Merge branch 'v1.11' into issue_1168

Signed-off-by: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com>

daprdocs/content/en/concepts/security-concept.md

@@ -211,6 +211,21 @@ The Dapr threat model is below.
 
 ## Security audit
 
+### September 2023
+
+In September 2023, Dapr completed a security audit done by Ada Logics.
+
+The audit was a holistic security audit with the following goals:
+
+- Formalize a threat model of Dapr
+- Perform manual code review
+- Evaluate Daprs fuzzing suite against the formalized threat model
+- Carry out a SLSA review of Dapr.
+
+You can find the full report [here](/docs/Dapr-september-2023-security-audit-report.pdf).
+
+The audit found 7 issues none of which were of high or critical severity. One CVE was assigned from an issue in a 3rd-party dependency to Dapr Components Contrib
+
 ### June 2023
 
 In June 2023, Dapr completed a fuzzing audit done by Ada Logics.

daprdocs/content/en/developing-applications/building-blocks/actors/actors-overview.md

@@ -20,7 +20,11 @@ Dapr includes a runtime that specifically implements the [Virtual Actor pattern]
 
 Every actor is defined as an instance of an actor type, identical to the way an object is an instance of a class. For example, there may be an actor type that implements the functionality of a calculator and there could be many actors of that type that are distributed on various nodes across a cluster. Each such actor is uniquely identified by an actor ID.
 
-<img src="/images/actor_background_game_example.png" width=400>
+<img src="/images/actor_background_game_example.png" width=400 style="padding-bottom:25px;">
+
+[The following overview video and demo](https://www.youtube.com/live/0y7ne6teHT4?si=dWNgtsp61f3Sjq0n&t=10797) demonstrates how actors in Dapr work. 
+
+<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/0y7ne6teHT4?si=dWNgtsp61f3Sjq0n&amp;start=10797" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
 
 ## Dapr actors vs. Dapr Workflow
 
@@ -98,6 +102,10 @@ The functionality of timers and reminders is very similar. The main difference i
 
 This distinction allows users to trade off between light-weight but stateless timers vs. more resource-demanding but stateful reminders.
 
+[The following overview video and demo](https://www.youtube.com/live/0y7ne6teHT4?si=2_xX6mkU3UCy2Plr&t=6607) demonstrates how actor timers and reminders work. 
+
+<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/0y7ne6teHT4?si=73VqYUUvNfFw3x5_&amp;start=12184" title="YouTube video player" style="padding-bottom:25px;" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
+
 - [Learn more about actor timers.]({{< ref "actors-features-concepts.md#timers" >}})
 - [Learn more about actor reminders.]({{< ref "actors-features-concepts.md#reminders" >}})
 - [Learn more about timer and reminder error handling and failover.]({{< ref "actors-features-concepts.md#timers-and-reminders-error-handling" >}})

daprdocs/content/en/developing-applications/building-blocks/bindings/bindings-overview.md

@@ -20,7 +20,7 @@ For example, with bindings, your application can respond to incoming Twilio/SMS
 - Adding or configuring a third-party Twilio SDK
 - Worrying about polling from Twilio (or using WebSockets, etc.)
 
-<img src="/images/binding-overview.png" width=1000 alt="Diagram showing bindings">
+<img src="/images/binding-overview.png" width=1000 alt="Diagram showing bindings" style="padding-bottom:25px;">
 
 In the above diagram:
 - The input binding triggers a method on your application. 
@@ -36,6 +36,10 @@ If you are using the HTTP Binding, then it is preferable to use [service invocat
 
 With input bindings, you can trigger your application when an event from an external resource occurs. An optional payload and metadata may be sent with the request.
 
+[The following overview video and demo](https://www.youtube.com/live/0y7ne6teHT4?si=wlmAi7BJBWS8KNK7&t=8261) demonstrates how Dapr input binding works. 
+
+<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/0y7ne6teHT4?si=wlmAi7BJBWS8KNK7&amp;start=8261" title="YouTube video player" style="padding-bottom:25px;" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>  
+
 To receive events from an input binding:
 
 1. Define the component YAML that describes the binding type and its metadata (connection info, etc.).
@@ -54,6 +58,10 @@ Read the [Create an event-driven app using input bindings guide]({{< ref howto-t
 
 With output bindings, you can invoke external resources. An optional payload and metadata can be sent with the invocation request.
 
+[The following overview video and demo](https://www.youtube.com/live/0y7ne6teHT4?si=PoA4NEqL5mqNj6Il&t=7668) demonstrates how Dapr output binding works. 
+
+<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/0y7ne6teHT4?si=PoA4NEqL5mqNj6Il&amp;start=7668" title="YouTube video player" style="padding-bottom:25px;" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>  
+
 To invoke an output binding:
 
 1. Define the component YAML that describes the binding type and its metadata (connection info, etc.).

daprdocs/content/en/developing-applications/building-blocks/pubsub/howto-publish-subscribe.md

@@ -658,6 +658,12 @@ dapr run --app-id orderprocessing --app-port 6001 --dapr-http-port 3601 --dapr-g
 
 In order to tell Dapr that a message was processed successfully, return a `200 OK` response. If Dapr receives any other return status code than `200`, or if your app crashes, Dapr will attempt to redeliver the message following at-least-once semantics.
 
