Skip to content

Commit

Permalink
Merge branch 'k8s-multi-app-run' of https://github.com/mukundansundar…
Browse files Browse the repository at this point in the history
…/docs into mukundan-k8s-multi-app-run
  • Loading branch information
hhunter-ms committed Sep 20, 2023
2 parents c533e13 + 5255225 commit 979bae2
Show file tree
Hide file tree
Showing 29 changed files with 800 additions and 559 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,7 @@ Below are the supported parameters for VS Code tasks. These parameters are equiv
| `appProtocol` | Tells Dapr which protocol your application is using. Valid options are `http`, `grpc`, `https`, `grpcs`, `h2c`. Default is `http`. | No | `"appProtocol": "http"`
| `args` | Sets a list of arguments to pass on to the Dapr app | No | "args": []
| `componentsPath` | Path for components directory. If empty, components will not be loaded. | No | `"componentsPath": "./components"`
| `config` | Tells Dapr which Configuration CRD to use | No | `"config": "./config"`
| `config` | Tells Dapr which Configuration resource to use | No | `"config": "./config"`
| `controlPlaneAddress` | Address for a Dapr control plane | No | `"controlPlaneAddress": "http://localhost:1366/"`
| `enableProfiling` | Enable profiling | No | `"enableProfiling": false`
| `enableMtls` | Enables automatic mTLS for daprd to daprd communication channels | No | `"enableMtls": false`
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,13 @@ A Dapr sidecar can also apply a configuration by using a `--config` flag to the

#### Kubernetes sidecar

In Kubernetes mode the Dapr configuration is a Configuration CRD, that is applied to the cluster. For example:
In Kubernetes mode the Dapr configuration is a Configuration resource, that is applied to the cluster. For example:

```bash
kubectl apply -f myappconfig.yaml
```

You can use the Dapr CLI to list the Configuration CRDs
You can use the Dapr CLI to list the Configuration resources

```bash
dapr configurations -k
Expand Down Expand Up @@ -269,11 +269,11 @@ spec:
action: allow
```

## Control-plane configuration
## Control plane configuration

There is a single configuration file called `daprsystem` installed with the Dapr control plane system services that applies global settings. This is only set up when Dapr is deployed to Kubernetes.

### Control-plane configuration settings
### Control plane configuration settings

A Dapr control plane configuration contains the following sections:

Expand Down
4 changes: 2 additions & 2 deletions daprdocs/content/en/operations/configuration/secret-scope.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,12 @@ type: docs
title: "How-To: Limit the secrets that can be read from secret stores"
linkTitle: "Limit secret store access"
weight: 3000
description: "To limit the secrets to which the Dapr application has access, users can define secret scopes by augmenting existing configuration CRD with restrictive permissions."
description: "To limit the secrets to which the Dapr application has access, users can define secret scopes by augmenting existing configuration resource with restrictive permissions."
---

In addition to scoping which applications can access a given component, for example a secret store component (see [Scoping components]({{< ref "component-scopes.md">}})), a named secret store component itself can be scoped to one or more secrets for an application. By defining `allowedSecrets` and/or `deniedSecrets` list, applications can be restricted to access only specific secrets.

Follow [these instructions]({{< ref "configuration-overview.md" >}}) to define a configuration CRD.
Follow [these instructions]({{< ref "configuration-overview.md" >}}) to define a configuration resource.

