AKS-Series 6 [Video]: Better Distributed Apps With Dapr by Radoslav Gatev

Transcript

1. Better Distributed Apps With Dapr Radoslav Gatev Microsoft Azure Zürich

   User Group May 2022

2. About me Solution Architect & Consultant Microsoft Azure MVP www.gatevnotes.com

   www.linkedin.com/in/radoslavgatev @RadoslavGatev

3. Wrote a book on the topic…

4. State of enterprise developers Must deploy scale- out apps for

   flexibility, cost, and efficiency Must develop resilient, scalable, microservice- based apps that interact with services Want to focus on building applications, not learning infrastructure Trending toward serverless platforms with simple code to cloud pipelines Use multiple languages and frameworks during development

5. Cart Microservices architecture E-commerce app Email Payment Inventory Checkout Frontend

   RCMD Internet State Management Queue Shipping

6. What is holding back microservice development? Limited tools and runtimes

   to build distributed applications Runtimes have limited language support and tightly controlled feature sets Runtimes only target specific infrastructure platforms with limited portability

7. Distributed Application Runtime Portable, event-driven, runtime for building distributed applications

   across cloud and edge dapr.io

8. 17.9k GitHub stars 4k Discord members +1M Docker Hub monthly

   pulls 1810 Contributors 97 Community Components +10k Monthly Docs views

9. Dapr Goals

10. HTTP API gRPC API Microservices written in Any cloud or

    edge infrastructure Application code Any code or framework… Microservices written in Service-to- service invocation State management Publish and subscribe Resource bindings and triggers Actors Observability Secrets Configuration virtual or physical machines Dapr APIs

11. Sidecar model My App Dapr API POST http://localhost:3500/v1.0/invoke/cart/method/neworder GET http://localhost:3500/v1.0/state/inventory/item67

    POST http://localhost:3500/v1.0/publish/shipping/order GET http://localhost:3500/v1.0/secrets/vault/password42 HTTP/gRPC Application Dapr sidecar

12. Dapr APIs Service A Observability Bindings & Triggers State Management

    Secret Management PubSub Messaging Virtual Actors Service Invocation Service B My App Configuration

13. Dapr components My App Observability Prometheus AppInsights Jaeger Zipkin Bindings

    & Triggers github.com/dapr/components-contrib State Stores Secret Stores PubSub Brokers

14. HashiCorp Vault RabbitMQ Redis On-prem Service 1 Service 2 Service

    3 Pluggable components

15. KMS SNS DynamoDB Service 1 Service 2 Service 3 Pluggable

    components

16. Azure Key Vault Azure Service Bus Azure Cosmos DB Service

    1 Service 2 Service 3 Pluggable components

17. Dapr building blocks Secrets Securely access secrets from your application

    Observability See and measure the message calls across components and networked services Actors Encapsulate code and data in reusable actor objects as a common microservices design pattern Bindings (input/output) Trigger code through events from a large array of inputs Input and output bindings to external resources including databases and queues Publish and subscribe Secure, scalable messaging between services State management Create long running, stateless and stateful services Service-to- service invocation Perform direct, secure, service-to- service method calls Configuration Access application configuration and be notified of updates

18. Service invocation Order Processor Checkout DNS Name Resolution component for

    service discovery (mDNS, Kubernetes DNS, Hashicorp Consul) mTLS encryption POST http://localhost:3500/v1.0/invoke/orderprocessor/method/orders {"data":"order1"} POST http://10.0.0.2:3501/orders {"data":"order1"} Send order

19. Service invocation D E M O

20. key Field value myapp||order1 data "myorder" myapp||order1 version 1 State

    management myapp POST http://localhost:3500/v1.0/state/orderstore [{ "key": "order1", "value": "myorder" }] Redis Cache orderstore

21. key Field value myapp||order1 data "myorder" myapp||order1 version 1 State

    management myapp Redis Cache orderstore GET http://localhost:3500/v1.0/state/orderstore/order1 "myorder"

22. key Field value myapp||order1 data "myorder" myapp||order1 version 1 State

    management myapp AWS DynamoDB orderstore GET http://localhost:3500/v1.0/state/orderstore/order1 "myorder"

23. Dapr state API Save state POST /v1.0/state/orderstore Retrieve state GET

    /v1.0/state/orderstore/myorder1 Delete state DELETE /v1.0/state/orderstore/myorder1 Get bulk state POST /v1.0/state/orderstore/bulk Submit multiple state transactions POST /v1.0/state/corpdb/transaction corpdb-redis.yaml apiVersion: dapr.io/v1alpha1 kind: Component metadata: name: orderstore spec: type: state.redis version: v1 metadata: - name: redisHost value: redis-master.default.svc.cluster.local:6379 - name: redisPassword secretKeyRef: name: redis-secret key: redis-password

