrets stores are used to store secrets that can be retrieved and used in services.
- [List of supported secret stores]({{< ref supported-secret-stores >}})
- [Secret store implementations](https://github.com/dapr/components-contrib/tree/master/secretstores)

20
daprdocs/content/en/concepts/configuration-concept.md
View File

@ -6,7 +6,23 @@ weight: 400
description: "Change the behavior of Dapr sidecars or globally on Dapr system services"
---
Dapr configurations are settings that enable you to change the behavior of individual Dapr application sidecars or globally on the system services in the Dapr control plane.
An example of a per Dapr application sidecar setting is configuring trace settings. An example of a Dapr control plane setting is mutual TLS which is a global setting on the Sentry system service.
Dapr configurations are settings that enable you to change both the behavior of individual Dapr applications, or the global behavior of the system services in the Dapr control plane.
Configurations are defined and deployed as a YAML file. An application configuration example is like this:
```yaml
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
name: daprConfig
namespace: default
spec:
tracing:
samplingRate: "1"
zipkin:
endpointAddress: "http://localhost:9411/api/v2/spans"
```
This configuration configures tracing for telemetry recording. It can be loaded in self-hosted mode by editing the default configuration file called `config.yaml` file in your `.dapr` directory, or by applying it to your Kubernetes cluster with kubectl/helm.
Read [this page]({{<ref "configuration-overview.md">}}) for a list of all configuration options.

