Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AKS-Series 6 [Video]: Better Distributed Apps W...

AKS-Series 6 [Video]: Better Distributed Apps With Dapr by Radoslav Gatev

Stream Link: https://www.youtube.com/watch?v=KdjyRTNCMZg

Meetup Link: https://www.meetup.com/de-DE/Microsoft-Azure-Zurich-User-Group/events/283205432/

Microservices architecture brings a lot of complexity from the get-go. Things like service discovery, state management, and resilient service communication become very important and need to be implemented properly when building distributed systems. A lot of difficult decisions are involved - what programming languages to choose, frameworks, libraries, etc. Dapr is a portable, event-driven runtime that makes it easy for enterprise developers to build resilient microservices applications, by providing best practice implementations as building blocks that you can use in your distributed applications.

In this session, we will explore the basics of Dapr, what benefits it brings for your applications, and how to get started using it. Alongside that, you will learn about the different hosting modes of Dapr.

Bio:

Radoslav Gatev is a software architect and consultant who specializes in designing and building complex and vast solutions in Microsoft Azure. He helps companies all over the world, ranging from startups to big enterprises, to have highly performant and resilient applications that utilize the cloud in the best and most efficient way possible. Radoslav has been awarded a Microsoft Most Valuable Professional (MVP) for Microsoft Azure for his ongoing contributions to the community in this area. He strives for excellence and enjoyment when working on the bleeding edge of technology and is excited to work with Dapr. He frequently speaks and presents at various conferences and participates in organizing multiple technical conferences in Bulgaria.

Links:

https://www.gatevnotes.com/
https://www.linkedin.com/in/radoslavgatev/
https://twitter.com/RadoslavGatev

More Decks by Azure Zurich User Group

Other Decks in Technology

Transcript

  1. State of enterprise developers Must deploy scale- out apps for

    flexibility, cost, and efficiency Must develop resilient, scalable, microservice- based apps that interact with services Want to focus on building applications, not learning infrastructure Trending toward serverless platforms with simple code to cloud pipelines Use multiple languages and frameworks during development
  2. What is holding back microservice development? Limited tools and runtimes

    to build distributed applications Runtimes have limited language support and tightly controlled feature sets Runtimes only target specific infrastructure platforms with limited portability
  3. 17.9k GitHub stars 4k Discord members +1M Docker Hub monthly

    pulls 1810 Contributors 97 Community Components +10k Monthly Docs views
  4. HTTP API gRPC API Microservices written in Any cloud or

    edge infrastructure Application code Any code or framework… Microservices written in Service-to- service invocation State management Publish and subscribe Resource bindings and triggers Actors Observability Secrets Configuration virtual or physical machines Dapr APIs
  5. Sidecar model My App Dapr API POST http://localhost:3500/v1.0/invoke/cart/method/neworder GET http://localhost:3500/v1.0/state/inventory/item67

    POST http://localhost:3500/v1.0/publish/shipping/order GET http://localhost:3500/v1.0/secrets/vault/password42 HTTP/gRPC Application Dapr sidecar
  6. Dapr APIs Service A Observability Bindings & Triggers State Management

    Secret Management PubSub Messaging Virtual Actors Service Invocation Service B My App Configuration
  7. Dapr components My App Observability Prometheus AppInsights Jaeger Zipkin Bindings

    & Triggers github.com/dapr/components-contrib State Stores Secret Stores PubSub Brokers
  8. Azure Key Vault Azure Service Bus Azure Cosmos DB Service

    1 Service 2 Service 3 Pluggable components
  9. Dapr building blocks Secrets Securely access secrets from your application

    Observability See and measure the message calls across components and networked services Actors Encapsulate code and data in reusable actor objects as a common microservices design pattern Bindings (input/output) Trigger code through events from a large array of inputs Input and output bindings to external resources including databases and queues Publish and subscribe Secure, scalable messaging between services State management Create long running, stateless and stateful services Service-to- service invocation Perform direct, secure, service-to- service method calls Configuration Access application configuration and be notified of updates
  10. Service invocation Order Processor Checkout DNS Name Resolution component for

    service discovery (mDNS, Kubernetes DNS, Hashicorp Consul) mTLS encryption POST http://localhost:3500/v1.0/invoke/orderprocessor/method/orders {"data":"order1"} POST http://10.0.0.2:3501/orders {"data":"order1"} Send order
  11. key Field value myapp||order1 data "myorder" myapp||order1 version 1 State

    management myapp POST http://localhost:3500/v1.0/state/orderstore [{ "key": "order1", "value": "myorder" }] Redis Cache orderstore
  12. key Field value myapp||order1 data "myorder" myapp||order1 version 1 State

    management myapp Redis Cache orderstore GET http://localhost:3500/v1.0/state/orderstore/order1 "myorder"
  13. key Field value myapp||order1 data "myorder" myapp||order1 version 1 State

    management myapp AWS DynamoDB orderstore GET http://localhost:3500/v1.0/state/orderstore/order1 "myorder"
  14. Dapr state API Save state POST /v1.0/state/orderstore Retrieve state GET

