dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'v1.7' into run_own_daprdexe_images

This commit is contained in:
Mark Fussell 2022-05-09 18:11:19 -07:00 committed by GitHub
parent c318491d21 3daab8ad98
commit fbf051db52
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 77 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
daprdocs/content/en/contributing/presentations.md
View File

@ -8,11 +8,11 @@ description: How to give a presentation on Dapr and examples
We welcome community members giving presentations on Dapr and spreading the word about all the awesome Dapr features! We offer a template PowerPoint file to get started.
{{< button text="Download the Dapr Presentation Deck" link="/presentations/dapr-slidedeck.zip" >}}
{{< button text="Download the Dapr Presentation Deck" link="/presentations/dapr-slidedeck.pptx.zip" >}}
## Giving a Dapr presentation
- Begin by downloading the [Dapr Presentation Deck](/presentations/dapr-slidedeck.zip). This contains slides and diagrams needed to give a Dapr presentation.
- Begin by downloading the [Dapr Presentation Deck](/presentations/dapr-slidedeck.pptx.zip). This contains slides and diagrams needed to give a Dapr presentation.
- Next, review the docs to make sure you understand the [concepts]({{< ref concepts >}}).
- Use the Dapr [quickstarts](https://github.com/dapr/quickstarts) repo and [samples](https://github.com/dapr/samples) repo to show demos of how to use Dapr.

41
daprdocs/content/en/developing-applications/building-blocks/bindings/howto-bindings.md
View File

@ -95,7 +95,7 @@ spec:
Below are code examples that leverage Dapr SDKs to interact with an output binding.
{{< tabs Dotnet Java Python Go Javascript>}}
{{< tabs Dotnet Java Python Go JavaScript>}}
{{% codetab %}}
@ -117,9 +117,10 @@ namespace EventService
{
static async Task Main(string[] args)
{
string BINDING_NAME = "checkout";
string BINDING_OPERATION = "create";
while(true) {
string BINDING_NAME = "checkout";
string BINDING_OPERATION = "create";
while(true)
{
System.Threading.Thread.Sleep(5000);
Random random = new Random();
int orderId = random.Next(1,1000);
@ -127,7 +128,7 @@ namespace EventService
//Using Dapr SDK to invoke output binding
await client.InvokeBindingAsync(BINDING_NAME, BINDING_OPERATION, orderId);
Console.WriteLine("Sending message: " + orderId);
}
}
}
}
}
@ -268,38 +269,36 @@ dapr run --app-id orderprocessing --app-port 6001 --dapr-http-port 3601 --dapr-g
```javascript
//dependencies
import { DaprServer, DaprClient, CommunicationProtocolEnum } from 'dapr-client';
import { DaprClient, CommunicationProtocolEnum } from "dapr-client";
//code
const daprHost = "127.0.0.1";
const daprHost = "127.0.0.1";
var main = function() {
for(var i=0;i<10;i++) {
sleep(5000);
var orderId = Math.floor(Math.random() * (1000 - 1) + 1);
start(orderId).catch((e) => {
(async function () {
for (var i = 0; i < 10; i++) {
await sleep(2000);
const orderId = Math.floor(Math.random() * (1000 - 1) + 1);
try {
await sendOrder(orderId)
} catch (err) {
console.error(e);
process.exit(1);
});
}
}
}
})();
async function start(orderId) {
async function sendOrder(orderId) {
const BINDING_NAME = "checkout";
const BINDING_OPERATION = "create";
const client = new DaprClient(daprHost, process.env.DAPR_HTTP_PORT, CommunicationProtocolEnum.HTTP);
//Using Dapr SDK to invoke output binding
const result = await client.binding.send(BINDING_NAME, BINDING_OPERATION, { orderId: orderId });
const result = await client.binding.send(BINDING_NAME, BINDING_OPERATION, orderId);
console.log("Sending message: " + orderId);
}
function sleep(ms) {
return new Promise(resolve => setTimeout(resolve, ms));
}
main();
```
Navigate to the directory containing the above code, then run the following command to launch a Dapr sidecar and run the application:
@ -317,7 +316,7 @@ All that's left now is to invoke the output bindings endpoint on a running Dapr
You can also invoke the output bindings endpoint using HTTP:
```bash
curl -X POST -H 'Content-Type: application/json' http://localhost:3601/v1.0/bindings/checkout -d '{ "data": { "orderId": "100" }, "operation": "create" }'
curl -X POST -H 'Content-Type: application/json' http://localhost:3601/v1.0/bindings/checkout -d '{ "data": 100, "operation": "create" }'
```
As seen above, you invoked the `/binding` endpoint with the name of the binding to invoke, in our case its `checkout`.

