Tempestive uses Dapr and Kubernetes to track billions of messages on IoT devices while reducing costs.
With Dapr, a graduated CNCF project, platform teams can configure complex setups while exposing simple interfaces to application development teams, making it easier for them to build highly scalable distributed applications. Many platform teams have adopted Dapr to provide governance and golden paths for API-based infrastructure interaction. Dapr helps to solve these platform engineering challenges:
The Dapr building block APIs, provide an abstraction over the underlying infrastructure. Development teams don’t require product-specific SDKs when using the Dapr APIs, making it easy to switch from one product to another and support multiple different products of the same type. For example; developers use the Dapr Pub/Sub API in their code, and during development, they use Redis Streams as the message broker that runs locally in a container, while the production environment uses Kafka that runs in the cloud. Equally, platform teams can provide multiple messaging products such as Kafka, Pulsar, and RabbitMQ, and development teams can use either of them using the same Pub/Sub API.
Dapr improves observability in distributed applications since all communication between applications and infrastructure passes through the Dapr process. Dapr natively integrates with OpenTelemetry, and by automatically generating and propagating tracing contexts using the W3C tracing specification across all its APIs, Dapr removes the need for manual instrumentation, saving development time. This allows for easier telemetry data collection that includes metrics, logs, and traces and faster time to resolution of issues, given the critical need for observability in production environments.
Dapr has several built-in features to manage secure communication, access control and authentication. Dapr uses mutual Transport Layer Security (mTLS) to encrypt communication between services, ensuring data integrity and confidentiality. Access Policies can be defined by the platform team to control access to services, infrastructure resources (components) and secrets for governance. Additionally, Dapr supports middleware components, such as OAuth 2.0, which can handle authentication and authorization for web APIs.
Dapr improves application resiliency by providing platform engineers with configurable policies for retries, circuit breakers, and timeouts. These policies can be scoped to specific applications, infrastructure resources (components), enabling fine-grained control and improved application uptime.
Dapr provides Kubernetes-native custom resource definitions to configure applications and infrastructure resources (components), enabling platform engineers to leverage GitOps and tools like ArgoCD. Dapr integrates with policy engines like Kyverno and OPA, simplifying the tasks related to compliance and governance, protecting product teams from misconfigurations.
Dapr is a set of integrated APIs with built-in best practices and patterns to build distributed applications. Dapr increases your developer productivity by 20-40% with out-of-the-box features such as workflow, pub/sub, state management, secret stores, external configuration, bindings, actors, distributed lock, and cryptography. You benefit from the built-in security, reliability, and observability capabilities, so you don't need to write boilerplate code to achieve production-ready applications.
Author workflows in code to automate complex business processes that are stateful, durable, and long-running.
Take advantage of workflow patterns such as task chaining, fan-out/fan-in, monitor, timers, and external system interaction. Combine Dapr workflow with the Dapr APIs to send messages, invoke services, and store key/value data. Workflow state can be stored in any database of your choice.
Dapr includes built-in security features that are "on by default". Developers and ops can set application-centric policies on APIs, services, and components to limit access without getting into low level networking concerns. Communication is automatically encrypted in-transit with mTLS.
Dapr also provides resiliency policies to protect against failures due to any number of issues, including hardware failures, unexpected throughput, or application lifecycle events, such as scaling out and application restarts. Dapr provides specific capabilities that detect failures and enable configurable retries, back-offs, circuit breakers and timeouts.
Dapr's component model decouples the integrated API with the underlying resources. For instance, when you're using the Dapr publish subscribe API, you can change the message broker by swapping out a yaml component file to switch from RabbitMQ, to Kafka (or any other supported broker), without changing your application code.
Dapr applications run on Kubernetes or run self-hosted on any virtual or physical machine, so you can run Dapr applications on any cloud or edge.
Dapr can be introduced into an existing architecture incrementally. Dapr applications can call non-Dapr endpoints while still having the Dapr benefits of having resiliency policies, observability, security access through scoping and more.
Service invocation enables applications to communicate with each other through well-known endpoints in the form of http or gRPC messages. Dapr provides an endpoint that acts as a combination of a reverse proxy with built-in service discovery, while leveraging built-in distributed tracing and error handling.
> Read more about Service invocationPub/Sub is a loosely coupled messaging pattern where senders (or publishers) publish messages to a topic, to which subscribers subscribe. Dapr supports the pub/sub pattern between applications.
> Read more about Publish subscribeApplication state is anything an application wants to preserve beyond a single session. Dapr provides a key/value-based state and query APIs with pluggable state stores for persistence.
> Read more about State managementAn actor is an isolated, independent unit of compute and state with single-threaded execution. Dapr provides an actor implementation based on the virtual actor pattern which provides a single-threaded programming model and where actors are garbage collected when not in use.
> Read more about ActorsThe Workflow API enables you to define long running, persistent processes or data flows that span multiple microservices using Dapr workflows or workflow components. The Workflow API can be combined with other Dapr API building blocks.
> Read more about WorkflowMany applications require job scheduling, the need to take an action in the future. The jobs API is an orchestrator for scheduling these jobs in the future, either at a specific time or a specific interval.
> Read more about JobsDapr provides a secrets API and integrates with secret stores such as public cloud stores, local stores and Kubernetes to store the secrets. Services can call the secrets API to retrieve secrets, for example to get a connection string to a database.
> Read more about SecretsThe Configuration API enables you to retrieve and subscribe to application configuration items for supported configuration stores. This enables an application to retrieve specific configuration information, for example, at start up or when configuration changes are made in the store.
> Read more about External configurationA binding provides a bi-directional connection to an external cloud/on-premise service or system. Dapr allows you to invoke the external service through the Dapr binding API, and it allows your application to be triggered by events sent by the connected service.
> Read more about BindingsThe distributed lock API enables you to take a lock on a resource so that multiple instances of an application can access the resource without conflicts and provide consistency guarantees.
> Read more about Distributed lockWith the cryptography API, you can leverage cryptography in a safe and consistent way. Dapr exposes APIs that allow you to perform operations, such as encrypting and decrypting messages, within key vaults or the Dapr sidecar, without exposing cryptographic keys to your application.
> Read more about CryptographyDapr provides end-to-end security with the service invocation API, with the ability to authenticate an application with Dapr and set endpoint access policies. For pub/sub components, you can limit which topic types and applications are allowed to publish and subscribe to specific topics.
Dapr can be configured to emit tracing data using the widely adopted protocols of Open Telemetry (OTEL) and Zipkin. This makes it easily integrated with multiple observability tools.
Dapr provides a capability for defining and applying fault tolerance resiliency policies to your application. You can define policies for following resiliency patterns: timeouts, retries/back-offs, circuit breakers. These policies can be applied to any Dapr API calls when calling components with a resiliency spec.