From c1cbedb268677da8593ec85a37be704ff6a39394 Mon Sep 17 00:00:00 2001 From: Tiago Alves Macambira Date: Tue, 19 Sep 2023 15:32:30 -0700 Subject: [PATCH] Update AKS Bicep to use Redis instead of CosmosDB. (#190) We are facing some issues using actor with a cosmosDB state store. This issue might be related to dapr/dapr#6339. We are moving the setup to use Redis instead of CosmosDB as our state store. This matches our current longhaul setup. While this might seem in contradiction with dapr/components-contrib#2071 and dapr/cli#1328, unblocking this issue will allow for easier and predictable reproductions of our longhaul setup. We might revisit the use of CosmosDB as a state store in the future. Signed-off-by: Tiago Alves Macambira --- ...onent.bicep => statestore-component.bicep} | 30 ++--- ... => storage-queue-binding-component.bicep} | 0 deploy/aks/main.bicep | 43 +++++--- deploy/aks/services/redis.bicep | 103 ++++++++++++++++++ 4 files changed, 145 insertions(+), 31 deletions(-) rename deploy/aks/daprComponents/{cosmos-component.bicep => statestore-component.bicep} (52%) rename deploy/aks/daprComponents/{storage-queue-component.bicep => storage-queue-binding-component.bicep} (100%) create mode 100644 deploy/aks/services/redis.bicep diff --git a/deploy/aks/daprComponents/cosmos-component.bicep b/deploy/aks/daprComponents/statestore-component.bicep similarity index 52% rename from deploy/aks/daprComponents/cosmos-component.bicep rename to deploy/aks/daprComponents/statestore-component.bicep index 42080315..9f808bf8 100644 --- a/deploy/aks/daprComponents/cosmos-component.bicep +++ b/deploy/aks/daprComponents/statestore-component.bicep @@ -1,10 +1,14 @@ @secure() param kubeConfig string param kubernetesNamespace string -param cosmosUrl string -param cosmosDatabaseName string -param cosmosContainerName string -param cosmosAccountPrimaryMasterKey string + +@secure() +param redisHostnameAndPort string + +@secure() +param redisPassword string + +param redisEnableTLS bool import 'kubernetes@1.0.0' with { namespace: 'default' @@ -17,24 +21,20 @@ resource daprIoComponentStatestore 'dapr.io/Component@v1alpha1' = { namespace: kubernetesNamespace } spec: { - type: 'state.azure.cosmosdb' + type: 'state.redis' version: 'v1' metadata: [ { - name: 'url' - value: cosmosUrl - } - { - name: 'masterKey' - value: cosmosAccountPrimaryMasterKey + name: 'enableTLS' + value: redisEnableTLS ? 'true' : 'false' } { - name: 'database' - value: cosmosDatabaseName + name: 'redisHost' + value: redisHostnameAndPort } { - name: 'collection' - value: cosmosContainerName + name: 'redisPassword' + value: redisPassword } { name: 'actorStateStore' diff --git a/deploy/aks/daprComponents/storage-queue-component.bicep b/deploy/aks/daprComponents/storage-queue-binding-component.bicep similarity index 100% rename from deploy/aks/daprComponents/storage-queue-component.bicep rename to deploy/aks/daprComponents/storage-queue-binding-component.bicep diff --git a/deploy/aks/main.bicep b/deploy/aks/main.bicep index cbb5e034..76793451 100644 --- a/deploy/aks/main.bicep +++ b/deploy/aks/main.bicep @@ -160,29 +160,40 @@ module servicebus 'services/servicebus.bicep' = { } } + +module redis 'services/redis.bicep' = { + name: '${clusterName}--services--redis' + params: { + solutionName: solutionName + location: location + enableNonSslPort : false // Just to be explicit here: using TLS port 6380 + // diagnosticsEnabled: false - https://github.com/Azure/azure-quickstart-templates/issues/13566 + } +} + // // Dapr Components // -module cosmosComponent 'daprComponents/cosmos-component.bicep' = { - name: '${clusterName}--component--cosmos' +module statestoreComponent 'daprComponents/statestore-component.bicep' = { + name: '${clusterName}--component--redis-statestore' params: { kubeConfig: aks.listClusterAdminCredential().kubeconfigs[0].value kubernetesNamespace: longhaulNamespace.outputs.kubernetesNamespace - cosmosUrl: cosmos.outputs.cosmosUrl - cosmosContainerName: cosmos.outputs.cosmosContainerName - cosmosDatabaseName: cosmos.outputs.cosmosDatabaseName - cosmosAccountPrimaryMasterKey: cosmos.outputs.cosmosAccountPrimaryMasterKey + + redisEnableTLS: redis.outputs.redisEnableTLS + redisHostnameAndPort: redis.outputs.redisHostnameAndPort + redisPassword: redis.outputs.redisPassword } dependsOn: [ - cosmos + redis daprExtension longhaulNamespace ] } -module messageBindingComponent 'daprComponents/storage-queue-component.bicep' = { - name: '${clusterName}--component--storageQueue' +module messageBindingComponent 'daprComponents/storage-queue-binding-component.bicep' = { + name: '${clusterName}--component--storageQueue-bindings' params: { kubeConfig: aks.listClusterAdminCredential().kubeconfigs[0].value kubernetesNamespace: longhaulNamespace.outputs.kubernetesNamespace @@ -199,8 +210,8 @@ module messageBindingComponent 'daprComponents/storage-queue-component.bicep' = -module servicebusComponent 'daprComponents/servicebus-pubsub-component.bicep' = { - name: '${clusterName}--component--servicebus' +module pubSubComponent 'daprComponents/servicebus-pubsub-component.bicep' = { + name: '${clusterName}--component--servicebus-pubsub' params: { kubeConfig: aks.listClusterAdminCredential().kubeconfigs[0].value kubernetesNamespace: longhaulNamespace.outputs.kubernetesNamespace @@ -228,7 +239,7 @@ module feedGenerator 'apps/feed-generator-deploy.bicep' = { dependsOn: [ daprExtension longhaulNamespace - servicebusComponent + pubSubComponent ] } @@ -242,7 +253,7 @@ module messageAnalyzer 'apps/message-analyzer-deploy.bicep' = { daprExtension longhaulNamespace messageBindingComponent - servicebusComponent + pubSubComponent ] } @@ -255,7 +266,7 @@ module hashtagActor 'apps/hashtag-actor-deploy.bicep' = { dependsOn: [ daprExtension longhaulNamespace - cosmosComponent + statestoreComponent ] } @@ -284,7 +295,7 @@ module pubsubWorkflowApp 'apps/pubsub-workflow-deploy.bicep' = { dependsOn: [ daprExtension longhaulNamespace - servicebusComponent + pubSubComponent ] } @@ -297,7 +308,7 @@ module snapshotApp 'apps/snapshot-deploy.bicep' = { dependsOn: [ daprExtension longhaulNamespace - servicebusComponent + pubSubComponent hashtagActor ] } diff --git a/deploy/aks/services/redis.bicep b/deploy/aks/services/redis.bicep new file mode 100644 index 00000000..55ac0c9d --- /dev/null +++ b/deploy/aks/services/redis.bicep @@ -0,0 +1,103 @@ +// Based on MIT-licensed https://github.com/Azure/azure-quickstart-templates/blob/master/quickstarts/microsoft.cache/redis-cache/main.bicep +// Updated to default to chepest tier. + +@description('Used to create a unique name for this redis instance') +param solutionName string + +@description('Specify the name of the Azure Redis Cache to create.') +param redisCacheName string = '${solutionName}-redis' + +@description('Location of all resources') +param location string = resourceGroup().location + +@description('Specify the pricing tier of the new Azure Redis Cache.') +@allowed([ + 'Basic' + 'Standard' + 'Premium' +]) +param redisCacheSKU string = 'Basic' + +@description('Specify the family for the sku. C = Basic/Standard, P = Premium.') +@allowed([ + 'C' + 'P' +]) +param redisCacheFamily string = 'C' + +@description('Specify the size of the new Azure Redis Cache instance. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4)') +@allowed([ + 0 + 1 + 2 + 3 + 4 + 5 + 6 +]) +param redisCacheCapacity int = 0 + +@description('Specify a boolean value that indicates whether to allow access via non-SSL ports.') +param enableNonSslPort bool = false + +resource redisCache 'Microsoft.Cache/Redis@2020-06-01' = { + name: redisCacheName + location: location + properties: { + enableNonSslPort: enableNonSslPort + minimumTlsVersion: '1.2' + sku: { + capacity: redisCacheCapacity + family: redisCacheFamily + name: redisCacheSKU + } + } +} + +// +// Diagnostics and Insights settings +// +// +// We are keeping diagnostics code here commented out in case we decide to re-enable it but +// for the time being it is broken due to https://github.com/Azure/azure-quickstart-templates/issues/13566 +// + +// @description('Specify a boolean value that indicates whether diagnostics should be saved to the specified storage account. Requires existingDiagnosticsStorageAccountName and existingDiagnosticsStorageAccountResourceGroup if set.') +// param diagnosticsEnabled bool = false + +// @description('Specify the name of an existing storage account for diagnostics.') +// param existingDiagnosticsStorageAccountName string + +// @description('Specify the resource group name of an existing storage account for diagnostics.') +// param existingDiagnosticsStorageAccountResourceGroup string + + +// resource diagnosticsStorage 'Microsoft.Storage/storageAccounts@2021-09-01' existing = { +// scope: resourceGroup(existingDiagnosticsStorageAccountResourceGroup) +// name: existingDiagnosticsStorageAccountName +// } + +// resource Microsoft_Insights_diagnosticsettings_redisCacheName 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (diagnosticsEnabled) { +// scope: redisCache +// name: redisCache.name +// properties: { +// storageAccountId: diagnosticsStorage.id +// metrics: [ +// { +// timeGrain: 'AllMetrics' +// enabled: diagnosticsEnabled +// retentionPolicy: { +// days: 90 +// enabled: diagnosticsEnabled +// } +// } +// ] +// } +// } + +var redisPort = enableNonSslPort ? '6379' : '6380' + +output redisHostnameAndPort string = '${redisCache.properties.hostName}:${redisPort}' +output redisPassword string = redisCache.listKeys().primaryKey +output redisEnableTLS bool = !enableNonSslPort +