Updated name resolution docs (#1576)

* Add consul references * Fix typo Add a missing word * Clarify state management examples * Added table to show Kubernetes options When I read this doc it was unclear that the cert could be provided as a secret. The only table on the original version showed `spnCertificateFile` as a required option. I added a second table to make it clear that in Kubernetes there is a `spnCertificate` option that does not require a file on disk. * incorporating feedback * Update daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md * Update daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md * Fix self-hosted docs * Remove name-resolution reference * Add other name resolution providers * Update service invocation docs * Remove whitespace * Update service-invocation-overview.md Fixed typo and added a sentence on Consul * Update setup-nr-consul.md Minor updates * Address comments * Fix code formatting Co-authored-by: Esteban Luchsinger <[email protected]> Co-authored-by: Donovan Brown <[email protected]> Co-authored-by: Mark Fussell <[email protected]>
dapr · Jun 23, 2021 · 231b0e8 · 231b0e8
1 parent c227603
commit 231b0e8
Show file tree

Hide file tree

Showing 8 changed files with 102 additions and 47 deletions.
diff --git a/...-applications/building-blocks/service-invocation/service-invocation-overview.md b/...-applications/building-blocks/service-invocation/service-invocation-overview.md
@@ -12,10 +12,10 @@ Using service invocation, your application can reliably and securely communicate
 
 In many environments with multiple services that need to communicate with each other, developers often ask themselves the following questions:
 
-* How do I discover and invoke methods on different services?
-* How do I call other services securely with encryption and apply access control on the methods?
-* How do I handle retries and transient errors?
-* How do I use tracing to see a call graph with metrics to diagnose issues in production?
+- How do I discover and invoke methods on different services?
+- How do I call other services securely with encryption and apply access control on the methods?
+- How do I handle retries and transient errors?
+- How do I use tracing to see a call graph with metrics to diagnose issues in production?
 
 Dapr addresses these challenges by providing a service invocation API that acts as a combination of a reverse proxy with built-in service discovery, while leveraging built-in distributed tracing, metrics, error handling, encryption and more.
 
@@ -28,11 +28,9 @@ The diagram below is an overview of how Dapr's service invocation works.
 <img src="/images/service-invocation-overview.png" width=800 alt="Diagram showing the steps of service invocation">
 
 1. Service A makes an HTTP or gRPC call targeting Service B. The call goes to the local Dapr sidecar.
-2. Dapr discovers Service B's location using the [name resolution component](https://github.com/dapr/components-contrib/tree/master/nameresolution) which is running on the given [hosting platform]({{< ref "hosting" >}}).
+2. Dapr discovers Service B's location using the [name resolution component]({{< ref supported-name-resolution >}}) which is running on the given [hosting platform]({{< ref "hosting" >}}).
 3. Dapr forwards the message to Service B's Dapr sidecar
-
-    **Note**: All calls between Dapr sidecars go over gRPC for performance. Only calls between services and Dapr sidecars can be either HTTP or gRPC
-
+   - **Note**: All calls between Dapr sidecars go over gRPC for performance. Only calls between services and Dapr sidecars can be either HTTP or gRPC
 4. Service B's Dapr sidecar forwards the request to the specified endpoint (or method) on Service B.  Service B then runs its business logic code.
 5. Service B sends a response to Service A.  The response goes to Service B's sidecar.
 6. Dapr forwards the response to Service A's Dapr sidecar.
@@ -43,63 +41,59 @@ Service invocation provides several features to make it easy for you to call met
 
 ### Namespaces scoping
 
-Service invocation supports calls across namespaces. On all supported hosting platforms, Dapr app IDs conform to a valid FQDN format that includes the target namespace.
-
-For example, the following string contains the app ID `nodeapp` in addition to the namespace the app runs in `production`.
+By default, users can invoke services within the same namespaces by simply referencing the app ID (`nodeapp`):
 
