Jetstream statestore and auth (#2204)

* Add example for nats jetstream with nkey based authentication Signed-off-by: Tim Burkert <burkert.tim@gmail.com> * Add links to nats jwt authentication Signed-off-by: Tim Burkert <burkert.tim@gmail.com> * Add component reference for jetstream state store Signed-off-by: Tim Burkert <burkert.tim@gmail.com> * Update daprdocs/content/en/reference/components-reference/supported-state-stores/setup-jetstream-kv.md Co-authored-by: Mark Fussell <markfussell@gmail.com> * Improve jetstream kv state store documentation Signed-off-by: Tim Burkert <burkert.tim@gmail.com> * Changing cli to CLI Co-authored-by: Mark Fussell <markfussell@gmail.com>
2022-03-03 06:52:19 +01:00 · 2022-03-03 06:52:19 +01:00 · ed2ce2a007
parent f2cac44482
commit ed2ce2a007
3 changed files with 97 additions and 0 deletions
--- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-jetstream.md
+++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-jetstream.md
@ -25,6 +25,10 @@ spec:
  metadata:
  - name: natsURL
    value: "nats://localhost:4222"
+  - name: jwt
+    value: "eyJhbGciOiJ...6yJV_adQssw5c" # Optional. Used for decentralized JWT authentication
+  - name: seedKey
+    value: "SUACS34K232O...5Z3POU7BNIL4Y" # Optional. Used for decentralized JWT authentication
  - name: name
    value: "connection name"
  - name: durableName
@ -46,6 +50,8 @@ spec:
 | Field          | Required | Details | Example |
 |----------------|:--------:|---------|---------|
 | natsURL        |        Y | NATS server address URL   | "`nats://localhost:4222`"|
+| jwt            |        N | NATS decentralized authentication JWT | "`eyJhbGciOiJ...6yJV_adQssw5c`"|
+| seedKey        |        N | NATS decentralized authentication seed key | "`SUACS34K232O...5Z3POU7BNIL4Y`"|
 | name           |        N | NATS connection name | `"my-conn-name"`|
 | durableName    |        N | [Durable name] | `"my-durable"` |
 | queueGroupName |        N | Queue group name | `"my-queue"` |
@ -95,3 +101,4 @@ with NATS, find the service with: `kubectl get svc my-nats`.
 [Start Time]: https://docs.nats.io/jetstream/concepts/consumers#deliverbystarttime
 [Replay Policy]: https://docs.nats.io/jetstream/concepts/consumers#replaypolicy
 [Flow Control]: https://docs.nats.io/jetstream/concepts/consumers#flowcontrol
+[Decentralized JWT Authentication/Authorization]: https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_intro/jwt
--- a/daprdocs/content/en/reference/components-reference/supported-state-stores/_index.md
+++ b/daprdocs/content/en/reference/components-reference/supported-state-stores/_index.md
@ -33,6 +33,7 @@ The following stores are supported, at various levels, by the Dapr state managem
 | [Couchbase]({{< ref setup-couchbase.md >}})        | ✅ | ❌          | ✅  | ❌ | ❌ | ❌ | Alpha  | v1 | 1.0 |
 | [Hashicorp Consul]({{< ref setup-consul.md >}})    | ✅ | ❌          | ❌  | ❌ | ❌ | ❌ | Alpha  | v1 | 1.0 |
 | [Hazelcast]({{< ref setup-hazelcast.md >}})        | ✅ | ❌          | ❌  | ❌ | ❌ | ❌ | Alpha  | v1 | 1.0 |
+| [JetStream KV]({{< ref setup-jetstream-kv.md >}})  | ✅ | ❌          | ❌  | ❌ | ❌ | ❌ | Alpha  | v1 | 1.7 |
 | [Memcached]({{< ref setup-memcached.md >}})        | ✅ | ❌          | ❌  | ✅ | ❌ | ❌ | Alpha  | v1 | 1.0 |
 | [MongoDB]({{< ref setup-mongodb.md >}})            | ✅ | ✅          | ✅  | ❌ | ✅ | ✅ | Stable | v1 | 1.0 |
 | [MySQL]({{< ref setup-mysql.md >}})                | ✅ | ✅          | ✅  | ❌ | ✅ | ❌ | Alpha  | v1 | 1.0 |
--- a/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-jetstream-kv.md
+++ b/daprdocs/content/en/reference/components-reference/supported-state-stores/setup-jetstream-kv.md
@ -0,0 +1,89 @@
+---
+type: docs
+title: "JetStream KV"
+linkTitle: "JetStream KV"
+description: Detailed information on the JetStream KV state store component
+aliases:
+  - "/operations/components/setup-state-store/supported-state-stores/setup-nats-jetstream-kv/"
+---
+
+## Component format
+
+To setup a JetStream KV state store create a component of type `state.jetstream`. See [this guide]({{< ref "howto-get-save-state.md#step-1-setup-a-state-store" >}}) on how to create and apply a state store configuration.