+## Demo video
+
+Watch [this demo video](https://youtu.be/1dqe1k-FXJQ?si=s3gvWxRxeOsmXuE1) to learn more about pub/sub messaging with Dapr.
+
+<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/1dqe1k-FXJQ?si=s3gvWxRxeOsmXuE1" title="YouTube video player" style="padding-bottom:25px;" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
+
 ## Next steps
 
 - Try the [pub/sub tutorial](https://github.com/dapr/quickstarts/tree/master/tutorials/pub-sub).

daprdocs/content/en/developing-applications/building-blocks/pubsub/pubsub-overview.md

@@ -13,7 +13,7 @@ Publish and subscribe (pub/sub) enables microservices to communicate with each o
 
 An intermediary message broker copies each message from a publisher's input channel to an output channel for all subscribers interested in that message. This pattern is especially useful when you need to decouple microservices from one another.
 
-<img src="/images/pubsub-overview-pattern.png" width=1000>
+<img src="/images/pubsub-overview-pattern.png" width=1000 style="padding-bottom:25px;">
 
 <br></br>
 
@@ -32,15 +32,17 @@ When using pub/sub in Dapr:
 1. The pub/sub building block makes calls into a Dapr pub/sub component that encapsulates a specific message broker.
 1. To receive messages on a topic, Dapr subscribes to the pub/sub component on behalf of your service with a topic and delivers the messages to an endpoint on your service when they arrive.
 
+[The following overview video and demo](https://www.youtube.com/live/0y7ne6teHT4?si=FMg2Y7bRuljKism-&t=5384) demonstrates how Dapr pub/sub works. 
+
+<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/0y7ne6teHT4?si=FMg2Y7bRuljKism-&amp;start=5384" title="YouTube video player" style="padding-bottom:25px;" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
+
 In the diagram below, a "shipping" service and an "email" service have both subscribed to topics published by a "cart" service. Each service loads pub/sub component configuration files that point to the same pub/sub message broker component; for example: Redis Streams, NATS Streaming, Azure Service Bus, or GCP pub/sub.
 
-<img src="/images/pubsub-overview-components.png" width=1000>
+<img src="/images/pubsub-overview-components.png" width=1000 style="padding-bottom:25px;">
-<br></br>
 
 In the diagram below, the Dapr API posts an "order" topic from the publishing "cart" service to "order" endpoints on the "shipping" and "email" subscribing services.
 
-<img src="/images/pubsub-overview-publish-API.png" width=1000>
+<img src="/images/pubsub-overview-publish-API.png" width=1000 style="padding-bottom:25px;">
-<br></br>
 
 [View the complete list of pub/sub components that Dapr supports]({{< ref supported-pubsub >}}).
 

daprdocs/content/en/developing-applications/building-blocks/secrets/secrets-overview.md

@@ -18,6 +18,10 @@ Dapr's dedicated secrets building block API makes it easier for developers to co
 1. Retrieve secrets using the Dapr secrets API in the application code.
 1. Optionally, reference secrets in Dapr component files.
 
+[The following overview video and demo](https://www.youtube.com/live/0y7ne6teHT4?si=3bmNSSyIEIVSF-Ej&t=9931) demonstrates how Dapr secrets management works. 
+
+<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/0y7ne6teHT4?si=3bmNSSyIEIVSF-Ej&amp;start=9931" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
+
 ## Features
 
 The secrets management API building block brings several features to your application.

daprdocs/content/en/developing-applications/building-blocks/service-invocation/howto-invoke-non-dapr-endpoints.md

@@ -70,7 +70,7 @@ There are two ways to invoke a non-Dapr endpoint when communicating either to Da
     ```
 