2
daprdocs/content/en/developing-applications/building-blocks/bindings/howto-triggers.md
View File

@ -106,7 +106,7 @@ Now configure your application to receive incoming events. If using HTTP, you ne
Below are code examples that leverage Dapr SDKs to demonstrate an output binding.
{{< tabs Dotnet Java Python Go Javascript>}}
{{< tabs Dotnet Java Python Go JavaScript>}}
{{% codetab %}}

1
daprdocs/content/en/operations/hosting/kubernetes/kubernetes-upgrade.md
View File

@ -61,6 +61,7 @@ From version 1.0.0 onwards, upgrading Dapr using Helm is no longer a disruptive
kubectl replace -f https://raw.githubusercontent.com/dapr/dapr/v{{% dapr-latest-version long="true" %}}/charts/dapr/crds/components.yaml
kubectl replace -f https://raw.githubusercontent.com/dapr/dapr/v{{% dapr-latest-version long="true" %}}/charts/dapr/crds/configuration.yaml
kubectl replace -f https://raw.githubusercontent.com/dapr/dapr/v{{% dapr-latest-version long="true" %}}/charts/dapr/crds/subscription.yaml
kubectl apply -f https://raw.githubusercontent.com/dapr/dapr/v{{% dapr-latest-version long="true" %}}/charts/dapr/crds/resiliency.yaml
```
```bash