133
daprdocs/content/en/concepts/overview.md
View File

@ -9,7 +9,7 @@ description: >
Dapr is a portable, event-driven runtime that makes it easy for any developer to build resilient, stateless and stateful applications that run on the cloud and edge and embraces the diversity of languages and developer frameworks.
{{< youtube 9o9iDAgYBA8 >}}
<iframe width="1120" height="630" src="https://www.youtube.com/embed/9o9iDAgYBA8" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
## Any language, any framework, anywhere
@ -29,7 +29,7 @@ Using Dapr you can easily build microservice applications using any language, an
There are many considerations when architecting microservices applications. Dapr provides best practices for common capabilities when building microservice applications that developers can use in a standard way and deploy to any environment. It does this by providing distributed system building blocks.
Each of these building blocks is independent, meaning that you can use one, some or all of them in your application. In this initial release of Dapr, the following building blocks are provided:
Each of these building blocks is independent, meaning that you can use one, some or all of them in your application. Today, the following building blocks are available:
| Building Block | Description |
|----------------|-------------|
@ -43,84 +43,79 @@ Each of these building blocks is independent, meaning that you can use one, some
## Sidecar architecture
Dapr exposes its APIs as a sidecar architecture, either as a container or as a process, not requiring the application code to include any Dapr runtime code. This makes integration with Dapr easy from other runtimes, as well as providing separation of the application logic for improved supportability.
Dapr exposes its HTTP and gRPC APIs as a sidecar architecture, either as a container or as a process, not requiring the application code to include any Dapr runtime code. This makes integration with Dapr easy from other runtimes, as well as providing separation of the application logic for improved supportability.
## Hosting Environments
Dapr can be hosted in multiple environments, including self hosted for local development or to deploy to a group of VMs, Kubernetes and edge environments such as Azure IoT Edge.
<img src="/images/overview-sidecar-model.png" width=700>
### Self hosted
## Hosting environments
In self hosted mode Dapr runs as a separate side-car process which your service code can call via HTTP or gRPC. In self hosted mode, you can also deploy Dapr onto a set of VMs.
Dapr can be hosted in multiple environments, including self-hosted on a Windows/Linux/macOS machine and on Kubernetes.
<img src="/images/overview-sidecar.png" width=1000>
### Self-hosted
### Kubernetes hosted
In container hosting environments such as Kubernetes, Dapr runs as a side-car container with the application container in the same pod.
<img src="/images/overview-sidecar-kubernetes.png" width=1000>
## Developer language SDKs and frameworks
To make using Dapr more natural for different languages, it also includes [language specific SDKs]({{<ref sdks>}}) for C++, Go, Java, JavaScript, Python, Rust .NET and PHP. These SDKs expose the functionality in the Dapr building blocks, such as saving state, publishing an event or creating an actor, through a typed, language API rather than calling the http/gRPC API. This enables you to write a combination of stateless and stateful functions and actors all in the language of their choice. And because these SDKs share the Dapr runtime, you get cross-language actor and functions support.
### SDKs
- **[C++ SDK](https://github.com/dapr/cpp-sdk)**
- **[Go SDK](https://github.com/dapr/go-sdk)**
- **[Java SDK](https://github.com/dapr/java-sdk)**
- **[Javascript SDK](https://github.com/dapr/js-sdk)**
- **[Python SDK](https://github.com/dapr/python-sdk)**
- **[RUST SDK](https://github.com/dapr/rust-sdk)**
- **[.NET SDK](https://github.com/dapr/dotnet-sdk)**
- **[PHP SDK](https://github.com/dapr/php-sdk)**
> Note: Dapr is language agnostic and provides a [RESTful HTTP API]({{< ref api >}}) in addition to the protobuf clients.
### Developer frameworks
Dapr can be used from any developer framework. Here are some that have been integrated with Dapr.
#### Web
In the Dapr [.NET SDK](https://github.com/dapr/dotnet-sdk) you can find [ASP.NET Core](https://dotnet.microsoft.com/apps/aspnet) integration, which brings stateful routing controllers that respond to pub/sub events from other services.
In the Dapr [Java SDK](https://github.com/dapr/java-sdk) you can find [Spring Boot](https://spring.io/) integration.
Dapr integrates easily with Python [Flask](https://pypi.org/project/Flask/) and node [Express](http://expressjs.com/). See examples in the [Dapr quickstarts](https://github.com/dapr/quickstarts).
In the Dapr [PHP-SDK](https://github.com/dapr/php-sdk) you can serve with Apache, Nginx, or Caddyserver.
#### Actors
Dapr SDKs support for [virtual actors]({{< ref actors >}}) which are stateful objects that make concurrency simple, have method and state encapsulation, and are designed for scalable, distributed applications.
#### Azure Functions
Dapr integrates with the Azure Functions runtime via an extension that lets a function seamlessly interact with Dapr. Azure Functions provides an event-driven programming model and Dapr provides cloud-native building blocks. With this extension, you can bring both together for serverless and event-driven apps. For more information read
[Azure Functions extension for Dapr](https://cloudblogs.microsoft.com/opensource/2020/07/01/announcing-azure-functions-extension-for-dapr/) and visit the [Azure Functions extension](https://github.com/dapr/azure-functions-extension) repo to try out the samples.
#### Dapr workflows
To enable developers to easily build workflow applications that use Daprs capabilities including diagnostics and multi-language support, you can use Dapr workflows. Dapr integrates with workflow engines such as Logic Apps. For more information read
