AKS-Series 6 [Video]: Better Distributed Apps With Dapr by Radoslav Gatev

Transcript

1. Better Distributed
   Apps With Dapr
   Radoslav Gatev
   Microsoft Azure Zürich User Group
   May 2022
   

   View Slide

2. About me
   Solution Architect & Consultant
   Microsoft Azure MVP
   www.gatevnotes.com
   www.linkedin.com/in/radoslavgatev
   @RadoslavGatev
   

   View Slide

3. Wrote a book on
   the topic…
   

   View Slide

4. State of enterprise developers
   Must deploy scale-
   out apps for
   flexibility, cost, and
   efficiency
   Must develop resilient,
   scalable, microservice-
   based apps that
   interact with services
   Want to focus on
   building applications,
   not learning
   infrastructure
   Trending toward
   serverless platforms
   with simple code to
   cloud pipelines
   Use multiple
   languages and
   frameworks during
   development
   

   View Slide

5. Cart
   Microservices architecture
   E-commerce app
   Email Payment
   Inventory
   Checkout
   Frontend
   RCMD
   Internet
   State
   Management
   Queue
   Shipping
   

   View Slide

6. What is holding back microservice development?
   Limited tools and runtimes to
   build distributed applications
   Runtimes have limited
   language support and tightly
   controlled feature sets
   Runtimes only target specific
   infrastructure platforms with
   limited portability
   

   View Slide

7. Distributed Application
   Runtime
   Portable, event-driven, runtime for
   building distributed applications
   across cloud and edge
   dapr.io
   

   View Slide

8. 17.9k
   GitHub stars
   4k
   Discord
   members
   +1M
   Docker Hub
   monthly pulls
   1810
   Contributors
   97
   Community
   Components
   +10k
   Monthly Docs
   views
   

   View Slide

9. Dapr Goals
   

   View Slide

10. HTTP API gRPC API
    Microservices written in
    Any cloud or edge infrastructure
    Application code
    Any code or framework…
    Microservices written in
    Service-to-
    service
    invocation
    State
    management
    Publish
    and
    subscribe
    Resource
    bindings
    and triggers
    Actors Observability Secrets Configuration
    virtual or
    physical machines
    Dapr APIs
    

    View Slide

11. Sidecar model
    My App Dapr API
    POST http://localhost:3500/v1.0/invoke/cart/method/neworder
    GET http://localhost:3500/v1.0/state/inventory/item67
    POST http://localhost:3500/v1.0/publish/shipping/order
    GET http://localhost:3500/v1.0/secrets/vault/password42
    HTTP/gRPC
    Application
    Dapr sidecar
    

    View Slide

12. Dapr APIs
    Service A
    Observability
    Bindings
    & Triggers
    State
    Management
    Secret
    Management
    PubSub
    Messaging
    Virtual
    Actors
    Service
    Invocation
    Service B
    My App
    Configuration
    

    View Slide

13. Dapr components
    My App
    Observability
    Prometheus AppInsights Jaeger
    Zipkin
    Bindings
    & Triggers
    github.com/dapr/components-contrib
    State
    Stores
    Secret
    Stores
    PubSub
    Brokers
    

    View Slide

14. HashiCorp Vault
    RabbitMQ
    Redis
    On-prem
    Service 1
    Service 2
    Service 3
    Pluggable components
    

    View Slide

15. KMS
    SNS
    DynamoDB
    Service 1
    Service 2
    Service 3
    Pluggable components
    

    View Slide

16. Azure Key Vault
    Azure Service
    Bus
    Azure
    Cosmos DB
    Service 1
    Service 2
    Service 3
    Pluggable components
    

    View Slide

17. Dapr building blocks
    Secrets
    Securely access
    secrets from your
    application
    Observability
    See and measure
    the message calls
    across components
    and networked
    services
    Actors
    Encapsulate code
    and data in
    reusable actor
    objects as a
    common
    microservices
    design pattern
    Bindings
    (input/output)
    Trigger code through
    events from a large
    array of inputs
    Input and output
    bindings to external
    resources including
    databases and queues
    Publish
    and
    subscribe
    Secure, scalable
    messaging
    between services
    State
    management
    Create long
    running, stateless
    and stateful
    services
    Service-to-
    service
    invocation
    Perform direct,
    secure, service-to-
    service method
    calls
    Configuration
    Access application
    configuration and
    be notified of
    updates
    

    View Slide

18. Service invocation
    Order
    Processor
    Checkout
    DNS Name Resolution component for service discovery
    (mDNS, Kubernetes DNS, Hashicorp Consul)
    mTLS encryption
    POST
    http://localhost:3500/v1.0/invoke/orderprocessor/method/orders
    {"data":"order1"}
    POST
    http://10.0.0.2:3501/orders
    {"data":"order1"}
    Send order
    