+```sh
+localhost:3500/v1.0/invoke/nodeapp/method/neworder
 ```
-localhost:3500/v1.0/invoke/nodeapp.production/method/neworder
-```
 
-This is especially useful in cross namespace calls in a Kubernetes cluster. Watch this video for a demo on how to use namespaces with service invocation.
+Service invocation also supports calls across namespaces. On all supported hosting platforms, Dapr app IDs conform to a valid FQDN format that includes the target namespace.
+
+Users can specify both the app ID (`nodeapp`) in addition to the namespace the app runs in (`production`):
 
-<iframe width="560" height="315" src="https://www.youtube.com/embed/LYYV_jouEuA?start=497" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
+```sh
+localhost:3500/v1.0/invoke/nodeapp.production/method/neworder
+```
 
+This is especially useful in cross namespace calls in a Kubernetes cluster.
 
 ### Service-to-service security
 
 All calls between Dapr applications can be made secure with mutual (mTLS) authentication on hosted platforms, including automatic certificate rollover, via the Dapr Sentry service. The diagram below shows this for self hosted applications.
 
 For more information read the [service-to-service security]({{< ref "security-concept.md#sidecar-to-sidecar-communication" >}}) article.
 
-
-### Service access policies security
+### Access control
 
 Applications can control which other applications are allowed to call them and what they are authorized to do via access policies. This enables you to restrict sensitive applications, that say have personnel information, from being accessed by unauthorized applications, and combined with service-to-service secure communication, provides for soft multi-tenancy deployments.
 
 For more information read the [access control allow lists for service invocation]({{< ref invoke-allowlist.md >}}) article.
 
-#### Example service invocation security
-The diagram below is an example deployment on a Kubernetes cluster with a Daprized `Ingress` service that calls onto `Service A` using service invocation with mTLS encryption and an applies access control policy. `Service A` then calls onto `Service B` also using service invocation and mTLS. Each service is running in different namespaces for added isolation.
-
-<img src="/images/service-invocation-security.png" width=800>
-
 ### Retries
 
 Service invocation performs automatic retries with backoff time periods in the event of call failures and transient errors.
 
 Errors that cause retries are:
 
-* Network errors including endpoint unavailability and refused connections.
-* Authentication errors due to a renewing certificate on the calling/callee Dapr sidecars.
+- Network errors including endpoint unavailability and refused connections.
+- Authentication errors due to a renewing certificate on the calling/callee Dapr sidecars.
 
 Per call retries are performed with a backoff interval of 1 second up to a threshold of 3 times.
 Connection establishment via gRPC to the target sidecar has a timeout of 5 seconds.
 
 ### Pluggable service discovery
 
-Dapr can run on any [hosting platform]({{< ref hosting >}}). For the supported hosting platforms this means they have a [name resolution component](https://github.com/dapr/components-contrib/tree/master/nameresolution) developed for them that enables service discovery. For example, the Kubernetes name resolution component uses the Kubernetes DNS service to resolve the location of other applications running in the cluster. For local and multiple physical machines this uses the mDNS protocol.
-
-> Note: [For local and physical machines, ensure mDNS is functioning properly.]({{< ref "common_issues.md#service-invocation-is-failing-and-my-dapr-service-is-missing-an-appId-macos" >}})
+Dapr can run on a variety of [hosting platforms]({{< ref hosting >}}). To enable service discovery and service invocation, Dapr uses pluggable [name resolution components]({{< ref supported-name-resolution >}}). For example, the Kubernetes name resolution component uses the Kubernetes DNS service to resolve the location of other applications running in the cluster. Self-hosted machines can use the mDNS name resolution component. The Consul name resolution component can be used in any hosting environment including Kubernetes or self-hosted.  
 