    /v1.0/state/orderstore/myorder1 Delete state DELETE /v1.0/state/orderstore/myorder1 Get bulk state POST /v1.0/state/orderstore/bulk Submit multiple state transactions POST /v1.0/state/corpdb/transaction corpdb-redis.yaml apiVersion: dapr.io/v1alpha1 kind: Component metadata: name: orderstore spec: type: state.redis version: v1 metadata: - name: redisHost value: redis-master.default.svc.cluster.local:6379 - name: redisPassword secretKeyRef: name: redis-secret key: redis-password
  15. Dapr state API corpdb-cosmosdb.yaml apiVersion: dapr.io/v1alpha1 kind: Component metadata: name:

    orderstore spec: type: state.azure.cosmosdb version: v1 metadata: - name: url value: corpdb.documents.azure.com - name: masterKey secretKeyRef: name: master-key key: cosmos-key - name: database value: orders - name: collection value: processed Save state POST /v1.0/state/orderstore Retrieve state GET /v1.0/state/orderstore/myorder1 Delete state DELETE /v1.0/state/orderstore/myorder1 Get bulk state POST /v1.0/state/orderstore/bulk Submit multiple state transactions POST /v1.0/state/corpdb/transaction
  16. State management features • Choose strong consistency or eventual consistency

    • Optimistic concurrency control (OCC) using Etags. Enables the last-write-wins pattern, compared to the first-write-wins pattern when using ETags. • Transactions • Group requests of different types into a multi-operation, which is handled as an atomic transaction • Or bulk operations are not transactional, each operation in the request treated as a separate update • Shared state allowing single instance or multiple instances of applications to access state stores • State Time-to-Live (TTL) • Per statestore set request time-to-live (TTL). This means that applications can set time-to-live per state stored, and these states cannot be retrieved after expiration • State Encryption • Automatic client encryption of application state with support for key rotations
  17. Publish and subscribe Service B My App Redis Cache Service

    A POST http://localhost:3500/v1.0/publish/order {"data":"MyOrder"} POST http://10.0.0.4:8000/factory/order {"data":"MyOrder"} POST http://10.0.0.2:8000/order {"data":"MyOrder"}
  18. Publish and subscribe components Service B My App Redis Cache

    Service A NATS Azure Service Bus GCP Pub/ Sub AWS SNS
  19. Dapr bindings API twitter.yaml apiVersion: dapr.io/v1alpha1 kind: Component metadata: name:

    twitter spec: type: bindings.twitter version: v1 metadata: - name: consumerKey secretKeyRef: name: twitter-secret key: consumerKey - name: consumerSecret secretKeyRef: name: twitter-secret key: consumerSecret - name: accessToken secretKeyRef: name: twitter-secret key: accessToken - name: accessSecret secretKeyRef: name: twitter-secret key: accessSecret App-to-sidecar Invoke an output binding POST/PUT /v1.0/bindings/twitter Sidecar-to-app Trigger an app OPTIONS/POST /new-tweet
  20. Dapr secrets API vault.yaml apiVersion: dapr.io/v1alpha1 kind: Component metadata: name:

    vault spec: type: secretstores.hashicorp.vault metadata: - name: vaultAddr value: https://127.0.0.1:8200 - name: caCert value: "ca_cert" - name: caPath value: "/certs/cert.pem" - name: caPem value: "/certs/ca.pem” App-to-sidecar Retrieve a secret GET /v1.0/secrets/vault/mysecret Retrieve secrets in bulk GET /v1.0/secrets/vault/bulk
  21. Host/Pod Stateful, objects of storage and compute Dapr Actor features:

    Distribution and failover Turn-based concurrency State management Timers Reminders Host/Pod Video Game Enemy Virtually identical to Service Fabric Reliable Actors Virtual actors
  22. Actor A Actor C My Actor Pod 1 Actor B

    Actor F Actor E Actor G Virtual actors My App POST http://localhost:3500/v1.0/actors/MyActor/A/method/update {"speed":"1"} Dapr actor Placement service Placement Actor Z Actor X My Actor Pod 2 Actor Y Actor U Actor V Actor T
  23. Observability: Distributed tracing Dapr distributed tracing features: Call graphs using

