| title | description | author | ms.author | ms.service | ms.topic | ms.date | ms.custom |
|---|---|---|---|---|---|---|---|
Dapr extension for Azure Kubernetes Service (AKS) and Arc-enabled Kubernetes |
Install and configure Dapr on your Azure Kubernetes Service (AKS) and Arc-enabled Kubernetes clusters using the Dapr cluster extension. |
greenie-msft |
nigreenf |
container-service |
article |
05/16/2022 |
devx-track-azurecli, ignite-fall-2021, event-tier1-build-2022 |
Dapr is a portable, event-driven runtime that makes it easy for any developer to build resilient, stateless and stateful applications that run on the cloud and edge and embraces the diversity of languages and developer frameworks. Leveraging the benefits of a sidecar architecture, Dapr helps you tackle the challenges that come with building microservices and keeps your code platform agnostic. In particular, it helps with solving problems around services calling other services reliably and securely, building event-driven apps with pub-sub, and building applications that are portable across multiple cloud services and hosts (e.g., Kubernetes vs. a VM).
By using the Dapr extension to provision Dapr on your AKS or Arc-enabled Kubernetes cluster, you eliminate the overhead of downloading Dapr tooling and manually installing and managing the runtime on your AKS cluster. Additionally, the extension offers support for all native Dapr configuration capabilities through simple command-line arguments.
Note
If you plan on installing Dapr in a Kubernetes production environment, please see the Dapr guidelines for production usage documentation page.
The Dapr extension uses the Azure CLI to provision the Dapr control plane on your AKS or Arc-enabled Kubernetes cluster. This will create:
- dapr-operator: Manages component updates and Kubernetes services endpoints for Dapr (state stores, pub/subs, etc.)
- dapr-sidecar-injector: Injects Dapr into annotated deployment pods and adds the environment variables
DAPR_HTTP_PORTandDAPR_GRPC_PORTto enable user-defined applications to easily communicate with Dapr without hard-coding Dapr port values. - dapr-placement: Used for actors only. Creates mapping tables that map actor instances to pods
- dapr-sentry: Manages mTLS between services and acts as a certificate authority. For more information read the security overview.
Once Dapr is installed on your cluster, you can begin to develop using the Dapr building block APIs by adding a few annotations to your deployments. For a more in-depth overview of the building block APIs and how to best use them, please see the Dapr building blocks overview.
Warning
If you install Dapr through the AKS or Arc-enabled Kubernetes extension, our recommendation is to continue using the extension for future management of Dapr instead of the Dapr CLI. Combining the two tools can cause conflicts and result in undesired behavior.
The Dapr extension support varies depending on how you manage the runtime.
Self-managed
For self-managed runtime, the Dapr extension supports:
- The latest version of Dapr and 1 previous version (N-1)
- Upgrading minor version incrementally (for example, 1.5 -> 1.6 -> 1.7)
Self-managed runtime requires manual upgrade to remain in the support window. To upgrade Dapr via the extension, follow the Update extension instance instructions.
Auto-upgrade
Enabling auto-upgrade keeps your Dapr extension updated to the latest minor version. You may experience breaking changes between updates.
Azure + open source components are supported. Alpha and beta components are supported via best effort.
Global Azure cloud is supported with Arc support on the regions listed by Azure Products by Region.
- If you don't have an Azure subscription, create a free account before you begin.
- Install the latest version of the Azure CLI.
- If you don't have one already, you need to create an AKS cluster or connect an Arc-enabled Kubernetes cluster.
You will need the k8s-extension Azure CLI extension. Install this by running the following commands:
az extension add --name k8s-extension
If the k8s-extension extension is already installed, you can update it to the latest version using the following command:
az extension update --name k8s-extension
When installing the Dapr extension, use the flag value that corresponds to your cluster type:
- AKS cluster:
--cluster-type managedClusters. - Arc-enabled Kubernetes cluster:
--cluster-type connectedClusters.
Create the Dapr extension, which installs Dapr on your AKS or Arc-enabled Kubernetes cluster. For example, for an AKS cluster:
az k8s-extension create --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name myDaprExtension \
--extension-type Microsoft.Dapr
You have the option of allowing Dapr to auto-update its minor version by specifying the --auto-upgrade-minor-version parameter and setting the value to true:
--auto-upgrade-minor-version true
The extension enables you to set Dapr configuration options by using the --configuration-settings parameter. For example, to provision Dapr with high availability (HA) enabled, set the global.ha.enabled parameter to true:
az k8s-extension create --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name myDaprExtension \
--extension-type Microsoft.Dapr \
--auto-upgrade-minor-version true \
--configuration-settings "global.ha.enabled=true" \
--configuration-settings "dapr_operator.replicaCount=2"
Note
If configuration settings are sensitive and need to be protected, for example cert related information, pass the --configuration-protected-settings parameter and the value will be protected from being read.