24. Dapr state API corpdb-cosmosdb.yaml apiVersion: dapr.io/v1alpha1 kind: Component metadata: name:

    orderstore spec: type: state.azure.cosmosdb version: v1 metadata: - name: url value: corpdb.documents.azure.com - name: masterKey secretKeyRef: name: master-key key: cosmos-key - name: database value: orders - name: collection value: processed Save state POST /v1.0/state/orderstore Retrieve state GET /v1.0/state/orderstore/myorder1 Delete state DELETE /v1.0/state/orderstore/myorder1 Get bulk state POST /v1.0/state/orderstore/bulk Submit multiple state transactions POST /v1.0/state/corpdb/transaction

25. State management features • Choose strong consistency or eventual consistency

    • Optimistic concurrency control (OCC) using Etags. Enables the last-write-wins pattern, compared to the first-write-wins pattern when using ETags. • Transactions • Group requests of different types into a multi-operation, which is handled as an atomic transaction • Or bulk operations are not transactional, each operation in the request treated as a separate update • Shared state allowing single instance or multiple instances of applications to access state stores • State Time-to-Live (TTL) • Per statestore set request time-to-live (TTL). This means that applications can set time-to-live per state stored, and these states cannot be retrieved after expiration • State Encryption • Automatic client encryption of application state with support for key rotations

26. State management D E M O

27. None

28. Publish and subscribe Service B My App Redis Cache Service

    A POST http://localhost:3500/v1.0/publish/order {"data":"MyOrder"} POST http://10.0.0.4:8000/factory/order {"data":"MyOrder"} POST http://10.0.0.2:8000/order {"data":"MyOrder"}

29. Publish and subscribe components Service B My App Redis Cache

    Service A NATS Azure Service Bus GCP Pub/ Sub AWS SNS

30. Publish and subscribe D E M O

31. Input bindings My App Twitter POST http://10.0.0.2:8000/newtweet {"data":“📢 We are

    excited to announce the …"}

32. Dapr bindings API twitter.yaml apiVersion: dapr.io/v1alpha1 kind: Component metadata: name:

    twitter spec: type: bindings.twitter version: v1 metadata: - name: consumerKey secretKeyRef: name: twitter-secret key: consumerKey - name: consumerSecret secretKeyRef: name: twitter-secret key: consumerSecret - name: accessToken secretKeyRef: name: twitter-secret key: accessToken - name: accessSecret secretKeyRef: name: twitter-secret key: accessSecret App-to-sidecar Invoke an output binding POST/PUT /v1.0/bindings/twitter Sidecar-to-app Trigger an app OPTIONS/POST /new-tweet

33. Output bindings My App Twilio POST http://localhost:3500/v1.0/bindings/twilio {"data":”Send message"} Send

    Message

34. Secrets My App GET http://localhost:3500/v1.0/secrets/vault/mysecret "supersecret" HahsiCorp Vault key value

    mysecret "supersecret"

35. Dapr secrets API vault.yaml apiVersion: dapr.io/v1alpha1 kind: Component metadata: name:

    vault spec: type: secretstores.hashicorp.vault metadata: - name: vaultAddr value: https://127.0.0.1:8200 - name: caCert value: "ca_cert" - name: caPath value: "/certs/cert.pem" - name: caPem value: "/certs/ca.pem” App-to-sidecar Retrieve a secret GET /v1.0/secrets/vault/mysecret Retrieve secrets in bulk GET /v1.0/secrets/vault/bulk

36. Host/Pod Stateful, objects of storage and compute Dapr Actor features:

    Distribution and failover Turn-based concurrency State management Timers Reminders Host/Pod Video Game Enemy Virtually identical to Service Fabric Reliable Actors Virtual actors

37. Actor A Actor C My Actor Pod 1 Actor B

    Actor F Actor E Actor G Virtual actors My App POST http://localhost:3500/v1.0/actors/MyActor/A/method/update {"speed":"1"} Dapr actor Placement service Placement Actor Z Actor X My Actor Pod 2 Actor Y Actor U Actor V Actor T

38. Configuration My App GET http://localhost:3500/v1.0/configuration/store/appconfig1 "setting A" key value appconfig1

    ”setting A" Redis Cache

39. Observability OpenTelemetry collector Logging & tracing extensions My App Redis

    Cache Twitter Service B Service A

40. Observability: Distributed tracing Dapr distributed tracing features: Call graphs using

    Trace Ids and Trace scopes Capture call metrics Configurable sampling rates ZipKin and Open Telemetery protocols write to OpenTelemetry Collector Emit tracing data from calls to/from Dapr sidecars and system services for easy application-level instrumentation