## Configure secrets access

Expand Down
Original file line number Diff line number Diff line change
@@ -1,56 +1,63 @@
---
type: docs
title: "Setup an Azure Kubernetes Service (AKS) cluster"
title: "Set up an Azure Kubernetes Service (AKS) cluster"
linkTitle: "Azure Kubernetes Service (AKS)"
weight: 2000
description: >
How to setup Dapr on an Azure Kubernetes Cluster.
Learn how to set up an Azure Kubernetes Cluster
---

# Set up an Azure Kubernetes Service cluster
This guide walks you through installing an Azure Kubernetes Service (AKS) cluster. If you need more information, refer to [Quickstart: Deploy an AKS cluster using the Azure CLI](https://docs.microsoft.com/azure/aks/kubernetes-walkthrough)

## Prerequisites

- [Docker](https://docs.docker.com/install/)
- [kubectl](https://kubernetes.io/docs/tasks/tools/)
- [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli?view=azure-cli-latest)
- Install:
- [Docker](https://docs.docker.com/install/)
- [kubectl](https://kubernetes.io/docs/tasks/tools/)
- [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli)

## Deploy an Azure Kubernetes Service cluster
## Deploy an AKS cluster

This guide walks you through installing an Azure Kubernetes Service cluster. If you need more information, refer to [Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster using the Azure CLI](https://docs.microsoft.com/azure/aks/kubernetes-walkthrough)
1. In the terminal, log into Azure.

1. Login to Azure
```bash
az login
```

```bash
az login
```
1. Set your default subscription:

2. Set the default subscription
```bash
az account set -s [your_subscription_id]
```

```bash
az account set -s [your_subscription_id]
```
1. Create a resource group.

3. Create a resource group
```bash
az group create --name [your_resource_group] --location [region]
```

```bash
az group create --name [your_resource_group] --location [region]
```
1. Create an AKS cluster. To use a specific version of Kubernetes, use `--kubernetes-version` (1.13.x or newer version required).

4. Create an Azure Kubernetes Service cluster
```bash
az aks create --resource-group [your_resource_group] --name [your_aks_cluster_name] --node-count 2 --enable-addons http_application_routing --generate-ssh-keys
```

> **Note:** To use a specific version of Kubernetes use `--kubernetes-version` (1.13.x or newer version required)
1. Get the access credentials for the AKS cluster.

```bash
az aks create --resource-group [your_resource_group] --name [your_aks_cluster_name] --node-count 2 --enable-addons http_application_routing --generate-ssh-keys
```
```bash
az aks get-credentials -n [your_aks_cluster_name] -g [your_resource_group]
```

5. Get the access credentials for the Azure Kubernetes cluster
## AKS Edge Essentials
To create a single-machine K8s/K3s Linux-only cluster using Azure Kubernetes Service (AKS) Edge Essentials, you can follow the quickstart guide available at [AKS Edge Essentials quickstart guide](https://learn.microsoft.com/azure/aks/hybrid/aks-edge-quickstart).

```bash
az aks get-credentials -n [your_aks_cluster_name] -g [your_resource_group]
```
{{% alert title="Note" color="primary" %}}
AKS Edge Essentials does not come with a default storage class, which may cause issues when deploying Dapr. To avoid this, make sure to enable the **local-path-provisioner** storage class on the cluster before deploying Dapr. If you need more information, refer to [Local Path Provisioner on AKS EE](https://learn.microsoft.com/azure/aks/hybrid/aks-edge-howto-use-storage-local-path).
{{% /alert %}}

## Next steps
## Related links

{{< button text="Install Dapr using the AKS Dapr extension >>" page="azure-kubernetes-service-extension" >}}
- Learn more about [the Dapr extension for AKS]({{< ref azure-kubernetes-service-extension >}})
- [Install the Dapr extension for AKS](https://learn.microsoft.com/azure/aks/dapr)
- [Configure the Dapr extension for AKS](https://learn.microsoft.com/azure/aks/dapr-settings)
- [Deploy and run workflows with the Dapr extension for AKS](https://learn.microsoft.com/azure/aks/dapr-workflow)
Original file line number Diff line number Diff line change
@@ -1,55 +1,86 @@
---
type: docs
title: "Setup a Google Kubernetes Engine (GKE) cluster"
title: "Set up a Google Kubernetes Engine (GKE) cluster"
linkTitle: "Google Kubernetes Engine (GKE)"
weight: 3000
description: "Setup a Google Kubernetes Engine cluster"
description: "Set up a Google Kubernetes Engine cluster"
---