 ### Round robin load balancing with mDNS
+
 Dapr provides round robin load balancing of service invocation requests with the mDNS protocol, for example with a single machine or with multiple, networked, physical machines.
 
 The diagram below shows an example of how this works. If you have 1 instance of an application with app ID `FrontEnd` and 3 instances of application with app ID `Cart` and you call from `FrontEnd` app to `Cart` app, Dapr round robins' between the 3 instances. These instance can be on the same machine or on different machines. .
 
-<img src="/images/service-invocation-mdns-round-robin.png" width=800 alt="Diagram showing the steps of service invocation">
+<img src="/images/service-invocation-mdns-round-robin.png" width=600 alt="Diagram showing the steps of service invocation">
 
-Note: You can have N instances of the same app with the same app ID as app ID is unique per app. And you can have multiple instances of that app where all those instances have the same app ID.
+**Note**: You can have N instances of the same app with the same app ID as app ID is unique per app. And you can have multiple instances of that app where all those instances have the same app ID.
 
 ### Tracing and metrics with observability
 
@@ -110,11 +104,12 @@ By default, all calls between applications are traced and metrics are gathered t
 The API for service invocation can be found in the [service invocation API reference]({{< ref service_invocation_api.md >}}) which describes how to invoke a method on another service.
 
 ## Example
+
 Following the above call sequence, suppose you have the applications as described in the [hello world quickstart](https://github.com/dapr/quickstarts/blob/master/hello-world/README.md), where a python app invokes a node.js app. In such a scenario, the python app would be "Service A" , and a Node.js app would be "Service B".
 
 The diagram below shows sequence 1-7 again on a local machine showing the API calls:
 
-<img src="/images/service-invocation-overview-example.png" width=800>
+<img src="/images/service-invocation-overview-example.png" width=800 />
 
 1. The Node.js app has a Dapr app ID of `nodeapp`. The python app invokes the Node.js app's `neworder` method by POSTing `http://localhost:3500/v1.0/invoke/nodeapp/method/neworder`, which first goes to the python app's local Dapr sidecar.
 2. Dapr discovers the Node.js app's location using name resolution component (in this case mDNS while self-hosted) which runs on your local machine.
@@ -126,9 +121,9 @@ The diagram below shows sequence 1-7 again on a local machine showing the API ca
 
 ## Next steps
 
-* Follow these guides on:
-    * [How-to: Invoke services using HTTP]({{< ref howto-invoke-discover-services.md >}})
-    * [How-To: Configure Dapr to use gRPC]({{< ref grpc >}})
-* Try out the [hello world quickstart](https://github.com/dapr/quickstarts/blob/master/hello-world/README.md) which shows how to use HTTP service invocation or try the samples in the [Dapr SDKs]({{< ref sdks >}})
-* Read the [service invocation API specification]({{< ref service_invocation_api.md >}})
-* Understand the [service invocation performance]({{< ref perf-service-invocation.md >}}) numbers
+- Follow these guides on:
+  - [How-to: Invoke services using HTTP]({{< ref howto-invoke-discover-services.md >}})
+  - [How-To: Configure Dapr to use gRPC]({{< ref grpc >}})
+- Try out the [hello world quickstart](https://github.com/dapr/quickstarts/blob/master/hello-world/README.md) which shows how to use HTTP service invocation or try the samples in the [Dapr SDKs]({{< ref sdks >}})
+- Read the [service invocation API specification]({{< ref service_invocation_api.md >}})
+- Understand the [service invocation performance]({{< ref perf-service-invocation.md >}}) numbers
diff --git a/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-overview.md b/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-overview.md
@@ -25,3 +25,8 @@ The `dapr-placement` service is responsible for managing the actor distribution
 