    View Slide

19. Service invocation
    D E M O
    

    View Slide

20. key Field value
    myapp||order1 data "myorder"
    myapp||order1 version 1
    State management
    myapp
    POST
    http://localhost:3500/v1.0/state/orderstore
    [{
    "key": "order1",
    "value": "myorder"
    }]
    Redis Cache
    orderstore
    

    View Slide

21. key Field value
    myapp||order1 data "myorder"
    myapp||order1 version 1
    State management
    myapp Redis Cache
    orderstore
    GET
    http://localhost:3500/v1.0/state/orderstore/order1
    "myorder"
    

    View Slide

22. key Field value
    myapp||order1 data "myorder"
    myapp||order1 version 1
    State management
    myapp AWS DynamoDB
    orderstore
    GET
    http://localhost:3500/v1.0/state/orderstore/order1
    "myorder"
    

    View Slide

23. Dapr state API
    Save state
    POST /v1.0/state/orderstore
    Retrieve state
    GET /v1.0/state/orderstore/myorder1
    Delete state
    DELETE /v1.0/state/orderstore/myorder1
    Get bulk state
    POST /v1.0/state/orderstore/bulk
    Submit multiple state transactions
    POST /v1.0/state/corpdb/transaction
    corpdb-redis.yaml
    apiVersion: dapr.io/v1alpha1
    kind: Component
    metadata:
    name: orderstore
    spec:
    type: state.redis
    version: v1
    metadata:
    - name: redisHost
    value: redis-master.default.svc.cluster.local:6379
    - name: redisPassword
    secretKeyRef:
    name: redis-secret
    key: redis-password
    

    View Slide

24. Dapr state API
    corpdb-cosmosdb.yaml
    apiVersion: dapr.io/v1alpha1
    kind: Component
    metadata:
    name: orderstore
    spec:
    type: state.azure.cosmosdb
    version: v1
    metadata:
    - name: url
    value: corpdb.documents.azure.com
    - name: masterKey
    secretKeyRef:
    name: master-key
    key: cosmos-key
    - name: database
    value: orders
    - name: collection
    value: processed
    Save state
    POST /v1.0/state/orderstore
    Retrieve state
    GET /v1.0/state/orderstore/myorder1
    Delete state
    DELETE /v1.0/state/orderstore/myorder1
    Get bulk state
    POST /v1.0/state/orderstore/bulk
    Submit multiple state transactions
    POST /v1.0/state/corpdb/transaction
    

    View Slide

25. State management features
    • Choose strong consistency or eventual consistency
    • Optimistic concurrency control (OCC) using Etags. Enables the last-write-wins pattern, compared to
    the first-write-wins pattern when using ETags.
    • Transactions
    • Group requests of different types into a multi-operation, which is handled as an atomic transaction
    • Or bulk operations are not transactional, each operation in the request treated as a separate
    update
    • Shared state allowing single instance or multiple instances of applications to access state stores
    • State Time-to-Live (TTL)
    • Per statestore set request time-to-live (TTL). This means that applications can set time-to-live per
    state stored, and these states cannot be retrieved after expiration
    • State Encryption
    • Automatic client encryption of application state with support for key rotations
    

    View Slide

26. State management
    D E M O
    

    View Slide

27. View Slide

28. Publish and subscribe
    Service B
    My App Redis
    Cache
    Service A
    POST
    http://localhost:3500/v1.0/publish/order
    {"data":"MyOrder"}
    POST
    http://10.0.0.4:8000/factory/order
    {"data":"MyOrder"}
    POST
    http://10.0.0.2:8000/order
    {"data":"MyOrder"}
    

    View Slide

29. Publish and subscribe components
    Service B
    My App Redis
    Cache
    Service A
    NATS
    Azure
    Service
    Bus
    GCP
    Pub/
    Sub
    AWS
    SNS
    

    View Slide

30. Publish and subscribe
    D E M O
    

    View Slide

31. Input bindings
    My App
    Twitter
    POST
    http://10.0.0.2:8000/newtweet
    {"data":“📢 We are excited
    to announce the …"}
    