 ### Using appId when calling Dapr enabled applications
-AppIDs are always used to call Dapr applications with the `appID` and `my-method. Read the [How-To: Invoke services using HTTP]({{< ref howto-invoke-discover-services.md >}}) guide for more information. For example:
+AppIDs are always used to call Dapr applications with the `appID` and `my-method``. Read the [How-To: Invoke services using HTTP]({{< ref howto-invoke-discover-services.md >}}) guide for more information. For example:
 
 ```sh
 localhost:3500/v1.0/invoke/<appID>/method/<my-method>

daprdocs/content/en/developing-applications/building-blocks/service-invocation/service-invocation-overview.md

@@ -8,7 +8,7 @@ description: "Overview of the service invocation API building block"
 
 Using service invocation, your application can reliably and securely communicate with other applications using the standard [gRPC](https://grpc.io) or [HTTP](https://www.w3.org/Protocols/) protocols.
 
-In many microservice-based applications multiple services need the ability to communicate with one another. This inter-service communication requires that application developers handle problems like:
+In many microservice-based applications, multiple services need the ability to communicate with one another. This inter-service communication requires that application developers handle problems like:
 
 - **Service discovery.** How do I discover my different services?
 - **Standardizing API calls between services.** How do I invoke methods between services?
@@ -25,6 +25,10 @@ Dapr uses a sidecar architecture. To invoke an application using Dapr:
 - Each application communicates with its own instance of Dapr. 
 - The Dapr instances discover and communicate with each other.
 
+[The following overview video and demo](https://www.youtube.com/live/0y7ne6teHT4?si=mtLMrajE5wVXJYz8&t=3598) demonstrates how Dapr service invocation works. 
+
+<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/0y7ne6teHT4?si=Flsd8PRlF8nYu693&amp;start=3598" title="YouTube video player" style="padding-bottom:25px;" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
+
 The diagram below is an overview of how Dapr's service invocation works between two Dapr-ized applications.
 
 <img src="/images/service-invocation-overview.png" width=800 alt="Diagram showing the steps of service invocation">
@@ -61,7 +65,6 @@ In the event of call failures and transient errors, service invocation provides
 
 By default, all calls between applications are traced and metrics are gathered to provide insights and diagnostics for applications. This is especially important in production scenarios, providing call graphs and metrics on the calls between your services. For more information read about [observability]({{< ref observability-concept.md >}}).
 
-
 ### Access control
 
 With access policies, applications can control:
@@ -83,7 +86,7 @@ Dapr provides round robin load balancing of service invocation requests with the
 
 The diagram below shows an example of how this works. If you have 1 instance of an application with app ID `FrontEnd` and 3 instances of application with app ID `Cart` and you call from `FrontEnd` app to `Cart` app, Dapr round robins' between the 3 instances. These instance can be on the same machine or on different machines. .
 
-<img src="/images/service-invocation-mdns-round-robin.png" width=600 alt="Diagram showing the steps of service invocation">
+<img src="/images/service-invocation-mdns-round-robin.png" width=600 alt="Diagram showing the steps of service invocation" style="padding-bottom:25px;">
 
 **Note**: App ID is unique per _application_, not application instance. Regardless how many instances of that application exist (due to scaling), all of them will share the same app ID.
 
@@ -97,7 +100,7 @@ Following the above call sequence, suppose you have the applications as describe
 
 The diagram below shows sequence 1-7 again on a local machine showing the API calls:
 
-<img src="/images/service-invocation-overview-example.png" width=800 />
+<img src="/images/service-invocation-overview-example.png" width=800 style="padding-bottom:25px;">
 
 1. The Node.js app has a Dapr app ID of `nodeapp`. The python app invokes the Node.js app's `neworder` method by POSTing `http://localhost:3500/v1.0/invoke/nodeapp/method/neworder`, which first goes to the python app's local Dapr sidecar.
 2. Dapr discovers the Node.js app's location using name resolution component (in this case mDNS while self-hosted) which runs on your local machine.

daprdocs/content/en/developing-applications/building-blocks/state-management/state-management-overview.md

@@ -11,7 +11,11 @@ Your application can use Dapr's state management API to save, read, and query ke
 - Use **HTTP POST** to save or query key/value pairs.
 - Use **HTTP GET** to read a specific key and have its value returned.
 
-<img src="/images/state-management-overview.png" width=1000>
+<img src="/images/state-management-overview.png" width=1000 style="padding-bottom:25px;">
+
+[The following overview video and demo](https://www.youtube.com/live/0y7ne6teHT4?si=2_xX6mkU3UCy2Plr&t=6607) demonstrates how Dapr state management works. 
+
+<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/0y7ne6teHT4?si=2_xX6mkU3UCy2Plr&amp;start=6607" title="YouTube video player" style="padding-bottom:25px;" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
 
 ## Features
 

daprdocs/content/en/developing-applications/local-development/ides/vscode/vscode-how-to-debug-multiple-dapr-apps.md

@@ -176,7 +176,7 @@ Below are the supported parameters for VS Code tasks. These parameters are equiv
 | `appProtocol` | Tells Dapr which protocol your application is using. Valid options are `http`, `grpc`, `https`, `grpcs`, `h2c`. Default is `http`. | No | `"appProtocol": "http"`
 | `args` | Sets a list of arguments to pass on to the Dapr app	 | No | "args": []
 | `componentsPath` | Path for components directory. If empty, components will not be loaded. | No | `"componentsPath": "./components"`
-| `config` | Tells Dapr which Configuration CRD to use | No | `"config": "./config"`
+| `config` | Tells Dapr which Configuration resource to use | No | `"config": "./config"`
 | `controlPlaneAddress` | Address for a Dapr control plane | No | `"controlPlaneAddress": "http://localhost:1366/"`
 | `enableProfiling` | Enable profiling	 | No | `"enableProfiling": false`
 | `enableMtls` | Enables automatic mTLS for daprd to daprd communication channels | No | `"enableMtls": false`

daprdocs/content/en/getting-started/quickstarts/serviceinvocation-quickstart.md

@@ -600,7 +600,7 @@ go build .
 Run the `order-processor` service alongside a Dapr sidecar.
 