[cloud-native workflows using Dapr and Logic Apps](https://cloudblogs.microsoft.com/opensource/2020/05/26/announcing-cloud-native-workflows-dapr-logic-apps/) and visit the [Dapr workflow](https://github.com/dapr/workflows) repo to try out the samples.
## Designed for Operations
Dapr is designed for [operations](/operations/). The [services dashboard](https://github.com/dapr/dashboard), installed via the Dapr CLI, provides a web-based UI enabling you to see information, view logs and more for the Dapr sidecars.
The [monitoring tools support](/operations/monitoring/) provides deeper visibility into the Dapr system services and side-cars and the [observability capabilities]({{<ref "observability-concept.md">}}) of Dapr provide insights into your application such as tracing and metrics.
## Run anywhere
### Running Dapr on a local developer machine in self hosted mode
Dapr can be configured to run on your local developer machine in [self-hosted mode]({{< ref self-hosted >}}). Each running service has a Dapr runtime process (or sidecar) which is configured to use state stores, pub/sub, binding components and the other building blocks.
In [self-hosted mode]({{< ref self-hosted-overview.md >}}) Dapr runs as a separate sidecar process which your service code can call via HTTP or gRPC. Each running service has a Dapr runtime process (or sidecar) which is configured to use state stores, pub/sub, binding components and the other building blocks.
You can use the [Dapr CLI](https://github.com/dapr/cli#launch-dapr-and-your-app) to run a Dapr enabled application on your local machine. Try this out with the [getting started samples]({{< ref getting-started >}}).
<img src="/images/overview_standalone.png" width=800>
<img src="/images/overview_standalone.png" width=1000 alt="Architecture diagram of Dapr in self-hosted mode">
### Running Dapr in Kubernetes mode
### Kubernetes hosted
Dapr can be configured to run on any [Kubernetes cluster]({{< ref kubernetes >}}). In Kubernetes the `dapr-sidecar-injector` and `dapr-operator` services provide first class integration to launch Dapr as a sidecar container in the same pod as the service container and provide notifications of Dapr component updates provisioned into the cluster.
In container hosting environments such as Kubernetes, Dapr runs as a sidecar container with the application container in the same pod.
The `dapr-sidecar-injector` and `dapr-operator` services provide first class integration to launch Dapr as a sidecar container in the same pod as the service container and provide notifications of Dapr component updates provisioned into the cluster.
The `dapr-sentry` service is a certificate authority that enables mutual TLS between Dapr sidecar instances for secure data encryption. For more information on the `Sentry` service read the [security overview]({{< ref "security-concept.md#dapr-to-dapr-communication" >}})
<img src="/images/overview_kubernetes.png" width=800>
Deploying and running a Dapr enabled application into your Kubernetes cluster is as simple as adding a few annotations to the deployment schemes. Visit the [Dapr on Kubernetes docs]({{< ref kubernetes >}})
Deploying and running a Dapr enabled application into your Kubernetes cluster is as simple as adding a few annotations to the deployment schemes. You can see some examples [here](https://github.com/dapr/quickstarts/tree/master/hello-kubernetes/deploy) in the Kubernetes getting started sample. Try this out with the [Kubernetes quickstart](https://github.com/dapr/quickstarts/tree/master/hello-kubernetes).
<img src="/images/overview_kubernetes.png" width=1000 alt="Architecture diagram of Dapr in Kubernetes mode">
## Developer language SDKs and frameworks
Dapr offers a variety of SDKs and frameworks to make it easy to begin developing with Dapr in your preferred language.
### Dapr SDKs
To make using Dapr more natural for different languages, it also includes [language specific SDKs]({{<ref sdks>}}) for:
- C++
- Go
- Java
- JavaScript
- Python
- Rust
- .NET
- PHP
These SDKs expose the functionality of the Dapr building blocks through a typed language API, rather than calling the http/gRPC API. This enables you to write a combination of stateless and stateful functions and actors all in the language of their choice. And because these SDKs share the Dapr runtime, you get cross-language actor and functions support.
### Developer frameworks
Dapr can be used from any developer framework. Here are some that have been integrated with Dapr:
#### Web
| Language | Frameworks | Description |
|----------|------------|-------------|
| [.NET]({{< ref dotnet >}}) | [ASP.NET]({{< ref dotnet-aspnet.md >}}) | Brings stateful routing controllers that respond to pub/sub events from other services. Can also take advantage of [ASP.NET Core gRPC Services](https://docs.microsoft.com/en-us/aspnet/core/grpc/).
| [Java](https://github.com/dapr/java-sdk) | [Spring Boot](https://spring.io/)
| [Python]({{< ref python >}}) | [Flask]({{< ref python-flask.md >}})
| [Javascript](https://github.com/dapr/js-sdk) | [Express](http://expressjs.com/)
| [PHP]({{< ref php >}}) | | You can serve with Apache, Nginx, or Caddyserver.
#### Integrations and extensions
Visit the [integrations]({{< ref integrations >}}) page to learn about some of the first-class support Dapr has for various frameworks and external products, including:
- Azure Functions runtime
- Azure Logic Apps runtime
- Azure API Management
- KEDA
- Visual Studio Code
## Designed for operations
Dapr is designed for [operations]({{< ref operations >}}) and security. The Dapr sidecars, runtime, components, and configuration can all be managed and deployed easily and securly to match your organization's needs.
The [services dashboard](https://github.com/dapr/dashboard), installed via the Dapr CLI, provides a web-based UI enabling you to see information, view logs and more for the Dapr sidecars.
The [monitoring tools support]({{< ref monitoring >}}) provides deeper visibility into the Dapr system services and side-cars and the [observability capabilities]({{<ref "observability-concept.md">}}) of Dapr provide insights into your application such as tracing and metrics.

