Quickstart: Deploy an application using the Dapr cluster extension for Azure Kubernetes Service (AKS) or Arc-enabled Kubernetes

In this quickstart, you use the Dapr cluster extension in an AKS or Arc-enabled Kubernetes cluster. You deploy a hello world example, which consists of a Python application that generates messages and a Node.js application that consumes and persists the messages.

Prerequisites

• An Azure subscription. If you don't have an Azure subscription, you can create a free account.
• Azure CLI or Azure PowerShell installed.
• An AKS Cluster with:
  • Workload identity enabled
  • Managed identity created in the same subscription
  • A Kubernetes service account
  • Federated identity credential
  • Dapr cluster extension installed on the AKS cluster
• kubectl installed locally.

Clone the repository

1. Clone the Dapr quickstarts repository using the git clone command.

   Bash

   git clone https://github.com/Azure-Samples/dapr-aks-extension-quickstart.git
   

2. Change to the dapr-aks-extension-quickstart directory.

Create and configure a Redis store

Open the Azure portal to start the Azure Cache for Redis creation flow.

1. Fill out the recommended information according to the "Create an open-source Redis cache" quickstart instructions.
2. Select Create to start the Redis instance deployment.

Verify resource information

1. Once the Redis resource is deployed, navigate to its overview page.
2. Take note of:
   • The hostname, found in the Essentials section of the cache overview page. The hostname format looks similar to: xxxxxx.redis.cache.windows.net.
   • The SSL port, found in the cache's Advanced Settings blade. The default value is 6380.
3. Navigate to the Authentication blade and verify Microsoft Entra Authentication is enabled on your resource.

Add managed identity

1. In the Authentication blade, type the name of the Managed Identity you created as a prerequisite in the field under Enable Microsoft Entra Authentication checkbox.

   

2. Verify your managed identity is added as a Redis User assigned Data Owner Access Policy permissions.

Enable public network access

For this scenario, your Redis cache uses public network access. Be sure to clean up resources when you're finished with this quickstart.

1. Navigate to the Private Endpoint blade.
2. Click Enable public network access from the top menu.

Configure the Dapr components

In redis.yaml, the component is configured to use Entra ID Authentication using workload identity enabled for AKS cluster. No access keys are required.

yml

- name: useEntraID
  value: "true"
- name: enableTLS
  value: true

1. In your preferred code editor, navigate to the deploy directory in the sample and open redis.yaml.

2. For redisHost, replace the placeholder <REDIS_HOST>:<REDIS_PORT> value with the Redis cache hostname and SSL port you saved earlier from Azure portal.

   yml

   - name: redisHost
   value: <your-cache-name>.redis.cache.windows.net:6380
   

Apply the configuration

1. Apply the redis.yaml file using the kubectl apply command.

   Bash

   kubectl apply -f ./deploy/redis.yaml
   

2. Verify your state store was successfully configured using the kubectl get components.redis command.

   Bash

   kubectl get components.redis -o yaml
   

   Expected output

   Output

   component.dapr.io/statestore created
   

Deploy the Node.js app with the Dapr sidecar

Configure the Node.js app

In node.yaml, the pod spec has the label added to use workload identity,:

YAML

labels:
  app: node
  azure.workload.identity/use: "true"

1. Navigate to the deploy directory and open node.yaml.

2. Replace the placeholder <SERVICE_ACCOUNT_NAME> value for serviceAccountName with the service account name you created.

   • This value should be the same service account you used to create the federated identity credential.

Apply the configuration

1. Apply the Node.js app deployment to your cluster using the kubectl apply command.

   Bash

   kubectl apply -f ./deploy/node.yaml
   

2. Kubernetes deployments are asynchronous, so before moving on to the next steps, verify the deployment is complete with the following command:

   Bash

   kubectl rollout status deploy/nodeapp
   

3. Access your service using the kubectl get svc command.

   Bash

   kubectl get svc nodeapp
   

4. Make note of the EXTERNAL-IP in the output.

Verify the Node.js service

1. Using curl, call the service with your EXTERNAL-IP.

   Bash

   curl $EXTERNAL_IP/ports
   

   Example output

   Output

   {"DAPR_HTTP_PORT":"3500","DAPR_GRPC_PORT":"50001"}
   

2. Submit an order to the application.

   Bash

   curl --request POST --data "@sample.json" --header Content-Type:application/json $EXTERNAL_IP/neworder
   

3. Confirm the order.

   Bash

   curl $EXTERNAL_IP/order
   

   Expected output

   Output

   { "orderId": "42" }
   

Deploy the Python app with the Dapr sidecar

Configure the Python app

In python.yaml, the pod spec has the label added to use workload identity,:

YAML

labels:
  app: node
  azure.workload.identity/use: "true"

1. Navigate to the deploy directory and open python.yaml.

2. Replace the placeholder <SERVICE_ACCOUNT_NAME> value for serviceAccountName with the service account name you created.

   • This value should be the same service account you used to create the federated identity credential.

Apply the configuration

1. Deploy the Python app to your Kubernetes cluster using the kubectl apply command.

   Bash

   kubectl apply -f ./deploy/python.yaml
   

2. Kubernetes deployments are asynchronous, so before moving on to the next steps, verify the deployment is complete with the following command:

   Bash

   kubectl rollout status deploy/pythonapp
   

Observe messages and confirm persistence

Now that both the Node.js and Python applications are deployed, you can watch messages come through.

1. Get the logs of the Node.js app using the kubectl logs command.

   Bash

   kubectl logs --selector=app=node -c node --tail=-1
   

   Expected output

   Output

   Got a new order! Order ID: 1
   Successfully persisted state
   Got a new order! Order ID: 2
   Successfully persisted state
   Got a new order! Order ID: 3
   Successfully persisted state
   

2. Using curl, call the Node.js app's order endpoint to get the latest order.

   Bash

   curl $EXTERNAL_IP/order
   

   You should see the latest JSON output in the response.

Clean up resources

If you no longer plan to use the resources from this quickstart, you can delete all associated resources by removing the resource group.

Azure CLI

Remove the resource group, cluster, namespace, and all related resources using the az group delete command.

Azure CLI

az group delete --name MyResourceGroup

Azure PowerShell

Remove the resource group, cluster, namespace, and all related resources using the Remove-AzResourceGroup command.

Azure PowerShell

Remove-AzResourceGroup -Name MyResourceGroup

Next steps

Learn how to create the Dapr extension