 ```bash
-dapr run --app-port 6001 --app-id order-processor --app-protocol http --dapr-http-port 3501 -- go run .
+dapr run --app-port 6006 --app-id order-processor --app-protocol http --dapr-http-port 3501 -- go run .
 ```
 
 Each order is received via an HTTP POST request and processed by the

daprdocs/content/en/operations/components/setup-pubsub/pubsub-namespaces.md

@@ -30,6 +30,10 @@ The table below shows which resources are deployed to which namespaces:
 | Python subscriber       | X           |             |
 | React UI publisher      |             | X           |
 
+{{% alert title="Note" color="primary" %}}
+All pub/sub components support limiting pub/sub topics to specific applications using [namespace or component scopes]({{< ref pubsub-scopes.md >}}). 
+{{% /alert %}}
+
 ## Pre-requisites
 
 * [Dapr installed on Kubernetes]({{< ref "kubernetes-deploy.md" >}}) in any namespace since Dapr works at the cluster level.

daprdocs/content/en/operations/configuration/configuration-overview.md

@@ -18,13 +18,13 @@ A Dapr sidecar can also apply a configuration by using a `--config` flag to the
 
 #### Kubernetes sidecar
 
-In Kubernetes mode the Dapr configuration is a Configuration CRD, that is applied to the cluster. For example:
+In Kubernetes mode the Dapr configuration is a Configuration resource, that is applied to the cluster. For example:
 
 ```bash
 kubectl apply -f myappconfig.yaml
 ```
 
-You can use the Dapr CLI to list the Configuration CRDs
+You can use the Dapr CLI to list the Configuration resources
 
 ```bash
 dapr configurations -k

daprdocs/content/en/operations/configuration/secret-scope.md

@@ -3,12 +3,12 @@ type: docs
 title: "How-To: Limit the secrets that can be read from secret stores"
 linkTitle: "Limit secret store access"
 weight: 3000
-description: "To limit the secrets to which the Dapr application has access, users can define secret scopes by augmenting existing configuration CRD with restrictive permissions."
+description: "To limit the secrets to which the Dapr application has access, users can define secret scopes by augmenting existing configuration resource with restrictive permissions."
 ---
 
 In addition to scoping which applications can access a given component, for example a secret store component (see [Scoping components]({{< ref "component-scopes.md">}})), a named secret store component itself can be scoped to one or more secrets for an application. By defining `allowedSecrets` and/or `deniedSecrets` list, applications can be restricted to access only specific secrets.
 
-Follow [these instructions]({{< ref "configuration-overview.md" >}}) to define a configuration CRD.
+Follow [these instructions]({{< ref "configuration-overview.md" >}}) to define a configuration resource.
 
 ## Configure secrets access
 

daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md

@@ -73,7 +73,7 @@ You can upgrade Dapr using a Helm v3 chart.
 
 As of version 1.0.0 onwards, existing certificate values will automatically be reused when upgrading Dapr using Helm.
 
-> **Note** Helm does not handle upgrading CRDs, so you need to perform that manually. CRDs are backward-compatible and should only be installed forward.
+> **Note** Helm does not handle upgrading resources, so you need to perform that manually. Resources are backward-compatible and should only be installed forward.
 
 1. Upgrade Dapr to version {{% dapr-latest-version long="true" %}}:
 

daprdocs/content/en/operations/observability/_index.md

@@ -6,6 +6,10 @@ weight: 60
 description: See and measure the message calls to components and between networked services
 ---
 
+[The following overview video and demo](https://www.youtube.com/live/0y7ne6teHT4?si=3bmNSSyIEIVSF-Ej&t=9931) demonstrates how observability in Dapr works. 
+
+<iframe width="560" height="315" src="https://www.youtube.com/embed/0y7ne6teHT4?si=iURnLk57t2zN-7zP&amp;start=12653" title="YouTube video player" style="padding-bottom:25px;" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
+
 {{% alert title="More about Dapr Observability" color="primary" %}}
  Learn more about how to use Dapr Observability:
  - Explore observability via any of the supporting [Dapr SDKs]({{< ref sdks >}}). 

daprdocs/content/en/operations/resiliency/resiliency-overview.md

@@ -20,6 +20,14 @@ Policies can then be applied to [targets]({{< ref "targets.md" >}}), which inclu
 
 Additionally, resiliency policies can be [scoped to specific apps]({{< ref "component-scopes.md#application-access-to-components-with-scopes" >}}).
 
+## Demo video
+
+Learn more about [how to write resilient microservices with Dapr](https://youtu.be/uC-4Q5KFq98?si=JSUlCtcUNZLBM9rW).
+
+<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/uC-4Q5KFq98?si=JSUlCtcUNZLBM9rW" title="YouTube video player" style="padding-bottom:25px;" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
+
+## Resiliency policy structure
+
 Below is the general structure of a resiliency policy:
 
 ```yaml
@@ -51,7 +59,7 @@ spec:
       # components and their applied policies here
 ```
 