If no configuration-settings are passed, the Dapr configuration defaults to:
ha:
enabled: true
replicaCount: 3
disruption:
minimumAvailable: ""
maximumUnavailable: "25%"
prometheus:
enabled: true
port: 9090
mtls:
enabled: true
workloadCertTTL: 24h
allowedClockSkew: 15mFor a list of available options, please see Dapr configuration.
Note
Dapr is supported with a rolling window, including only the current and previous versions. It is your operational responsibility to remain up to date with these supported versions. If you have an older version of Dapr, you may have to do intermediate upgrades to get to a supported version.
The same command-line argument is used for installing a specific version of Dapr or rolling back to a previous version. Set --auto-upgrade-minor-version to false and --version to the version of Dapr you wish to install. If the version parameter is omitted, the extension will install the latest version of Dapr. For example, to use Dapr X.X.X:
az k8s-extension create --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name myDaprExtension \
--extension-type Microsoft.Dapr \
--auto-upgrade-minor-version false \
--version X.X.X
In some configurations you may only want to run Dapr on certain nodes. This can be accomplished by passing a nodeSelector in the extension configuration. Note that if the desired nodeSelector contains ., you must escape them from the shell and the extension. For example, the following configuration will install Dapr to only nodes with kubernetes.io/os=linux:
az k8s-extension create --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name myDaprExtension \
--extension-type Microsoft.Dapr \
--auto-upgrade-minor-version true \
--configuration-settings "global.ha.enabled=true" \
--configuration-settings "dapr_operator.replicaCount=2" \
--configuration-settings "global.nodeSelector.kubernetes\.io/os=linux"
Use the az k8s-extension show command to show the current Dapr configuration settings:
az k8s-extension show --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name myDaprExtension
Important
Some configuration options cannot be modified post-creation. Adjustments to these options require deletion and recreation of the extension. This is applicable to the following settings:
global.ha.*dapr_placement.*
Note
High availability (HA) can be enabled at any time. However, once enabled, disabling it requires deletion and recreation of the extension. If you aren't sure if high availability is necessary for your use case, we recommend starting with it disabled to minimize disruption.
To update your Dapr configuration settings, simply recreate the extension with the desired state. For example, assume we have previously created and installed the extension using the following configuration:
az k8s-extension create --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name myDaprExtension \
--extension-type Microsoft.Dapr \
--auto-upgrade-minor-version true \
--configuration-settings "global.ha.enabled=true" \
--configuration-settings "dapr_operator.replicaCount=2"
To update the dapr_operator.replicaCount from 2 to 3, use the following:
az k8s-extension create --cluster-type managedClusters \
--cluster-name myAKSCluster \
--resource-group myResourceGroup \
--name myDaprExtension \
--extension-type Microsoft.Dapr \
--auto-upgrade-minor-version true \
--configuration-settings "global.ha.enabled=true" \
--configuration-settings "dapr_operator.replicaCount=3"
If the extension fails to create or update, you can inspect where the creation of the extension failed by running the az k8s-extension list command. For example, if a wrong key is used in the configuration-settings, such as global.ha=false instead of global.ha.enabled=false:
az k8s-extension list --cluster-type managedClusters --cluster-name myAKSCluster --resource-group myResourceGroup
The below JSON is returned, and the error message is captured in the message property.
"statuses": [
{
"code": "InstallationFailed",
"displayStatus": null,
"level": null,
"message": "Error: {failed to install chart from path [] for release [dapr-1]: err [template: dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_poddisruptionbudget.yaml:1:17: executing \"dapr/charts/dapr_sidecar_injector/templates/dapr_sidecar_injector_poddisruptionbudget.yaml\" at <.Values.global.ha.enabled>: can't evaluate field enabled in type interface {}]} occurred while doing the operation : {Installing the extension} on the config",
"time": null
}
],Troubleshoot Dapr errors via the common Dapr issues and solutions guide.
If you need to delete the extension and remove Dapr from your AKS cluster, you can use the following command:
az k8s-extension delete --resource-group myResourceGroup --cluster-name myAKSCluster --cluster-type managedClusters --name myDaprExtension
- Once you have successfully provisioned Dapr in your AKS cluster, try deploying a sample application.