    View Slide

32. Dapr bindings API
    twitter.yaml
    apiVersion: dapr.io/v1alpha1
    kind: Component
    metadata:
    name: twitter
    spec:
    type: bindings.twitter
    version: v1
    metadata:
    - name: consumerKey
    secretKeyRef:
    name: twitter-secret
    key: consumerKey
    - name: consumerSecret
    secretKeyRef:
    name: twitter-secret
    key: consumerSecret
    - name: accessToken
    secretKeyRef:
    name: twitter-secret
    key: accessToken
    - name: accessSecret
    secretKeyRef:
    name: twitter-secret
    key: accessSecret
    App-to-sidecar
    Invoke an output binding
    POST/PUT /v1.0/bindings/twitter
    Sidecar-to-app
    Trigger an app
    OPTIONS/POST /new-tweet
    

    View Slide

33. Output bindings
    My App
    Twilio
    POST
    http://localhost:3500/v1.0/bindings/twilio
    {"data":”Send message"}
    Send
    Message
    

    View Slide

34. Secrets
    My App
    GET
    http://localhost:3500/v1.0/secrets/vault/mysecret
    "supersecret"
    HahsiCorp
    Vault
    key value
    mysecret "supersecret"
    

    View Slide

35. Dapr secrets API
    vault.yaml
    apiVersion: dapr.io/v1alpha1
    kind: Component
    metadata:
    name: vault
    spec:
    type: secretstores.hashicorp.vault
    metadata:
    - name: vaultAddr
    value: https://127.0.0.1:8200
    - name: caCert
    value: "ca_cert"
    - name: caPath
    value: "/certs/cert.pem"
    - name: caPem
    value: "/certs/ca.pem”
    App-to-sidecar
    Retrieve a secret
    GET /v1.0/secrets/vault/mysecret
    Retrieve secrets in bulk
    GET /v1.0/secrets/vault/bulk
    

    View Slide

36. Host/Pod
    Stateful, objects of
    storage and compute
    Dapr Actor features:
    Distribution and failover
    Turn-based concurrency
    State management
    Timers
    Reminders
    Host/Pod
    Video Game
    Enemy
    Virtually identical to Service Fabric Reliable Actors
    Virtual actors
    

    View Slide

37. Actor A
    Actor C
    My
    Actor
    Pod 1
    Actor B
    Actor F
    Actor E
    Actor G
    Virtual actors
    My App
    POST
    http://localhost:3500/v1.0/actors/MyActor/A/method/update
    {"speed":"1"}
    Dapr actor
    Placement service
    Placement
    Actor Z
    Actor X
    My
    Actor
    Pod 2
    Actor Y
    Actor U
    Actor V
    Actor T
    

    View Slide

38. Configuration
    My App
    GET
    http://localhost:3500/v1.0/configuration/store/appconfig1
    "setting A"
    key value
    appconfig1 ”setting A"
    Redis Cache
    

    View Slide

39. Observability
    OpenTelemetry collector Logging &
    tracing extensions
    My App Redis
    Cache
    Twitter
    Service B
    Service A
    

    View Slide

40. Observability: Distributed tracing
    Dapr distributed tracing features:
    Call graphs using Trace Ids and Trace scopes
    Capture call metrics
    Configurable sampling rates
    ZipKin and Open Telemetery protocols write
    to OpenTelemetry Collector
    Emit tracing data from calls to/from
    Dapr sidecars and system services for
    easy application-level instrumentation
    

    View Slide

41. Metrics
    Dapr Metrics features:
    Call latency
    CPU/memory usage
    Error rates
    Sidecar injection failures
    System health
    Built-in monitoring capabilities to
    understand the behavior of the
    Dapr sidecar and system services
    

    View Slide

42. State
    Management
    v2
    Publish &
    Subscribe
    Secret
    Management
    Input
    Binding
    Output
    Binding
    Service
    Invocation
    Get
    state
    Retrieve secret
    Publish
    Subscribe
    Trigger
    Call
    method
    Get
    config
    Application
    Configuration
    Resiliency
    resiliency
    resiliency
    resiliency
    resiliency
    resiliency
    resiliency
    resiliency
    

    View Slide

43. Resiliency
    • Resiliency patterns can be applied
    across Dapr APIs
    • Retries
    • Timeouts
    • Circuit breakers
    • Declarative and decoupled from
    application code
    • Available across all component types,
    service invocation and actors.
    