-### Complete example policy
+## Complete example policy
 
 ```yaml
 apiVersion: dapr.io/v1alpha1

daprdocs/content/en/operations/support/breaking-changes-and-deprecations.md

@@ -15,7 +15,7 @@ Breaking changes are defined as a change to any of the following that cause comp
 - Default configuration value
 - Command line argument
 - Published metric
-- Kubernetes CRD template
+- Kubernetes resource template
 - Publicly accessible API
 - Publicly visible SDK interface, method, class, or attribute
 

daprdocs/content/en/operations/support/support-release-policy.md

@@ -45,6 +45,7 @@ The table below shows the versions of Dapr releases that have been tested togeth
 
 | Release date | Runtime     | CLI  | SDKs  | Dashboard  | Status | Release notes |
 |--------------------|:--------:|:--------|---------|---------|---------|------------|
+| August 31st 2023 | 1.11.3</br>  | 1.11.0 | Java 1.9.0 </br>Go 1.8.0 </br>PHP 1.1.0 </br>Python 1.10.0 </br>.NET 1.11.0 </br>JS 3.1.0 | 0.13.0 | Supported (current) | [v1.11.3 release notes](https://github.com/dapr/dapr/releases/tag/v1.11.3) |
 | July 20th 2023 | 1.11.2</br>  | 1.11.0 | Java 1.9.0 </br>Go 1.8.0 </br>PHP 1.1.0 </br>Python 1.10.0 </br>.NET 1.11.0 </br>JS 3.1.0 | 0.13.0 | Supported (current) | [v1.11.2 release notes](https://github.com/dapr/dapr/releases/tag/v1.11.2) |
 | June 22nd 2023 | 1.11.1</br>  | 1.11.0 | Java 1.9.0 </br>Go 1.8.0 </br>PHP 1.1.0 </br>Python 1.10.0 </br>.NET 1.11.0 </br>JS 3.1.0 | 0.13.0 | Supported (current) | [v1.11.1 release notes](https://github.com/dapr/dapr/releases/tag/v1.11.1) |
 | June 12th 2023 | 1.11.0</br>  | 1.11.0 | Java 1.9.0 </br>Go 1.8.0 </br>PHP 1.1.0 </br>Python 1.10.0 </br>.NET 1.11.0 </br>JS 3.1.0 | 0.13.0 | Supported (current) | [v1.11.0 release notes](https://github.com/dapr/dapr/releases/tag/v1.11.0) |
@@ -121,7 +122,7 @@ General guidance on upgrading can be found for [self hosted mode]({{< ref self-h
 | 1.8.0 to 1.8.6           |                   N/A |                    1.9.6 |
 | 1.9.0                    |                   N/A |                    1.9.6 |
 | 1.10.0                   |                   N/A |                   1.10.8 |
-| 1.11.0                   |                   N/A |                   1.11.2 |
+| 1.11.0                   |                   N/A |                   1.11.3 |
 
 
 ## Upgrade on Hosting platforms

daprdocs/content/en/operations/troubleshooting/common_issues.md

@@ -94,7 +94,7 @@ There are some known cases where this might not properly work:
   
 - Make sure the kube api server can reach the following webhooks services:
   - [Sidecar Mutating Webhook Injector Service](https://github.com/dapr/dapr/blob/44235fe8e8799589bb393a3124d2564db2dd6885/charts/dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_deployment.yaml#L157) at port __4000__ that is served from the sidecar injector.
-  - [CRD Conversion Webhook Service](https://github.com/dapr/dapr/blob/44235fe8e8799589bb393a3124d2564db2dd6885/charts/dapr/charts/dapr_operator/templates/dapr_operator_service.yaml#L28) at port __19443__ that is served from the operator.
+  - [Resource Conversion Webhook Service](https://github.com/dapr/dapr/blob/44235fe8e8799589bb393a3124d2564db2dd6885/charts/dapr/charts/dapr_operator/templates/dapr_operator_service.yaml#L28) at port __19443__ that is served from the operator.
   
   Check with your cluster administrators to setup allow ingress
   rules to the above ports, __4000__ and __19443__, in the cluster from the kube api servers. 

daprdocs/content/en/reference/arguments-annotations-overview.md

@@ -17,7 +17,7 @@ This table is meant to help users understand the equivalent options for running
 | `--app-port` | `--app-port` | `-p` | `dapr.io/app-port` | This parameter tells Dapr which port your application is listening on |
 | `--components-path`  | `--components-path` | `-d` | not supported | **Deprecated** in favor of `--resources-path` |
 | `--resources-path`  | `--resources-path` | `-d` | not supported | Path for components directory. If empty, components will not be loaded. |
-| `--config`  | `--config` | `-c` | `dapr.io/config` | Tells Dapr which Configuration CRD to use |
+| `--config`  | `--config` | `-c` | `dapr.io/config` | Tells Dapr which Configuration resource to use |
 | `--control-plane-address` | not supported | | not supported | Address for a Dapr control plane |
 | `--dapr-grpc-port` | `--dapr-grpc-port` | | not supported | gRPC port for the Dapr API to listen on (default "50001") |
 | `--dapr-http-port` | `--dapr-http-port` | | not supported | The HTTP port for the Dapr API |

daprdocs/content/en/reference/components-reference/supported-bindings/_index.md

@@ -9,8 +9,10 @@ aliases:
 no_list: true
 ---
 
-Every binding has its own unique set of properties. Click the name link to see the component YAML for each binding.
+The following table lists input and output bindings supported by the Dapr bindings building block. [Learn how to set up different input and output binding components for Dapr bindings.]({{< ref setup-bindings.md >}})
 
 {{< partial "components/description.html" >}}
 
+Every binding component has its own set of properties. Click the name link to see the component specification for each binding.
+
 {{< partial "components/bindings.html" >}}

daprdocs/content/en/reference/components-reference/supported-configuration-stores/azure-appconfig-configuration-store.md

@@ -40,7 +40,7 @@ spec:
   - name: azureCertificateFile # Optional
     value : "[pfx_certificate_file_fully_qualified_local_path]"
   - name: subscribePollInterval # Optional
-    value: #Optional [Expected format example - 86400000000000]
+    value: #Optional [Expected format example - 30s]
 