47
daprdocs/content/en/operations/security/api-token.md
View File

@ -10,13 +10,13 @@ By default, Dapr relies on the network boundary to limit access to its public AP
## Create a token
Dapr uses [JWT](https://jwt.io/) tokens for API authentication.
Dapr uses shared tokens for API authentication. You are free to define the API token to use.
> Note, while Dapr itself is actually not the JWT token issuer in this implementation, being explicit about the use of JWT standard enables federated implementations in the future (e.g. OAuth2).
Although Dapr does not impose any format for the shared token, a good idea is to generate a random byte sequence and encode it to Base64. For example, this command generates a random 32-byte key and encodes that as Base64:
To configure API authentication, start by generating your token using any JWT token compatible tool (e.g. https://jwt.io/) and your secret.
> Note, that secret is only necessary to generate the token, and Dapr doesn't need to know about or store it
```sh
openssl rand 16 | base64
```
## Configure API token authentication in Dapr
@ -24,23 +24,23 @@ The token authentication configuration is slightly different for either Kubernet
### Self-hosted
In self-hosting scenario, Dapr looks for the presence of `DAPR_API_TOKEN` environment variable. If that environment variable is set while `daprd`process launches, Dapr will enforce authentication on its public APIs:
In self-hosting scenario, Dapr looks for the presence of `DAPR_API_TOKEN` environment variable. If that environment variable is set when the `daprd`process launches, Dapr enforces authentication on its public APIs:
```shell
export DAPR_API_TOKEN=<token>
```
To rotate the configured token, simply set the `DAPR_API_TOKEN` environment variable to the new value and restart the `daprd`process.
To rotate the configured token, update the `DAPR_API_TOKEN` environment variable to the new value and restart the `daprd`process.
### Kubernetes
In Kubernetes deployment, Dapr leverages Kubernetes secrets store to hold the JWT token. To configure Dapr APIs authentication start by creating a new secret:
In a Kubernetes deployment, Dapr leverages Kubernetes secrets store to hold the shared token. To configure Dapr APIs authentication, start by creating a new secret:
```shell
kubectl create secret generic dapr-api-token --from-literal=token=<token>
```
> Note, the above secret needs to be created in each namespace in which you want to enable Dapr token authentication
> Note, the above secret needs to be created in each namespace in which you want to enable Dapr token authentication.
To indicate to Dapr to use that secret to secure its public APIs, add an annotation to your Deployment template spec:
@ -56,11 +56,11 @@ When deployed, Dapr sidecar injector will automatically create a secret referenc
### Self-hosted
To rotate the configured token in self-hosted, simply set the `DAPR_API_TOKEN` environment variable to the new value and restart the `daprd`process.
To rotate the configured token in self-hosted, update the `DAPR_API_TOKEN` environment variable to the new value and restart the `daprd`process.
### Kubernetes
To rotate the configured token in Kubernates, update the previously created secret with the new token in each namespace. You can do that using `kubectl patch` command, but the easiest way to update these in each namespace is by using manifest:
To rotate the configured token in Kubernates, update the previously-created secret with the new token in each namespace. You can do that using `kubectl patch` command, but a simpler way to update these in each namespace is by using a manifest:
```yaml
apiVersion: v1
@ -84,26 +84,33 @@ To tell Dapr to start using the new token, trigger a rolling upgrade to each one
kubectl rollout restart deployment/<deployment-name> --namespace <namespace-name>
```
> Note, assuming your service is configured with more than one replica, the key rotation process does not result in any downtime.
> Assuming your service is configured with more than one replica, the key rotation process does not result in any downtime.
## Adding API token to client API invocations
## Adding JWT token to client API invocations
Once token authentication is configured in Dapr, all clients invoking Dapr API will have to append the JWT token to every request:
Once token authentication is configured in Dapr, all clients invoking Dapr API will have to append the API token token to every request:
### HTTP
In case of HTTP, Dapr inspect the incoming request for presence of `dapr-api-token` parameter in HTTP header:
In case of HTTP, Dapr requires the API token in the `dapr-api-token` header. For example:
```shell
```text
GET http://<daprAddress>/v1.0/metadata
dapr-api-token: <token>
```
Using curl, you can pass the header using the `--header` (or `-H`) option. For example:
```sh
curl http://localhost:3500/v1.0/metadata \
--header "dapr-api-token: my-token"
```
### gRPC
When using gRPC protocol, Dapr will inspect the incoming calls for the API token on the gRPC metadata:
```shell
```text
dapr-api-token[0].
```
@ -113,7 +120,7 @@ dapr-api-token[0].
In Kubernetes, it's recommended to mount the secret to your pod as an environment variable, as shown in the example below, where a Kubernetes secret with the name `dapr-api-token` is used to hold the token.
```
```yaml
containers:
- name: mycontainer
image: myregistry/myapp
@ -126,7 +133,7 @@ containers:
In self-hosted mode, you can set the token as an environment variable for your app:
```
```sh
export DAPR_API_TOKEN=<my-dapr-token>
```

35
daprdocs/content/en/operations/security/app-api-token.md
View File

@ -11,13 +11,13 @@ To enable the application to authenticate requests that are arriving from the Da
