Azure Blob Storage

配置

To setup the Azure Blob Storage state store create a component of type state.azure.blobstorage. 请参阅本指南，了解如何创建和应用状态存储配置。

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: <NAME>
  namespace: <NAMESPACE>
spec:
  type: state.azure.blobstorage
  version: v1
  metadata:
  - name: accountName
    value: "[your_account_name]"
  - name: accountKey
    value: "[your_account_key]"
  - name: containerName
    value: "[your_container_name]"

元数据字段规范

Setup Azure Blob Storage

请遵循 Azure 文档中关于如何创建 Azure Storage Account的说明。

如果你想创建一个容器供Dapr使用，你可以事先这样做。 However, the Blob Storage state provider will create one for you automatically if it doesn’t exist.

要将 Azure Blob Storage配置为状态存储，你需要如下属性：

• AccountName：存储账户名称 举例：mystorageaccount 举例：mystorageaccount
• accountKey: Primary or secondary storage account key.
• ContainerName：用于Dapr状态的容器名称。 如果容器不存在，将会自动创建.

Authenticating with Azure AD

This component supports authentication with Azure AD as an alternative to use account keys. Whenever possible, it is recommended that you use Azure AD for authentication in production systems, to take advantage of better security, fine-tuned access control, and the ability to use managed identities for apps running on Azure.

The following scripts are optimized for a bash or zsh shell and require the following apps installed:

• Azure CLI
• jq

You must also be authenticated with Azure in your Azure CLI.

1. To get started with using Azure AD for authenticating the Blob Storage state store component, make sure you’ve created an Azure AD application and a Service Principal as explained in the Authenticating to Azure document.
   Once done, set a variable with the ID of the Service Principal that you created:

SERVICE_PRINCIPAL_ID="[your_service_principal_object_id]"

2. Set the following variables with the name of your Azure Storage Account and the name of the Resource Group where it’s located:

STORAGE_ACCOUNT_NAME="[your_storage_account_name]"
RG_NAME="[your_resource_group_name]"

3. Using RBAC, assign a role to our Service Principal so it can access data inside the Storage Account.
   In this case, you are assigning the “Storage blob Data Contributor” role, which has broad access; other more restrictive roles can be used as well, depending on your application.

RG_ID=$(az group show --resource-group ${RG_NAME} | jq -r ".id")
az role assignment create \
  --assignee "${SERVICE_PRINCIPAL_ID}" \
  --role "Storage blob Data Contributor" \
  --scope "${RG_ID}/providers/Microsoft.Storage/storageAccounts/${STORAGE_ACCOUNT_NAME}"

When authenticating your component using Azure AD, the accountKey field is not required. Instead, please specify the required credentials in the component’s metadata (if any) according to the Authenticating to Azure document.

例如:

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: <NAME>
  namespace: <NAMESPACE>
spec:
  type: state.azure.blobstorage
  version: v1
  metadata:
  - name: accountName
    value: "[your_account_name]"
  - name: containerName
    value: "[your_container_name]"
  - name: azureTenantId
    value: "[your_tenant_id]"
  - name: azureClientId
    value: "[your_client_id]"
  - name: azureClientSecret
    value : "[your_client_secret]"

应用配置

在Kubernetes中

要将 Azure Blob Storage状态存储应用到Kubernetes，请执行如下kubectl CLI：

kubectl apply -f azureblob.yaml

本地运行

要在本地运行，创建一个包含YAML文件的components目录，并提供dapr run命令的路径，标志为--components-path。

这个状态存储在容器中创建一个blob文件，并将原始状态放在里面。

例如，以下操作来自于名为myservice的服务:

curl -X POST http://localhost:3500/v1.0/state \
  -H "Content-Type: application/json"
  -d '[
        {
          "key": "nihilus",
          "value": "darth"
        }
      ]'

This creates the blob file in the container with key as filename and value as the contents of file.

并发（Concurrency）

根据Azure Blob Storage文档，通过使用ETag实现Azure Blob Storage状态并发。

相关链接

• Dapr组件的基本格式
• 阅读 本指南 以获取配置状态存储组件的说明
• 状态管理构建块