 ```
 
@@ -55,9 +55,9 @@ The above example uses secrets as plain strings. It is recommended to use a secr
 | connectionString  | Y*       | Connection String for the Azure App Configuration instance. No Default. Can be `secretKeyRef` to use a secret reference. *Mutally exclusive with host field. *Not to be used when [Azure Authentication](https://docs.dapr.io/developing-applications/integrations/azure/authenticating-azure/) is used  | `Endpoint=https://foo.azconfig.io;Id=osOX-l9-s0:sig;Secret=00000000000000000000000000000000000000000000`
 | host              | N*       | Endpoint for the Azure App Configuration instance. No Default. *Mutally exclusive with connectionString field. *To be used when [Azure Authentication](https://docs.dapr.io/developing-applications/integrations/azure/authenticating-azure/) is used | `https://dapr.azconfig.io`
 | maxRetries                 | N        | Maximum number of retries before giving up. Defaults to `3` | `5`, `10`
-| retryDelay                 | N        | RetryDelay specifies the initial amount of delay to use before retrying an operation. The delay increases exponentially with each retry up to the maximum specified by MaxRetryDelay. Defaults to `4` seconds; `"-1"` disables delay between retries. | `4000000000`
+| retryDelay                 | N        | RetryDelay specifies the initial amount of delay to use before retrying an operation. The delay increases exponentially with each retry up to the maximum specified by MaxRetryDelay. Defaults to `4` seconds; `"-1"` disables delay between retries. | `4s`
-| maxRetryDelay              | N        | MaxRetryDelay specifies the maximum delay allowed before retrying an operation. Typically the value is greater than or equal to the value specified in RetryDelay. Defaults to `120` seconds; `"-1"` disables the limit | `120000000000`
+| maxRetryDelay              | N        | MaxRetryDelay specifies the maximum delay allowed before retrying an operation. Typically the value is greater than or equal to the value specified in RetryDelay. Defaults to `120` seconds; `"-1"` disables the limit | `120s`
-| subscribePollInterval      | N        | subscribePollInterval specifies the poll interval in nanoseconds for polling the subscribed keys for any changes. This will be updated in the future to Go Time format. Default polling interval is set to `24` hours. | `86400000000000`
+| subscribePollInterval      | N        | subscribePollInterval specifies the poll interval in nanoseconds for polling the subscribed keys for any changes. This will be updated in the future to Go Time format. Default polling interval is set to `24` hours. | `30s`
 
 **Note**: either `host` or `connectionString` must be specified.
 

daprdocs/content/en/reference/components-reference/supported-middleware/_index.md

@@ -8,6 +8,9 @@ no_list: true
 aliases:
 - /developing-applications/middleware/supported-middleware/
 ---
+
+The following table lists middleware components supported by Dapr. [Learn how to customize processing pipelines and set up middleware components.]({{< ref "middleware.md" >}})
+
 {{< partial "components/description.html" >}}
 
 {{< partial "components/middleware.html" >}}

daprdocs/content/en/reference/components-reference/supported-pubsub/_index.md

@@ -9,6 +9,8 @@ aliases:
 no_list: true
 ---
 
+The following table lists publish and subscribe brokers supported by the Dapr pub/sub building block. [Learn how to set up different brokers for Dapr publish and subscribe.]({{< ref setup-pubsub.md >}})
+
 {{< partial "components/description.html" >}}
 
 {{< partial "components/pubsub.html" >}}

daprdocs/content/en/reference/components-reference/supported-pubsub/setup-apache-kafka.md

@@ -60,7 +60,7 @@ spec:
 | brokers             | Y | A comma-separated list of Kafka brokers. | `"localhost:9092,dapr-kafka.myapp.svc.cluster.local:9093"`
 | consumerGroup       | N | A kafka consumer group to listen on. Each record published to a topic is delivered to one consumer within each consumer group subscribed to the topic. | `"group1"`
 | consumerID       | N | Consumer ID (consumer tag) organizes one or more consumers into a group. Consumers with the same consumer ID work as one virtual consumer; for example, a message is processed only once by one of the consumers in the group. If the `consumerID` is not provided, the Dapr runtime set it to the Dapr application ID (`appID`) value. | `"channel1"`
-| clientID            | N | A user-provided string sent with every request to the Kafka brokers for logging, debugging, and auditing purposes. Defaults to `"sarama"`. | `"my-dapr-app"`
+| clientID            | N | A user-provided string sent with every request to the Kafka brokers for logging, debugging, and auditing purposes. Defaults to `"namespace.appID"` for Kubernetes mode or `"appID"` for Self-Hosted mode. | `"my-namespace.my-dapr-app"`, `"my-dapr-app"`
 | authRequired        | N | *Deprecated* Enable [SASL](https://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer) authentication with the Kafka brokers. | `"true"`, `"false"`
 | authType            | Y | Configure or disable authentication. Supported values: `none`, `password`, `mtls`, or `oidc` | `"password"`, `"none"`
 | saslUsername        | N | The SASL username used for authentication. Only required if `authType` is set to `"password"`. | `"adminuser"`

daprdocs/content/en/reference/components-reference/supported-pubsub/setup-rabbitmq.md