3
daprdocs/content/en/concepts/security-concept.md
View File

@ -145,3 +145,6 @@ The test focused on the following:
The full report can be found [here](/docs/Dapr-july-2020-security-audit-report.pdf).
## Reporting a security issue
Visit [this page]({{< ref support-security-issues.md >}}) to report a security issue to the Dapr maintainers.

21
daprdocs/content/en/concepts/terminology.md Normal file
View File

@ -0,0 +1,21 @@
---
type: docs
title: "Dapr terminology and definitions"
linkTitle: "Terminology"
weight: 800
description: Definitions for common terms and acronyms in the Dapr documentation
---
This page details all of the common terms you may come across in the Dapr docs.
| Term | Definition | More information |
|:-----|------------|------------------|
| App/Application | A running service/binary, usually that you as the user create and run.
| Building block | An API that Dapr provides to users to help in the creation of microservices and applications. | [Dapr building blocks]({{< ref building-blocks-concept.md >}})
| Component | Modular types of functionality that are used either individually or with a collection of other components, by a Dapr building block. | [Dapr components]({{< ref components-concept.md >}})
| Configuration | A YAML file declaring all of the settings for Dapr sidecars or the Dapr control plane. It is here where you can configure control plane mTLS settings, or the tracing, and middleware settings for an application instance. | [Dapr configuration]({{< ref configuration-concept.md >}})
| Dapr | Distributed Application Runtime. | [Dapr overview]({{< ref overview.md >}})
| Dapr control plane | A collection of services that are part of a Dapr installation on a hosting platform such as a Kubernetes cluster. Allow Dapr enabled applications to run on that platform and handles Dapr capabilities such as actor placement, Dapr sidecar injection or certificate issuance/rollover. | [Self-hosted overview]({{< ref self-hosted-overview >}})<br />[Kubernetes overview]({{< ref kubernetes-overview >}})
| Self-hosted | Windows/macOS/Linux machine(s) where you can run your applications with Dapr. Dapr provides capabilities to run on machines in "self-hosted" mode. | [Self-hosted mode]({{< ref self-hosted-overview.md >}})
| Service | A running application or binary. Can be used to refer to your application, or a Dapr application.
| Sidecar | A program that runs alongside your application as a separate process or container. | [Sidecar pattern](https://docs.microsoft.com/en-us/azure/architecture/patterns/sidecar)

2
daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-publish-subscribe.md
View File

@ -79,7 +79,7 @@ spec:
Dapr allows two methods by which you can subscribe to topics:
- **Declaratively**, where subscriptions are are defined in an external file.
- **Declaratively**, where subscriptions are defined in an external file.
- **Programmatically**, where subscriptions are defined in user code.
{{% alert title="Note" color="primary" %}}

19
daprdocs/content/en/getting-started/get-started-api.md
View File

@ -11,7 +11,7 @@ You will now run the sidecar and call the API directly (simulating what an appli
## Step 1: Run the Dapr sidecar
One the most useful Dapr CLI commands is [`dapr run`]({{< ref dapr-run.md >}}). This command launches an application together with a sidecar. For the purpose of this tutorial you'll run the sidecar without an application.
One of the most useful Dapr CLI commands is [`dapr run`]({{< ref dapr-run.md >}}). This command launches an application together with a sidecar. For the purpose of this tutorial you'll run the sidecar without an application.
Run the following command to launch a Dapr sidecar that will listen on port 3500 for a blank application named myapp:
@ -23,7 +23,20 @@ With this command, no custom component folder was defined, so Dapr uses the defa
## Step 2: Save state
In a separate terminal run:
We will now update the state with an object. The new state will look like this:
```json
[
{
"key": "name",
"value": "Bruce Wayne"
}
]
```
Notice, the object contained in the state has a `key` assigned with the value `name`. You will use the key in the next step.
Run the command shown below to store the new state.
{{< tabs "HTTP API (Bash)" "HTTP API (PowerShell)">}}
{{% codetab %}}
@ -44,7 +57,7 @@ Invoke-RestMethod -Method Post -ContentType 'application/json' -Body '[{ "key":
## Step 3: Get state
Now get the state you just stored using a key with the state management API:
Now get the object you just stored in the state by using the state management API with the key `name`:
{{< tabs "HTTP API (Bash)" "HTTP API (PowerShell)">}}

22
daprdocs/content/en/operations/hosting/self-hosted/self-hosted-overview.md
View File