    View Slide

44. Order
    Processor
    Checkout
    1
    The built-in service invocation retries are
    always performed with a backoff interval
    of 1 second up to a threshold of 3 times
    1
    Additionally, service invocation
    resiliency polices for `retries`,
    `timeouts and `circuit breakers` can
    be applied
    Service invocation resiliency policies
    

    View Slide

45. Outbound component resiliency policies
    Checkout Outbound Component
    1
    Component resiliency polices for
    `retries`, `timeouts and `circuit breakers`
    can be applied to outbound component
    calls. For example, calls to persist state
    1
    Additionally, some components have `retry`
    capabilities built-in. The policies are
    configured on a per component basis.
    For example, Redis state store, RabbitMQ
    

    View Slide

46. Inbound component resiliency policies
    Checkout Inbound
    Cron Input
    Binding
    1
    Resiliency polices for `retries`, `timeouts
    and `circuit breakers` can be applied to
    inbound component calls. For example,
    pub/sub subscriptions and input bindings
    

    View Slide

47. Resiliency in Pub/Sub
    Order
    Processor
    Checkout
    Pub/sub queue
    Inbound
    Outbound
    1
    Outbound component
    resiliency policies for `retries`,
    `timeouts and `circuit breakers`
    can be applied to message
    publishing
    1
    Inbound component resiliency polices
    for `retries`, `timeouts and `circuit
    breakers` policies can be applied to
    subscriptions when delivering
    messages
    1
    Additionally, many pub/sub components
    have `retry` capabilities built-in. The policies
    are configured on a per component basis.
    For example, Kafka, RabbitMQ and Redis
    

    View Slide

48. Dapr hosting environments
    • Get started with dapr init -k
    • Integrated Dapr control plane
    • Deploys dashboard,
    placement, operator, sentry,
    and injector pods
    • Automatically inject Dapr
    sidecar into all annotated
    pods
    • Upgrade with dapr upgrade
    or Helm
    • Get started with dapr init
    • Easy setup with Docker
    images
    • Sets up placement, Zipkin,
    Redis
    • slim-init available without
    Docker
    • Run any application with
    Dapr sidecar using dapr
    run
    • Slim mode does executable
    deployment (no Docker
    images)
    Self-hosted
    • Self-deploy Dapr control
    plane per machine
    • Deploy Hashicorp Consul
    per machine
    • Run any application with
    Dapr sidecar using dapr
    run
    • Dapr Installer Package
    allows for offline/remote
    deployments with no
    network connectivity
    Virtual/Physical
    Machines
    

    View Slide

49. Dapr in self-hosted Docker mode
    Local dev machine or virtual machine
    Actor
    placement
    Placement
    Zipkin
    tracing
    Zipkin
    Redis
    state store
    Redis
    My App
    State Stores
    PubSub
    Brokers
    Secret Stores
    Bindings
    & Triggers
    Observability
    Dapr Components
    dapr run myapp
    Use components
    Launch application
    Launch sidecar process
    Set env variables
    Save and retrieve state
    Publish and subscribe to messages
    Create mapping table of
    actor instances to pods
    Send distributed tracing
    

    View Slide

50. Actor
    Placement
    Placement
    Consul agent
    server (leader) Consul used
    for DNS name
    resolution
    Create
    mapping
    table of actor
    instances
    Cert
    authority
    & identity
    Sentry
    Assign Spiffe
    identity
    Manage mTLS
    between
    services
    Actor
    Placement
    Placement
    Consul agent
    server (follower)
    Cert
    authority
    & identity
    Sentry
    Actor
    Placement
    Placement
    Consul agent
    server (follower)
    Cert
    authority
    & identity
    Sentry
    State Stores
    PubSub
    Brokers
    Secret Stores
    Bindings
    & Triggers
    Observability
    Dapr Components
    Configuration
    VM 1 VM 2 VM 3
    Service B
    Service A
    File store for
    certificates
    Cluster of VMs
    Dapr in self-hosted mode on VMs
    

    View Slide

51. Dapr on Kubernetes
    Pod
    Actor
    partition
    placement
    Placement
    Pod
    Dapr
    runtime
    injector
    Injector
    Pod
    Cert authority
    and identity Sentry
    Pod
    Update
    component
    changes Operator
    Pod
    My App
    Kubelet Use components
    Inject Dapr sidecar
    into annotated pods
    Inject env variables
    Manage mTLS
    between services
    Assign spiffe identity
    Create mapping table of
    actor instances to pods
    Manage component updates
    Manage Kubernetes
    service endpoints
    Readiness and Liveness
    probe on healthz API to
    determine Dapr health state
    State Stores
    Pub/Sub
    Brokers
    Secret Stores
    Bindings
    & Triggers
    Observability
    Dapr Components
    Operator
    Deploys and
    manages Dapr
    Any cloud or edge infrastructure
    

    View Slide

52. Questions?
    Get started at http://dapr.io
    Join the Discord community aka.ms/dapr-discord
    Join the community calls aka.ms/dapr-community
    Follow on Twitter @daprdev
    Contribute at github.com/dapr
    

    View Slide

53. View Slide