## Create a token
Dapr uses [JWT](https://jwt.io/) tokens for API authentication.
Dapr uses shared tokens for API authentication. You are free to define the API token to use.
> Note, while Dapr itself is actually not the JWT token issuer in this implementation, being explicit about the use of JWT standard enables federated implementations in the future (e.g. OAuth2).
Although Dapr does not impose any format for the shared token, a good idea is to generate a random byte sequence and encode it to Base64. For example, this command generates a random 32-byte key and encodes that as Base64:
To configure API authentication, start by generating your token using any JWT token compatible tool (e.g. https://jwt.io/) and your secret.
> Note, that secret is only necessary to generate the token, and Dapr doesn't need to know about or store it
```sh
openssl rand 16 | base64
```
## Configure app API token authentication in Dapr
@ -25,17 +25,17 @@ The token authentication configuration is slightly different for either Kubernet
### Self-hosted
In self-hosting scenario, Dapr looks for the presence of `APP_API_TOKEN` environment variable. If that environment variable is set while `daprd`process launches, Dapr includes the token when calling an app:
In self-hosting scenario, Dapr looks for the presence of `APP_API_TOKEN` environment variable. If that environment variable is set when the `daprd`process launches, Dapr includes the token when calling an app:
```shell
export APP_API_TOKEN=<token>
```
To rotate the configured token, simply set the `APP_API_TOKEN` environment variable to the new value and restart the `daprd`process.
To rotate the configured token, update the `APP_API_TOKEN` environment variable to the new value and restart the `daprd`process.
### Kubernetes
In Kubernetes deployment, Dapr leverages Kubernetes secrets store to hold the JWT token. Start by creating a new secret:
In a Kubernetes deployment, Dapr leverages Kubernetes secrets store to hold the shared token. To start, create a new secret:
```shell
kubectl create secret generic app-api-token --from-literal=token=<token>
@ -57,11 +57,11 @@ When deployed, the Dapr Sidecar Injector automatically creates a secret referenc
### Self-hosted
To rotate the configured token in self-hosted, simply set the `APP_API_TOKEN` environment variable to the new value and restart the `daprd`process.
To rotate the configured token in self-hosted, update the `APP_API_TOKEN` environment variable to the new value and restart the `daprd`process.
### Kubernetes
To rotate the configured token in Kubernates, update the previously created secret with the new token in each namespace. You can do that using `kubectl patch` command, but the easiest way to update these in each namespace is by using manifest:
To rotate the configured token in Kubernates, update the previously-created secret with the new token in each namespace. You can do that using `kubectl patch` command, but a simpler way to update these in each namespace is by using a manifest:
```yaml
apiVersion: v1
@ -85,18 +85,17 @@ To tell Dapr to start using the new token, trigger a rolling upgrade to each one
kubectl rollout restart deployment/<deployment-name> --namespace <namespace-name>
```
> Note, assuming your service is configured with more than one replica, the key rotation process does not result in any downtime.
> Assuming your service is configured with more than one replica, the key rotation process does not result in any downtime.
## Authenticating requests from Dapr
Once app token authentication is configured in Dapr, all requests *coming from Dapr* include the token:
Once app token authentication is configured in Dapr, all requests *coming from Dapr* include the token.
### HTTP
In case of HTTP, inspect the incoming request for presence of `dapr-api-token` parameter in HTTP header:
In case of HTTP, in your code look for the HTTP header `dapr-api-token` in incoming requests:
```shell
```text
dapr-api-token: <token>
```
@ -104,7 +103,7 @@ dapr-api-token: <token>
When using gRPC protocol, inspect the incoming calls for the API token on the gRPC metadata:
```shell
```text
dapr-api-token[0].
```
@ -115,7 +114,7 @@ dapr-api-token[0].
In Kubernetes, it's recommended to mount the secret to your pod as an environment variable.
Assuming we created a secret with the name `app-api-token` to hold the token:
```
```yaml
containers:
- name: mycontainer
image: myregistry/myapp
@ -128,7 +127,7 @@ containers:
In self-hosted mode, you can set the token as an environment variable for your app:
```
```sh
export APP_API_TOKEN=<my-app-token>
```

9
daprdocs/content/en/operations/security/mtls.md
View File

@ -186,6 +186,15 @@ To update the provided certificates in the Kubernetes cluster, the CLI command b
dapr mtls renew-certificate -k --ca-root-certificate <ca.crt> --issuer-private-key <issuer.key> --issuer-public-certificate <issuer.crt> --restart
```
{{% alert title="Restart Dapr-enabled pods" color="warning" %}}
Irrespective of which command was used to renew the certificates, you must restart all Dapr-enabled pods.
Due to certificate mismatches, you might experience some downtime till all deployments have successfully been restarted.
{{% /alert %}}
The recommended way to do this is to perform a rollout restart of your deployment:
```
kubectl rollout restart deploy/myapp
```
### Updating root or issuer certs using Kubectl
If the Root or Issuer certs are about to expire, you can update them and restart the required system services.

BIN
daprdocs/static/presentations/dapr-slidedeck.pptx.zip Normal file
View File

Binary file not shown.

BIN
daprdocs/static/presentations/dapr-slidedeck.zip
View File

Binary file not shown.