@ -3,15 +3,25 @@ type: docs
title: "Overview of Dapr in self-hosted mode"
linkTitle: "Overview"
weight: 10000
description: "Overview of how to get Dapr running on your local machine"
description: "Overview of how to get Dapr running on a Windows/Linux/MacOS machine"
---
Dapr can be configured to run on your local developer machine in self hosted mode. Each running service has a Dapr runtime process (or sidecar) which is configured to use state stores, pub/sub, binding components and the other building blocks.
## Overview
In self hosted mode, Redis is running locally in a container and is configured to serve as both the default component for state store and for pub/sub. A Zipkin container is also configured for diagnostics and tracing. After running `dapr init`, see the `$HOME/.dapr/components` directory (Mac/Linux) or `%USERPROFILE%\.dapr\components` on Windows.
Dapr can be configured to run in self-hosted mode on your local developer machine or on production VMs. Each running service has a Dapr runtime process (or sidecar) which is configured to use state stores, pub/sub, binding components and the other building blocks.
The `dapr-placement` service is responsible for managing the actor distribution scheme and key range settings. This service is only required if you are using Dapr actors. For more information on the actor `Placement` service read [actor overview]({{< ref "actors-overview.md" >}}).
## Initialization
<img src="/images/overview_standalone.png" width=800>
Dapr can be initialized [with Docker]({{< ref self-hosted-with-docker.md >}}) (default) or in [slim-init mode]({{< ref self-hosted-no-docker.md >}}). The default Docker setup provides out of the box functionality with the following containers and configuration:
- A Redis container configured to serve as the default component for both state management and publish/subscribe.
- A Zipkin container for diagnostics and tracing.
- A default Dapr configuration and components installed in `$HOME/.dapr/` (Mac/Linux) or `%USERPROFILE%\.dapr\` (Windows).
The `dapr-placement` service is responsible for managing the actor distribution scheme and key range settings. This service is not launched as a container and is only required if you are using Dapr actors. For more information on the actor `Placement` service read [actor overview]({{< ref "actors-overview.md" >}}).
<img src="/images/overview-standalone-docker.png" width=1000 alt="Diagram of Dapr in self-hosted Docker mode" />
## Launching applications with Dapr
You can use the [`dapr run` CLI command]({{< ref dapr-run.md >}}) to a Dapr sidecar process along with your application.
You can use the [Dapr CLI](https://github.com/dapr/cli#launch-dapr-and-your-app) to run a Dapr enabled application on your local machine.

108
daprdocs/content/en/operations/hosting/self-hosted/self-hosted-with-docker.md
View File