@@ -60,6 +60,8 @@ spec:
     value: fanout
   - name: saslExternal
     value: false
+  - name: ttlInSeconds
+    value: 60
 ```
 
 {{% alert title="Warning" color="warning" %}}
@@ -90,9 +92,10 @@ The above example uses secrets as plain strings. It is recommended to use a secr
 | maxLenBytes      | N        | Maximum length in bytes of a queue and its dead letter queue (if dead letter enabled). If both `maxLen` and `maxLenBytes` are set then both will apply; whichever limit is hit first will be enforced.  Defaults to no limit. | `"1048576"` |
 | exchangeKind      | N        | Exchange kind of the rabbitmq exchange.  Defaults to `"fanout"`. | `"fanout"`,`"topic"` |
 | saslExternal      | N        | With TLS, should the username be taken from an additional field (for example, CN). See [RabbitMQ Authentication Mechanisms](https://www.rabbitmq.com/access-control.html#mechanisms).  Defaults to `"false"`. | `"true"`, `"false"` |
-| caCert | Required for using TLS | Input/Output | Certificate Authority (CA) certificate in PEM format for verifying server TLS certificates. | `"-----BEGIN CERTIFICATE-----\n<base64-encoded DER>\n-----END CERTIFICATE-----"`
+| ttlInSeconds      | N        | Set message TTL at the component level, which can be overwritten by message level TTL per request. | `"60"` |
-| clientCert  | Required for using TLS | Input/Output | TLS client certificate in PEM format. Must be used with `clientKey`. | `"-----BEGIN CERTIFICATE-----\n<base64-encoded DER>\n-----END CERTIFICATE-----"`
+| caCert | Required for using TLS | Certificate Authority (CA) certificate in PEM format for verifying server TLS certificates. | `"-----BEGIN CERTIFICATE-----\n<base64-encoded DER>\n-----END CERTIFICATE-----"`
-| clientKey | Required for using TLS | Input/Output | TLS client key in PEM format. Must be used with `clientCert`. Can be `secretKeyRef` to use a secret reference. | `"-----BEGIN RSA PRIVATE KEY-----\n<base64-encoded PKCS8>\n-----END RSA PRIVATE KEY-----"`
+| clientCert  | Required for using TLS | TLS client certificate in PEM format. Must be used with `clientKey`. | `"-----BEGIN CERTIFICATE-----\n<base64-encoded DER>\n-----END CERTIFICATE-----"`
+| clientKey | Required for using TLS  | TLS client key in PEM format. Must be used with `clientCert`. Can be `secretKeyRef` to use a secret reference. | `"-----BEGIN RSA PRIVATE KEY-----\n<base64-encoded PKCS8>\n-----END RSA PRIVATE KEY-----"`
 
 
 ## Communication using TLS
@@ -409,6 +412,14 @@ client.PublishEvent(ctx, PUBSUB_NAME, TOPIC_NAME, []byte(strconv.Itoa(orderId)),
 
 {{< /tabs >}}
 
+## Time-to-live
+
+You can set a time-to-live (TTL) value at either the message or component level. Set default component-level TTL using the component spec `ttlInSeconds` field in your component. 
+
+{{% alert title="Note" color="primary" %}}
+If you set both component-level and message-level TTL, the default component-level TTL is ignored in favor of the message-level TTL.
+{{% /alert %}}
+
 ## Related links
 
 - [Basic schema for a Dapr component]({{< ref component-schema >}}) in the Related links section

daprdocs/content/en/reference/components-reference/supported-secret-stores/_index.md

@@ -9,6 +9,8 @@ aliases:
 no_list: true
 ---
 
+The following table lists secret stores supported by the Dapr secrets building block. [Learn how to set up different secret stores for Dapr secrets management.]({{< ref setup-secret-store.md >}})
+
 {{< partial "components/description.html" >}}
 
 {{< partial "components/secret-stores.html" >}}

daprdocs/content/en/reference/components-reference/supported-state-stores/_index.md

@@ -9,10 +9,12 @@ aliases:
 no_list: true
 ---
 
+The following table lists state stores supported, at various levels, by the Dapr state management building block. [Learn how to set up different state stores for Dapr state management.]({{< ref setup-state-store.md >}})
+
 {{< partial "components/description.html" >}}
 
-The following stores are supported, at various levels, by the Dapr state management building block:
+{{% alert title="Note" color="primary" %}}
-
+State stores can be used for actors if it supports both transactional operations and ETag.
-> State stores can be used for actors if it supports both transactional operations and etag.
+{{% /alert %}}
 
 {{< partial "components/state-stores.html" >}}

daprdocs/content/en/reference/resource-specs/component-schema.md

@@ -6,7 +6,7 @@ weight: 1000
 description: "The basic spec for a Dapr component"
 ---
 
-Dapr defines and registers components using a [CustomResourceDefinition](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/). All components are defined as a CRD and can be applied to any hosting environment where Dapr is running, not just Kubernetes.
+Dapr defines and registers components using a [resource specifications](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/). All components are defined as a resource and can be applied to any hosting environment where Dapr is running, not just Kubernetes.
 
 ## Format
 
@@ -31,7 +31,7 @@ spec:
 | Field              | Required | Details | Example |
 |--------------------|:--------:|---------|---------|
 | apiVersion         | Y        | The version of the Dapr (and Kubernetes if applicable) API you are calling | `dapr.io/v1alpha1`
-| kind               | Y        | The type of CRD. For components is must always be `Component` | `Component`
+| kind               | Y        | The type of resource. For components is must always be `Component` | `Component`
 | **metadata**       | -        | **Information about the component registration** |
 | metadata.name      | Y        | The name of the component | `prod-statestore`
 | metadata.namespace | N        | The namespace for the component for hosting environments with namespaces | `myapp-namespace`
@@ -76,7 +76,7 @@ spec:
       value: "false"
 ```
 