 You can use the [`dapr run` CLI command]({{< ref dapr-run.md >}}) to a Dapr sidecar process along with your application.
 
+## Name resolution
+
+Dapr uses a [name resolution component]({{< ref supported-name-resolution >}}) for service discovery within the [service invocation]({{< ref service-invocation >}}) building block. By default Dapr uses mDNS when in self-hosted mode.
+
+If you are running Dapr on virtual machines or where mDNS is not available, then you can use the [HashiCorp Consul]({{< ref setup-nr-consul.md >}}) component for name resolution.
diff --git a/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-with-docker.md b/daprdocs/content/en/operations/hosting/self-hosted/self-hosted-with-docker.md
@@ -149,6 +149,10 @@ To further learn how to run Dapr with Docker Compose, see the [Docker-Compose Sa
 If your deployment target is Kubernetes please use Dapr's first-class integration. Refer to the
 [Dapr on Kubernetes docs]({{< ref "kubernetes-overview.md" >}}).
 
+## Name resolution
+
+Dapr by default uses mDNS as the name resolution component in self-hosted mode for service invocation. If you are running Dapr on virtual machines or where mDNS is not available, then you can use the [HashiCorp Consul]({{< ref setup-nr-consul.md >}}) component for name resolution.
+
 ## Docker images
 
 Dapr provides a number of prebuilt Docker images for different components, you should select the relevant image for your desired binary, architecture, and tag/version.

diff --git a/...s/content/en/reference/components-reference/supported-name-resolution/_index.md b/...s/content/en/reference/components-reference/supported-name-resolution/_index.md
@@ -1,6 +1,6 @@
 ---
 type: docs
-title: "Name resolution component specs"
+title: "Name resolution provider component specs"
 linkTitle: "Name resolution"
 weight: 5000
 description: The supported name resolution providers that interface with Dapr service invocation
@@ -21,14 +21,13 @@ The following components provide name resolution for the service invocation buil
 
 | Name | Status | Component version | Since |
 |------|:------:|:-----------------:|:-----:|
-| mDNS | GA     | v1                | 1.0   |
+| [mDNS]({{< ref nr-mdns.md >}}) | GA | v1 | 1.0 |
 
 ### Kubernetes
 
 | Name       | Status | Component version | Since |
 |------------|:------:|:-----------------:|:-----:|
-| Kubernetes | GA     | v1                | 1.0   |
-
+| [Kubernetes]({{< ref nr-kubernetes.md >}}) | GA | v1 | 1.0 |
 
 ## Definitions
 

diff --git a/...nt/en/reference/components-reference/supported-name-resolution/nr-kubernetes.md b/...nt/en/reference/components-reference/supported-name-resolution/nr-kubernetes.md
@@ -0,0 +1,23 @@
+---
+type: docs
+title: "Kubernetes DNS name resolution provider spec"
+linkTitle: "Kubernetes DNS"
+description: Detailed information on the Kubernetes DNS name resolution component
+---
+
+## Configuration format
+
+Kubernetes DNS name resolution is configured automatically in [Kubernetes mode]({{< ref kubernetes >}}) by Dapr. There is no configuration needed to use Kubernetes DNS as your name resolution provider.
+
+## Behaviour
+
+The component resolves target apps by using the Kubernetes cluster's DNS provider. You can learn more in the [Kubernetes docs](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/).
+
+## Spec configuration fields
+
+Not applicable, as Kubernetes DNS is configured by Dapr when running in Kubernetes mode.
+
+## Related links
+
+- [Service invocation building block]({{< ref service-invocation >}})
+- [Kubernetes DNS docs](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/)
diff --git a/.../content/en/reference/components-reference/supported-name-resolution/nr-mdns.md b/.../content/en/reference/components-reference/supported-name-resolution/nr-mdns.md
@@ -0,0 +1,29 @@
+---
+type: docs
+title: "mDNS name resolution provider spec"
+linkTitle: "mDNS"
+description: Detailed information on the mDNS name resolution component
+---
+
+## Configuration format
+
+Multicast DNS (mDNS) is configured automatically in [self-hosted mode]({{< ref self-hosted >}}) by Dapr. There is no configuration needed to use mDNS as your name resolution provider.