@ -6,58 +6,59 @@ weight: 20000
description: "How to deploy and run Dapr in self-hosted mode using Docker"
---
This article provides guidance on running Dapr with Docker outside of Kubernetes. There are a number of different configurations in which you may wish to run Dapr with Docker that are documented below.
This article provides guidance on running Dapr with Docker on a Windows/Linux/macOS machine or VM.
## Prerequisites
- [Dapr CLI]({{< ref install-dapr-cli.md >}})
- [Docker](https://docs.docker.com/get-docker/)
- [Docker-Compose](https://docs.docker.com/compose/install/) (optional)
## Select a Docker image
Dapr provides a number of prebuilt Docker images for different components, you should select the relevant image for your desired binary, architecture, and tag/version.
## Initialize Dapr environment
### Images
There are published Docker images for each of the Dapr components available on [Docker Hub](https://hub.docker.com/u/daprio).
- [daprio/dapr](https://hub.docker.com/r/daprio/dapr) (contains all Dapr binaries)
- [daprio/daprd](https://hub.docker.com/r/daprio/daprd)
- [daprio/placement](https://hub.docker.com/r/daprio/placement)
- [daprio/sentry](https://hub.docker.com/r/daprio/sentry)
- [daprio/dapr-dev](https://hub.docker.com/r/daprio/dapr-dev)
To initialize the Dapr control-plane containers and create a default configuration file, run:
### Tags
#### Linux/amd64
- `latest`: The latest release version, **ONLY** use for development purposes.
- `edge`: The latest edge build (master).
- `major.minor.patch`: A release version.
- `major.minor.patch-rc.iteration`: A release candidate.
#### Linux/arm/v7
- `latest-arm`: The latest release version for ARM, **ONLY** use for development purposes.
- `edge-arm`: The latest edge build for ARM (master).
- `major.minor.patch-arm`: A release version for ARM.
- `major.minor.patch-rc.iteration-arm`: A release candidate for ARM.
```bash
dapr init
```
## Run app as a process
> For development purposes ONLY
## Run both app and sidecar as a process
The [`dapr run` CLI command]({{< ref dapr-run.md >}}) can be used to launch a Dapr sidecar along with your application:
```bash
dapr run --app-id myapp --app-port 5000 -- dotnet run
```
This command will launch both the daprd sidecar binary and run `dotnet run`, launching your application.
## Run app as a process and sidecar as a Docker container
Alternately, if you are running Dapr in a Docker container and your app as a process on the host machine, then you need to configure Docker to use the host network so that Dapr and the app can share a localhost network interface.
{{% alert title="Note" color="warning" %}}
The host networking driver for Docker is only supported on Linux hosts.
{{% /alert %}}
If you are running your Docker daemon on a Linux host, you can run the following to launch Dapr:
If you are running Dapr in a Docker container and your app as a process on the host machine, then you need to configure
Docker to use the host network so that Dapr and the app can share a localhost network interface. Unfortunately, the host networking driver for Docker is only supported on Linux hosts.
If you are running your Docker daemon on a Linux host, you should be able to run the following to launch Dapr.
```shell
docker run --net="host" --mount type=bind,source="$(pwd)"/components,target=/components daprio/daprd:edge ./daprd -app-id <my-app-id> -app-port <my-app-port>
```
Then you can run your app on the host and they should connect over the localhost network interface.
However, if you are not running your Docker daemon on a Linux host, it is recommended you follow the steps below to run
both your app and the [Dapr runtime in Docker containers using Docker Compose](#run-dapr-in-a-docker-container-using-docker-compose).
## Run app and Dapr in a single Docker container
## Run both app and Dapr in a single Docker container
> For development purposes ONLY
It is not recommended to run both the Dapr runtime and an application inside the same container. However, it is possible to do so for local development scenarios.
In order to do this, you'll need to write a Dockerfile that installs the Dapr runtime, Dapr CLI and your app code.
You can then invoke both the Dapr runtime and your app code using the Dapr CLI.
Below is an example of a Dockerfile which achieves this:
```
```docker
FROM python:3.7.1
# Install dapr CLI
RUN wget -q https://raw.githubusercontent.com/dapr/cli/master/install/install.sh -O - | /bin/bash
@ -79,23 +80,24 @@ Remember that if Dapr needs to communicate with other components i.e. Redis, the
be made accessible to it.
## Run on a Docker network
If you have multiple instances of Dapr running in Docker containers and want them to be able to
communicate with each other i.e. for service invocation, then you'll need to create a shared Docker network
communicate with each other *i.e. for service invocation*, then you'll need to create a shared Docker network
and make sure those Dapr containers are attached to it.
You can create a simple Docker network using
```
You can create a simple Docker network using:
```bash
docker network create my-dapr-network
```
When running your Docker containers, you can attach them to the network using
```
When running your Docker containers, you can attach them to the network using:
```bash
docker run --net=my-dapr-network ...
```
Each container will receive a unique IP on that network and be able to communicate with other containers on that network.
## Run using Docker-Compose
[Docker Compose](https://docs.docker.com/compose/) can be used to define multi-container application
configurations. If you wish to run multiple apps with Dapr sidecars locally without Kubernetes then it is recommended to use a Docker Compose definition (`docker-compose.yml`).
[Docker Compose](https://docs.docker.com/compose/) can be used to define multi-container application configurations. If you wish to run multiple apps with Dapr sidecars locally without Kubernetes then it is recommended to use a Docker Compose definition (`docker-compose.yml`).
The syntax and tooling of Docker Compose is outside the scope of this article, however, it is recommended you refer to the [offical Docker documentation](https://docs.docker.com/compose/) for further details.
@ -143,7 +145,31 @@ services:
To further learn how to run Dapr with Docker Compose, see the [Docker-Compose Sample](https://github.com/dapr/samples/tree/master/hello-docker-compose).
## Run on Kubernetes
If your deployment target is Kubernetes then you're probably better of running your applicaiton and Dapr sidecars directly on
a Kubernetes platform. Running Dapr on Kubernetes is a first class experience and is documented separately. Please refer to the
[Dapr on Kubernetes docs]({{< ref "kubernetes-overview.md" >}})
If your deployment target is Kubernetes please use Dapr's first-class integration. Refer to the
[Dapr on Kubernetes docs]({{< ref "kubernetes-overview.md" >}}).
## Docker images
Dapr provides a number of prebuilt Docker images for different components, you should select the relevant image for your desired binary, architecture, and tag/version.
### Images
There are published Docker images for each of the Dapr components available on [Docker Hub](https://hub.docker.com/u/daprio).
- [daprio/dapr](https://hub.docker.com/r/daprio/dapr) (contains all Dapr binaries)
- [daprio/daprd](https://hub.docker.com/r/daprio/daprd)
- [daprio/placement](https://hub.docker.com/r/daprio/placement)
- [daprio/sentry](https://hub.docker.com/r/daprio/sentry)
- [daprio/dapr-dev](https://hub.docker.com/r/daprio/dapr-dev)
### Tags
#### Linux/amd64
- `latest`: The latest release version, **ONLY** use for development purposes.
- `edge`: The latest edge build (master).
- `major.minor.patch`: A release version.
- `major.minor.patch-rc.iteration`: A release candidate.
#### Linux/arm/v7
- `latest-arm`: The latest release version for ARM, **ONLY** use for development purposes.
- `edge-arm`: The latest edge build for ARM (master).
- `major.minor.patch-arm`: A release version for ARM.
- `major.minor.patch-rc.iteration-arm`: A release candidate for ARM.