-## Further reading
+## Related links
 - [Components concept]({{< ref components-concept.md >}})
 - [Reference secrets in component definitions]({{< ref component-secrets.md >}})
 - [Supported state stores]({{< ref supported-state-stores >}})

daprdocs/content/en/reference/resource-specs/httpendpoints-schema.md

@@ -38,4 +38,8 @@ auth: # Optional
 | Field              | Required | Details | Example |
 |--------------------|:--------:|---------|---------|
 | baseUrl            | Y        | Base URL of the non-Dapr endpoint | `"https://api.github.com"`, `"http://api.github.com"`
-| headers            | N        | HTTP request headers for service invocation | `name: "Accept-Language" value: "en-US"` <br/> `name: "Authorization" secretKeyRef.name: "my-secret" secretKeyRef.key: "myGithubToken" `
+| headers            | N        | HTTP request headers for service invocation | `name: "Accept-Language" value: "en-US"` <br/> `name: "Authorization" secretKeyRef.name: "my-secret" secretKeyRef.key: "myGithubToken" `
+
+## Related links
+
+[Learn how to invoke non-Dapr endpoints.]({{< ref howto-invoke-non-dapr-endpoints.md >}})

daprdocs/layouts/partials/components/description.html

@@ -1,15 +1,29 @@
-<p>Table captions:</p>
+<p>Table headers to note:</p>
-<blockquote>
+
-    <p><code>Status</code>: <a href="/operations/components/certification-lifecycle/">component certification</a> status</p>
+<table>
-</blockquote>
+    <tr>
-<ul>
+      <th>Header</th>
-    <li><a href="/operations/components/certification-lifecycle/#alpha">Alpha</a></li>
+      <th>Description</th>
-    <li><a href="/operations/components/certification-lifecycle/#beta">Beta</a></li>
+      <th>Example</th>
-    <li><a href="/operations/components/certification-lifecycle/#stable">Stable</a></li>
+    </tr>
-</ul>
+    <tr>
-<blockquote>
+      <td>Status</td>
-    <p><code>Since</code>: the version of the Dapr Runtime in which the component first moved to the current status</p>
+      <td><a href="/operations/components/certification-lifecycle/">Component certification</a> status</td>
-</blockquote>
+      <td>
-<blockquote>
+        <a href="/operations/components/certification-lifecycle/#alpha">Alpha</a><br>
-    <p><code>Component version</code>: the version of the component</p>
+        <a href="/operations/components/certification-lifecycle/#beta">Beta</a><br>
-</blockquote>
+        <a href="/operations/components/certification-lifecycle/#stable">Stable</a><br>
+        </ul>
+      </td>
+    </tr>
+    <tr>
+      <td>Component version</td>
+      <td>The version of the component</td>
+      <td>v1</td>
+    </tr>
+    <tr>
+      <td>Since runtime version</td>
+      <td>The version of the Dapr runtime when the component status was set or updated </td>
+      <td>1.11</td>
+    </tr>
+</table>

daprdocs/layouts/shortcodes/dapr-latest-version.html

@@ -1 +1 @@
-{{- if .Get "short" }}1.11{{ else if .Get "long" }}1.11.2{{ else if .Get "cli" }}1.11.0{{ else }}1.11.2{{ end -}}
+{{- if .Get "short" }}1.11{{ else if .Get "long" }}1.11.3{{ else if .Get "cli" }}1.11.0{{ else }}1.11.3{{ end -}}

daprdocs/layouts/shortcodes/table.html

@@ -0,0 +1,6 @@
+{{ $htmlTable := .Inner | markdownify }}
+{{ $class := .Get 0 | default "" }}
+{{ $old := "<table>" }}
+{{ $new := printf "<table class=\"%s\">" $class }}
+{{ $htmlTable := replace $htmlTable $old $new }}
+{{ $htmlTable | safeHTML }}