### Prerequisites

- [kubectl](https://kubernetes.io/docs/tasks/tools/)
- [Google Cloud SDK](https://cloud.google.com/sdk)
- Install:
- [kubectl](https://kubernetes.io/docs/tasks/tools/)
- [Google Cloud SDK](https://cloud.google.com/sdk)

## Create a new cluster

Create a GKE cluster by running the following:

```bash
$ gcloud services enable container.googleapis.com && \
gcloud container clusters create $CLUSTER_NAME \
--zone $ZONE \
--project $PROJECT_ID
```
For more options refer to the [Google Cloud SDK docs](https://cloud.google.com/sdk/gcloud/reference/container/clusters/create), or instead create a cluster through the [Cloud Console](https://console.cloud.google.com/kubernetes) for a more interactive experience.
For more options:
- Refer to the [Google Cloud SDK docs](https://cloud.google.com/sdk/gcloud/reference/container/clusters/create).
- Create a cluster through the [Cloud Console](https://console.cloud.google.com/kubernetes) for a more interactive experience.

## Sidecar injection for private GKE clusters

_**Sidecar injection for private clusters requires extra steps.**_

{{% alert title="For private GKE clusters" color="warning" %}}
Sidecar injection will not work for private clusters without extra steps. An automatically created firewall rule for master access does not open port 4000. This is needed for Dapr sidecar injection.
In private GKE clusters, an automatically created firewall rule for master access doesn't open port 4000, which Dapr needs for sidecar injection.

Review the relevant firewall rule:

To review the relevant firewall rule:
```bash
$ gcloud compute firewall-rules list --filter="name~gke-${CLUSTER_NAME}-[0-9a-z]*-master"
```

To replace the existing rule and allow kubernetes master access to port 4000:
Replace the existing rule and allow Kubernetes master access to port 4000:

```bash
$ gcloud compute firewall-rules update <firewall-rule-name> --allow tcp:10250,tcp:443,tcp:4000
```
{{% /alert %}}

## Retrieve your credentials for `kubectl`

Run the following command to retrieve your credentials:

```bash
$ gcloud container clusters get-credentials $CLUSTER_NAME \
--zone $ZONE \
--project $PROJECT_ID
```

## (optional) Install Helm v3
## Install Helm v3 (optional)

1. [Install Helm v3 client](https://helm.sh/docs/intro/install/)
If you are using Helm, install the [Helm v3 client](https://helm.sh/docs/intro/install/).

> **Note:** The latest Dapr helm chart no longer supports Helm v2. Please migrate from helm v2 to helm v3 by following [this guide](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/).
{{% alert title="Important" color="warning" %}}
The latest Dapr Helm chart no longer supports Helm v2. [Migrate from Helm v2 to Helm v3](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/).
{{% /alert %}}

## Troubleshooting

2. In case you need permissions the kubernetes dashboard (i.e. configmaps is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list configmaps in the namespace "default", etc.) execute this command
### Kubernetes dashboard permissions

Let's say you receive an error message similar to the following:

```
configmaps is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list configmaps in the namespace "default"
```

Execute this command:

```bash
kubectl create clusterrolebinding kubernetes-dashboard -n kube-system --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard
```

## Related links
- [Learn more about GKE clusters](https://cloud.google.com/kubernetes-engine/docs)
- [Try out a Dapr quickstart]({{< ref quickstarts.md >}})
- Learn how to [deploy Dapr on your cluster]({{< ref kubernetes-deploy.md >}})
- [Upgrade Dapr on Kubernetes]({{< ref kubernetes-upgrade.md >}})
- [Kubernetes production guidelines]({{< ref kubernetes-production.md >}})
Loading

0 comments on commit 979bae2

Please sign in to comment.