2
daprdocs/content/en/operations/support/support-release-policy.md
View File

@ -2,7 +2,7 @@
type: docs
title: "Supported releases"
linkTitle: "Supported releases"
weight: 1000
weight: 2000
description: "Release support and upgrade policies "
---

15
daprdocs/content/en/operations/support/support-security-issues.md Normal file
View File

@ -0,0 +1,15 @@
---
type: docs
title: "Reporting security issues"
linkTitle: "Reporting security issues "
weight: 3000
description: "How to report a security concern or vulnerability to the Dapr maintainers."
---
The Dapr organization and team makes security a central focus of how we operate and design our software. From the Dapr binaries to the GitHub release processes, we take numerous steps to ensure user applications and data is secure. For more information visit the [security page]({{< ref security-concept.md >}}).
## Reporting security issues
To report a security issue, please privately email the [Dapr Maintainers (dapr@dapr.io)](mailto:dapr@dapr.io?subject=[Security%20Disclosure]:%20ISSUE%20TITLE)
The Dapr maintainers will triage and respond ASAP and then patch and send an annoucement within 30 days.

2
daprdocs/content/en/operations/support/support-versioning.md
View File

@ -2,7 +2,7 @@
type: docs
title: "Versioning policy"
linkTitle: "Versioning "
weight: 2000
weight: 1000
description: "Dapr's versioning policies"
---

2
daprdocs/content/en/reference/components-reference/supported-pubsub/setup-pulsar.md
View File

@ -31,7 +31,7 @@ spec:
| Field | Required | Details | Example |
|--------------------|:--------:|---------|---------|
| host | Y | Address of the Pulsar broker. Default is `"localhost:6650"` | `"localhost:6650"`
| enableTLS | Y | Enable TLS. Default: `"false"` | `"true"`, `"false"`
| enableTLS | N | Enable TLS. Default: `"false"` | `"true"`, `"false"`
## Create a Pulsar instance