41. Metrics Dapr Metrics features: Call latency CPU/memory usage Error rates

    Sidecar injection failures System health Built-in monitoring capabilities to understand the behavior of the Dapr sidecar and system services

42. State Management v2 Publish & Subscribe Secret Management Input Binding

    Output Binding Service Invocation Get state Retrieve secret Publish Subscribe Trigger Call method Get config Application Configuration Resiliency resiliency resiliency resiliency resiliency resiliency resiliency resiliency

43. Resiliency • Resiliency patterns can be applied across Dapr APIs

    • Retries • Timeouts • Circuit breakers • Declarative and decoupled from application code • Available across all component types, service invocation and actors.

44. Order Processor Checkout 1 The built-in service invocation retries are

    always performed with a backoff interval of 1 second up to a threshold of 3 times 1 Additionally, service invocation resiliency polices for `retries`, `timeouts and `circuit breakers` can be applied Service invocation resiliency policies

45. Outbound component resiliency policies Checkout Outbound Component 1 Component resiliency

    polices for `retries`, `timeouts and `circuit breakers` can be applied to outbound component calls. For example, calls to persist state 1 Additionally, some components have `retry` capabilities built-in. The policies are configured on a per component basis. For example, Redis state store, RabbitMQ

46. Inbound component resiliency policies Checkout Inbound Cron Input Binding 1

    Resiliency polices for `retries`, `timeouts and `circuit breakers` can be applied to inbound component calls. For example, pub/sub subscriptions and input bindings

47. Resiliency in Pub/Sub Order Processor Checkout Pub/sub queue Inbound Outbound

    1 Outbound component resiliency policies for `retries`, `timeouts and `circuit breakers` can be applied to message publishing 1 Inbound component resiliency polices for `retries`, `timeouts and `circuit breakers` policies can be applied to subscriptions when delivering messages 1 Additionally, many pub/sub components have `retry` capabilities built-in. The policies are configured on a per component basis. For example, Kafka, RabbitMQ and Redis

48. Dapr hosting environments • Get started with dapr init -k

    • Integrated Dapr control plane • Deploys dashboard, placement, operator, sentry, and injector pods • Automatically inject Dapr sidecar into all annotated pods • Upgrade with dapr upgrade or Helm • Get started with dapr init • Easy setup with Docker images • Sets up placement, Zipkin, Redis • slim-init available without Docker • Run any application with Dapr sidecar using dapr run • Slim mode does executable deployment (no Docker images) Self-hosted • Self-deploy Dapr control plane per machine • Deploy Hashicorp Consul per machine • Run any application with Dapr sidecar using dapr run • Dapr Installer Package allows for offline/remote deployments with no network connectivity Virtual/Physical Machines

49. Dapr in self-hosted Docker mode Local dev machine or virtual

    machine Actor placement Placement Zipkin tracing Zipkin Redis state store Redis My App State Stores PubSub Brokers Secret Stores Bindings & Triggers Observability Dapr Components dapr run myapp Use components Launch application Launch sidecar process Set env variables Save and retrieve state Publish and subscribe to messages Create mapping table of actor instances to pods Send distributed tracing

50. Actor Placement Placement Consul agent server (leader) Consul used for

    DNS name resolution Create mapping table of actor instances Cert authority & identity Sentry Assign Spiffe identity Manage mTLS between services Actor Placement Placement Consul agent server (follower) Cert authority & identity Sentry Actor Placement Placement Consul agent server (follower) Cert authority & identity Sentry State Stores PubSub Brokers Secret Stores Bindings & Triggers Observability Dapr Components Configuration VM 1 VM 2 VM 3 Service B Service A File store for certificates Cluster of VMs Dapr in self-hosted mode on VMs

51. Dapr on Kubernetes Pod Actor partition placement Placement Pod Dapr

    runtime injector Injector Pod Cert authority and identity Sentry Pod Update component changes Operator Pod My App Kubelet Use components Inject Dapr sidecar into annotated pods Inject env variables Manage mTLS between services Assign spiffe identity Create mapping table of actor instances to pods Manage component updates Manage Kubernetes service endpoints Readiness and Liveness probe on healthz API to determine Dapr health state State Stores Pub/Sub Brokers Secret Stores Bindings & Triggers Observability Dapr Components Operator Deploys and manages Dapr Any cloud or edge infrastructure

52. Questions? Get started at http://dapr.io Join the Discord community aka.ms/dapr-discord

    Join the community calls aka.ms/dapr-community Follow on Twitter @daprdev Contribute at github.com/dapr
53. None