| title | description | author | ms.author | ms.subservice | ms.topic | ms.custom | ms.date | ms.service |
|---|---|---|---|---|---|---|---|---|
Deploy Dapr pluggable components | Deploy Dapr and the MQTT broker pluggable components to a cluster. | PatAltimore | patricka | azure-mqtt-broker | how-to | 10/22/2024 | azure-iot-operations |
The Distributed Application Runtime (Dapr) is a portable, serverless, event-driven runtime that simplifies the process of building distributed applications. Dapr lets you build stateful or stateless apps without worrying about how the building blocks function. Dapr provides several building blocks: pub/sub, state management, service invocation, actors, and more.
Azure IoT Operations supports two of these building blocks, powered by MQTT broker:
- Publish and subscribe
- State management
To use the Dapr pluggable components, define the component spec for each of the APIs and then register with the cluster. The Dapr components listen to a Unix domain socket placed on the shared volume. The Dapr runtime connects with each socket and discovers all services from a given building block API that the component implements.
To install the Dapr runtime, use the following Helm command:
Note
If you completed the provided Azure IoT Operations quickstart, you already installed the Dapr runtime and the following steps are not required.
helm repo add dapr https://dapr.github.io/helm-charts/ helm repo update helm upgrade --install dapr dapr/dapr --version=1.14 --namespace dapr-system --create-namespace --waitTo register the pub/sub and state management pluggable components, create the component manifest yaml, and apply it to your cluster.
To create the yaml file, use the following component definitions:
[!div class="mx-tdBreakAll"]
Component Description metadata:nameThe component name is important and is how a Dapr application references the component. metadata:annotations:dapr.io/component-containerComponent annotations used by Dapr sidecar injector, defining the image location, volume mounts and logging configuration spec:typeThe type of the component, which needs to be declared exactly as shown spec:metadata:keyPrefixDefines the key prefix used when communicating to the statestore backend. See more information, see Dapr documentation for more information spec:metadata:hostnameThe MQTT broker hostname. Default is aio-brokerspec:metadata:tcpPortThe MQTT broker port number. Default is 18883spec:metadata:useTlsDefine if TLS is used by the MQTT broker. Default is truespec:metadata:caFileThe certificate chain path for validating the MQTT broker. Required if useTlsistrue. This file must be mounted in the pod with the specified volume namespec:metadata:satAuthFileThe Service Account Token (SAT) file is used to authenticate the Dapr components with the MQTT broker. This file must be mounted in the pod with the specified volume name
Save the following yaml, which contains the Azure IoT Operations component definitions, to a file named
components.yaml:apiVersion: dapr.io/v1alpha1kind: Componentmetadata: name: iotoperations-pubsubnamespace: azure-iot-operationsannotations: dapr.io/component-container: > { "name": "iot-operations-dapr-components", "image": "ghcr.io/azure/iot-operations-dapr-components:latest", "volumeMounts": [ { "name": "mqtt-client-token", "mountPath": "/var/run/secrets/tokens" }, { "name": "aio-ca-trust-bundle", "mountPath": "/var/run/certs/aio-internal-ca-cert" } ], "env": [ { "name": "pubSubLogLevel", "value": "Information" }, { "name": "stateStoreLogLevel", "value": "Information" }, { "name": "defaultLogLevel", "value": "Warning" } ] }spec: type: pubsub.azure.iotoperationsversion: v1metadata: - name: hostnamevalue: aio-broker - name: tcpPortvalue: 18883 - name: useTlsvalue: true - name: caFilevalue: /var/run/certs/aio-internal-ca-cert/ca.crt - name: satAuthFilevalue: /var/run/secrets/tokens/mqtt-client-token --- apiVersion: dapr.io/v1alpha1kind: Componentmetadata: name: iotoperations-statestorenamespace: azure-iot-operationsspec: type: state.azure.iotoperationsversion: v1metadata: - name: hostnamevalue: aio-broker - name: tcpPortvalue: 18883 - name: useTlsvalue: true - name: caFilevalue: /var/run/certs/aio-internal-ca-cert/ca.crt - name: satAuthFilevalue: /var/run/secrets/tokens/mqtt-client-token
Apply the Component to your cluster by running the following command:
kubectl apply -f components.yaml
Verify the following output:
component.dapr.io/iotoperations-pubsub created component.dapr.io/iotoperations-statestore created
To configure authorization policies to MQTT broker, first you create a BrokerAuthorization resource.
Note
If Broker Authorization is not enabled on this cluster, you can skip this section as the applications will have access to all MQTT topics, including those needed to access the MQTT broker State Store.
Save the following yaml, which contains a BrokerAuthorization definition, to a file named
aio-dapr-authz.yaml:apiVersion: mqttbroker.iotoperations.azure.com/v1kind: BrokerAuthorizationmetadata: name: my-dapr-authz-policiesnamespace: azure-iot-operationsspec: listenerRef: - my-listener # change to match your listener name as neededauthorizationPolicies: enableCache: falserules: - principals: attributes: - group: dapr-workload # match to the attribute annotated to the service accountbrokerResources: - method: Connect - method: Publishtopics: - "$services/statestore/#" - method: Subscribetopics: - "clients/{principal.clientId}/services/statestore/#"
Apply the BrokerAuthorization definition to the cluster:
kubectl apply -f aio-dapr-authz.yaml
Now that the Dapr components are deployed to the cluster, you can Use Dapr to develop distributed applications.