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: <NAME>
+  namespace: <NAMESPACE>
+spec:
+  type: state.jetstream
+  version: v1
+  metadata:
+  - name: natsURL
+    value: "nats://localhost:4222"
+  - name: jwt
+    value: "eyJhbGciOiJ...6yJV_adQssw5c" # Optional. Used for decentralized JWT authentication
+  - name: seedKey
+    value: "SUACS34K232O...5Z3POU7BNIL4Y" # Optional. Used for decentralized JWT authentication
+  - name: bucket
+    value: "<bucketName>"
+```
+
+{{% alert title="Warning" color="warning" %}}
+The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described [here]({{< ref component-secrets.md >}}).
+{{% /alert %}}
+
+## Spec metadatafield
+
+| Field              | Required | Details | Example |
+|--------------------|:--------:|---------|---------|
+| natsURL            |        Y | NATS server address URL | "`nats://localhost:4222`"|
+| jwt                |        N | NATS decentralized authentication JWT | "`eyJhbGciOiJ...6yJV_adQssw5c`"|
+| seedKey            |        N | NATS decentralized authentication seed key | "`SUACS34K232O...5Z3POU7BNIL4Y`"|
+| bucket             |        Y | JetStream KV bucket name | `"<bucketName>"`|
+
+## Create a NATS server
+
+{{< tabs "Self-Hosted" "Kubernetes">}}
+
+{{% codetab %}}
+You can run a NATS Server with JetStream enabled locally using Docker:
+
+```bash
+docker run -d -p 4222:4222 nats:latest -js
+```
+
+You can then interact with the server using the client port: `localhost:4222`.
+{{% /codetab %}}
+
+{{% codetab %}}
+Install NATS JetStream on Kubernetes by using the [helm](https://github.com/nats-io/k8s/tree/main/helm/charts/nats#jetstream):
+
+```bash
+helm repo add nats https://nats-io.github.io/k8s/helm/charts/
+helm install my-nats nats/nats
+```
+
+This installs a single NATS server into the `default` namespace. To interact
+with NATS, find the service with: `kubectl get svc my-nats`.
+{{% /codetab %}}
+
+{{< /tabs >}}
+
+## Creating a JetStream KV bucket
+
+It is necessary to create a key value bucket, this can easily done via NATS CLI.
+
+```bash
+nats kv add <bucketName>
+```
+
+## Related links
+- [Basic schema for a Dapr component]({{< ref component-schema >}})
+- Read [this guide]({{< ref "howto-get-save-state.md#step-2-save-and-retrieve-a-single-state" >}}) for instructions on configuring state store components
+- [State management building block]({{< ref state-management >}})
+- [JetStream Documentation](https://docs.nats.io/nats-concepts/jetstream)
+- [Key Value Store Documentation](https://docs.nats.io/nats-concepts/jetstream/key-value-store)
+- [NATS CLI](https://github.com/nats-io/natscli)