Microsoft's most useful open-source project for Kubernetes, Dapr hits the 1.0 primetime
API now stable, more on the way
Microsoft has released version 1.0 of its Distributed Application Runtime (Dapr), aimed at providing building blocks to simplify application development for Kubernetes.
Dapr is one of several Microsoft-sponsored open-source projects around Kubernetes, and perhaps the most immediately useful. Others include Open Service Mesh (OSM), which uses Envoy (like Istio) but is lighter weight (like Linkerd); and KEDA, in association with Red Hat, which supports serverless, event-driven containers on Kubernetes. Dapr was first announced in October 2019 and has been developed on GitHub.
The purpose of Dapr is to provide services, accessed via HTTP or gRPC, that can be called from any application, and meet some common requirements that can otherwise be tricky to implement. Specifically, Dapr provides:
- Service-to-service invocation
- State management: save and retrieve key/value pairs from a variety of stores such as Redis, CosmosDB, SQL Server or PostgreSQL
- Publish and subscribe
- Resource binding: Send, receive, and respond to events
- Virtual actors: Use actor pattern for stateless and stateful objects
- Distributed tracing: Uses W3C Trace Context standard to feed events to tracing and monitoring systems
- Secrets management: Safe storage and retrieval of credentials
The company said that "Dapr is now running in several production and pre-production environments" and that security features have been added over the period since first preview. There are now nearly 700 contributors including HashiCorp and Alibaba. There is a technical steering committee and the company intends "to have Dapr join an open software foundation in the near future."
The 1.0 release is significant as it means that the API has been declared stable and that future changes will go through a versioning mechanism. Breaking changes are possible but "will be indicated several releases ahead," Microsoft promised.
On the security side, Dapr now uses x.509 certificates, automatically renewed and rolled over, to prevent man-in-the-middle attacks, and provides access control lists using the spiffe framework.
There are plans for additional APIs including ones for application configuration data, creating singleton object instances, routing messages based on URLs, and resiliency APIs for things like circuit breakers and timeouts. ®