37
daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md
View File

@ -33,6 +33,7 @@ spec:
value: "[your_service_principal_tenant_id]"
- name: spnClientId
value: "[your_service_principal_app_id]"
value : "[pfx_certificate_contents]"
- name: spnCertificateFile
value : "[pfx_certificate_file_fully_qualified_local_path]"
```
@ -42,12 +43,25 @@ The above example uses secrets as plain strings. It is recommended to use a loca
## Spec metadata fields
| Field | Required | Details | Example |
|--------------------|:--------:|-------------------------------------------------------------------------|--------------------------|
| vaultName | Y | The name of the Azure Key Vault | `"mykeyvault"` |
| spnTenantId | Y | Service Principal Tenant Id | `"spnTenantId"` |
| spnClientId | Y | Service Principal App Id | `"spnAppId"` |
| spnCertificateFile | Y | PFX certificate file path. <br></br> For Windows the `[pfx_certificate_file_fully_qualified_local_path]` value must use escaped backslashes, i.e. double backslashes. For example `"C:\\folder1\\folder2\\certfile.pfx"`. <br></br> For Linux you can use single slashes. For example `"/folder1/folder2/certfile.pfx"`. <br></br> See [configure the component](#configure-the-component) for more details | `"C:\\folder1\\folder2\\certfile.pfx"`, `"/folder1/folder2/certfile.pfx"` |
### Self-Hosted
| Field | Required | Details | Example |
|--------------------|:--------:|---------|---------|
| vaultName | Y | The name of the Azure Key Vault | `"mykeyvault"`
| spnTenantId | Y | Service Principal Tenant Id | `"spnTenantId"`
| spnClientId | Y | Service Principal App Id | `"spnAppId"`
| spnCertificateFile | Y | PFX certificate file path. <br></br> For Windows the `[pfx_certificate_file_fully_qualified_local_path]` value must use escaped backslashes, i.e. double backslashes. For example `"C:\\folder1\\folder2\\certfile.pfx"`. <br></br> For Linux you can use single slashes. For example `"/folder1/folder2/certfile.pfx"`. <br></br> See [configure the component](#configure-the-component) for more details | `"C:\\folder1\\folder2\\certfile.pfx"`, `"/folder1/folder2/certfile.pfx"`
### Kubernetes
| Field | Required | Details | Example |
|----------------|:--------:|---------|---------|
| vaultName | Y | The name of the Azure Key Vault | `"mykeyvault"`
| spnTenantId | Y | Service Principal Tenant Id | `"spnTenantId"`
| spnClientId | Y | Service Principal App Id | `"spnAppId"`
| spnCertificate | Y | PKCS 12 encoded bytes of the certificate. See [configure the component](#configure-the-component) for details on encoding this in a Kubernetes secret. | `secretKeyRef: ...` <br /> See [configure the component](#configure-the-component) for more information.
## Setup Key Vault and service principal
@ -63,7 +77,7 @@ The above example uses secrets as plain strings. It is recommended to use a loca
```bash
# Log in Azure
az login
# Set your subscription to the default subscription
az account set -s [your subscription id]
```
@ -80,7 +94,7 @@ The above example uses secrets as plain strings. It is recommended to use a loca
```bash
az ad sp create-for-rbac --name [your_service_principal_name] --create-cert --cert [certificate_name] --keyvault [your_keyvault] --skip-assignment --years 1
{
"appId": "a4f90000-0000-0000-0000-00000011d000",
"displayName": "[your_service_principal_name]",
@ -96,7 +110,7 @@ The above example uses secrets as plain strings. It is recommended to use a loca
```bash
az ad sp show --id [service_principal_app_id]
{
...
"objectId": "[your_service_principal_object_id]",
@ -165,11 +179,12 @@ In Kubernetes, you store the certificate for the service principal into the Kube
1. Create a kubernetes secret using the following command:
```bash
kubectl create secret generic [your_k8s_spn_secret_name] --from-file=[pfx_certificate_file_fully_qualified_local_path]
kubectl create secret generic [your_k8s_spn_secret_name] --from-file=[your_k8s_spn_secret_key]=[pfx_certificate_file_fully_qualified_local_path]
```
- `[pfx_certificate_file_fully_qualified_local_path]` is the path of PFX cert file you downloaded above
- `[your_k8s_spn_secret_name]` is secret name in Kubernetes secret store
- `[your_k8s_spn_secret_key]` is secret key in Kubernetes secret store
2. Create a `azurekeyvault.yaml` component file
@ -194,7 +209,7 @@ spec:
- name: spnCertificate
secretKeyRef:
name: [your_k8s_spn_secret_name]
key: [pfx_certificate_file_fully_qualified_local_path]
key: [your_k8s_spn_secret_key]
auth:
secretStore: kubernetes
```

BIN
daprdocs/static/images/overview-sidecar-model.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 110 KiB

BIN
daprdocs/static/images/overview-standalone-docker.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 396 KiB

BIN
daprdocs/static/images/overview_kubernetes.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 103 KiB

After

Width:  |  Height:  |  Size: 250 KiB

BIN
daprdocs/static/images/overview_standalone.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 104 KiB

After

Width:  |  Height:  |  Size: 241 KiB