    Trace Ids and Trace scopes Capture call metrics Configurable sampling rates ZipKin and Open Telemetery protocols write to OpenTelemetry Collector Emit tracing data from calls to/from Dapr sidecars and system services for easy application-level instrumentation
  24. Metrics Dapr Metrics features: Call latency CPU/memory usage Error rates

    Sidecar injection failures System health Built-in monitoring capabilities to understand the behavior of the Dapr sidecar and system services
  25. State Management v2 Publish & Subscribe Secret Management Input Binding

    Output Binding Service Invocation Get state Retrieve secret Publish Subscribe Trigger Call method Get config Application Configuration Resiliency resiliency resiliency resiliency resiliency resiliency resiliency resiliency
  26. Resiliency • Resiliency patterns can be applied across Dapr APIs

    • Retries • Timeouts • Circuit breakers • Declarative and decoupled from application code • Available across all component types, service invocation and actors.
  27. Order Processor Checkout 1 The built-in service invocation retries are

    always performed with a backoff interval of 1 second up to a threshold of 3 times 1 Additionally, service invocation resiliency polices for `retries`, `timeouts and `circuit breakers` can be applied Service invocation resiliency policies
  28. Outbound component resiliency policies Checkout Outbound Component 1 Component resiliency

    polices for `retries`, `timeouts and `circuit breakers` can be applied to outbound component calls. For example, calls to persist state 1 Additionally, some components have `retry` capabilities built-in. The policies are configured on a per component basis. For example, Redis state store, RabbitMQ
  29. Inbound component resiliency policies Checkout Inbound Cron Input Binding 1

    Resiliency polices for `retries`, `timeouts and `circuit breakers` can be applied to inbound component calls. For example, pub/sub subscriptions and input bindings
  30. Resiliency in Pub/Sub Order Processor Checkout Pub/sub queue Inbound Outbound

    1 Outbound component resiliency policies for `retries`, `timeouts and `circuit breakers` can be applied to message publishing 1 Inbound component resiliency polices for `retries`, `timeouts and `circuit breakers` policies can be applied to subscriptions when delivering messages 1 Additionally, many pub/sub components have `retry` capabilities built-in. The policies are configured on a per component basis. For example, Kafka, RabbitMQ and Redis
  31. Dapr hosting environments • Get started with dapr init -k

    • Integrated Dapr control plane • Deploys dashboard, placement, operator, sentry, and injector pods • Automatically inject Dapr sidecar into all annotated pods • Upgrade with dapr upgrade or Helm • Get started with dapr init • Easy setup with Docker images • Sets up placement, Zipkin, Redis • slim-init available without Docker • Run any application with Dapr sidecar using dapr run • Slim mode does executable deployment (no Docker images) Self-hosted • Self-deploy Dapr control plane per machine • Deploy Hashicorp Consul per machine • Run any application with Dapr sidecar using dapr run • Dapr Installer Package allows for offline/remote deployments with no network connectivity Virtual/Physical Machines
  32. Dapr in self-hosted Docker mode Local dev machine or virtual

    machine Actor placement Placement Zipkin tracing Zipkin Redis state store Redis My App State Stores PubSub Brokers Secret Stores Bindings & Triggers Observability Dapr Components dapr run myapp Use components Launch application Launch sidecar process Set env variables Save and retrieve state Publish and subscribe to messages Create mapping table of actor instances to pods Send distributed tracing
  33. Actor Placement Placement Consul agent server (leader) Consul used for

    DNS name resolution Create mapping table of actor instances Cert authority & identity Sentry Assign Spiffe identity Manage mTLS between services Actor Placement Placement Consul agent server (follower) Cert authority & identity Sentry Actor Placement Placement Consul agent server (follower) Cert authority & identity Sentry State Stores PubSub Brokers Secret Stores Bindings & Triggers Observability Dapr Components Configuration VM 1 VM 2 VM 3 Service B Service A File store for certificates Cluster of VMs Dapr in self-hosted mode on VMs
  34. Dapr on Kubernetes Pod Actor partition placement Placement Pod Dapr

    runtime injector Injector Pod Cert authority and identity Sentry Pod Update component changes Operator Pod My App Kubelet Use components Inject Dapr sidecar into annotated pods Inject env variables Manage mTLS between services Assign spiffe identity Create mapping table of actor instances to pods Manage component updates Manage Kubernetes service endpoints Readiness and Liveness probe on healthz API to determine Dapr health state State Stores Pub/Sub Brokers Secret Stores Bindings & Triggers Observability Dapr Components Operator Deploys and manages Dapr Any cloud or edge infrastructure
  35. Questions? Get started at http://dapr.io Join the Discord community aka.ms/dapr-discord

    Join the community calls aka.ms/dapr-community Follow on Twitter @daprdev Contribute at github.com/dapr