+
+## Behaviour
+
+The component resolves target apps by using the host system's mDNS service. You can learn more about mDNS [here](https://en.wikipedia.org/wiki/Multicast_DNS).
+
+### Troubleshooting
+
+In some cloud provider virtual networks, such as Microsoft Azure, mDNS is not available. Use an alternate provider such as [HashiCorp Consul]({{< ref setup-nr-consul.md >}}) instead.
+
+On some enterprise-managed systems, mDNS may be disabled on macOS if a network filter/proxy is configured. Check with your IT department if mDNS is disabled and you are unable to use service invocation locally.
+
+## Spec configuration fields
+
+Not applicable, as mDNS is configured by Dapr when running in self-hosted mode.
+
+## Related links
+
+- [Service invocation building block]({{< ref service-invocation >}})
+- [mDNS reference](https://en.wikipedia.org/wiki/Multicast_DNS)
diff --git a/.../en/reference/components-reference/supported-name-resolution/setup-nr-consul.md b/.../en/reference/components-reference/supported-name-resolution/setup-nr-consul.md
@@ -1,9 +1,9 @@
 ---
 type: docs
-title: "HashiCorp Consul"
+title: "HashiCorp Consul name resolution provider spec"
 linkTitle: "HashiCorp Consul"
 description: Detailed information on the HashiCorp Consul name resolution component
---- 
+---
 
 ## Configuration format
 
@@ -29,14 +29,14 @@ If Consul service registration is managed externally from Dapr you need to ensur
 
 ## Behaviour
 
-On init the Consul component will either validate the connection to the configured (or default) agent or register the service if configured to do so. The name resolution interface does not cater for an "on shutdown" pattern so please consider this if using Dapr to register services to Consul as it will not deregister services.
+On `init` the Consul component either validates the connection to the configured (or default) agent or registers the service if configured to do so. The name resolution interface does not cater for an "on shutdown" pattern so consider this when using Dapr to register services to Consul as it does not deregister services.
 
 The component resolves target apps by filtering healthy services and looks for a `DAPR_PORT` in the metadata (key is configurable) in order to retrieve the Dapr sidecar port. Consul `service.meta` is used over `service.port` so as to not interfere with existing Consul estates.
 
 
 ## Spec configuration fields
 
-As of writing the configuration spec is fixed to v1.3.0 of the Consul api
+The configuration spec is fixed to v1.3.0 of the Consul API
 
 | Field        | Required | Type | Details  | Examples |
 |--------------|:--------:|-----:|:---------|----------|
@@ -105,7 +105,7 @@ spec:
 
 ### Advanced registration
 
-Configuring the advanced registration gives you full control over all the properties possible when registering.
+Configuring the advanced registration gives you full control over setting all the Consul properties possible when registering.
 
 ```yaml
 apiVersion: dapr.io/v1alpha1
@@ -142,11 +142,11 @@ spec:
 {{< tabs "Self-Hosted" "Kubernetes" >}}
 
 {{% codetab %}}
-HashiCorp offer in depth guides on how to setup Consul for different hosting models. Please check out the [self-hosted guide here](https://learn.hashicorp.com/collections/consul/getting-started)
+HashiCorp offer in depth guides on how to setup Consul for different hosting models. Check out the [self-hosted guide here](https://learn.hashicorp.com/collections/consul/getting-started)
 {{% /codetab %}}
 
 {{% codetab %}}
-HashiCorp offer in depth guides on how to setup Consul for different hosting models. Please check out the [Kubernetes guide here](https://learn.hashicorp.com/collections/consul/gs-consul-service-mesh)
+HashiCorp offer in depth guides on how to setup Consul for different hosting models. Check out the [Kubernetes guide here](https://learn.hashicorp.com/collections/consul/gs-consul-service-mesh)
 {{% /codetab %}}
 
 {{< /tabs >}}

diff --git a/daprdocs/static/images/service-invocation-overview.png b/daprdocs/static/images/service-invocation-overview.png