MicrosoftDocs
diff --git a/‎articles/iot-operations/develop/howto-deploy-dapr.md
Lines changed: 160 additions & 0 deletions b/‎articles/iot-operations/develop/howto-deploy-dapr.md
Lines changed: 160 additions & 0 deletions
diff --git a/‎articles/iot-operations/develop/howto-develop-dapr-apps.md
Lines changed: 23 additions & 158 deletions b/‎articles/iot-operations/develop/howto-develop-dapr-apps.md
Lines changed: 23 additions & 158 deletions
@@ -0,0 +1,160 @@
+---
+title: Deploy Dapr pluggable components
+titleSuffix: Azure IoT MQ
+description: Deploy Dapr and the IoT MQ pluggable components to a cluster.
+author: timlt
+ms.author: timlt
+ms.subservice: mq
+ms.topic: how-to
+ms.custom:
+ms.date: 1/31/2024
+---
+
+# Deploy Dapr pluggable components
+
+[!INCLUDE [public-preview-note](../includes/public-preview-note.md)]
+
+The Distributed Application Runtime (Dapr) is a portable, serverless, event-driven runtime that simplifies the process of building distributed applications. Dapr lets you build stateful or stateless apps without worrying about how the building blocks function. Dapr provides several [building blocks](https://docs.dapr.io/developing-applications/building-blocks/): pub/sub, state management, service invocation, actors, and more.  
+
+Azure IoT MQ Preview supports two of these building blocks, powered by [Azure IoT MQ MQTT broker](../manage-mqtt-connectivity/overview-iot-mq.md):
+
+- Publish and subscribe
+- State management
+
+To use the IoT MQ Dapr pluggable components, define the component spec for each of the APIs and then [register this to the cluster](https://docs.dapr.io/operations/components/pluggable-components-registration/). The Dapr components listen to a Unix domain socket placed on the shared volume. The Dapr runtime connects with each socket and discovers all services from a given building block API that the component implements.
+
+## Install Dapr runtime
+
+To install the Dapr runtime, use the following Helm command:
+
+> [!NOTE]
+> If you completed the provided Azure IoT Operations Preview [quickstart](../get-started/quickstart-deploy.md), you already installed the Dapr runtime and the following steps are not required.
+
+```bash
+helm repo add dapr https://dapr.github.io/helm-charts/
+helm repo update
+helm upgrade --install dapr dapr/dapr --version=1.11 --namespace dapr-system --create-namespace --wait
+```
+
+> [!IMPORTANT]
+> **Dapr v1.12** is currently not supported.
+
+## Register MQ pluggable components
+
+To register MQ's pluggable pub/sub and state management components, create the component manifest yaml, and apply it to your cluster. 
+
+To create the yaml file, use the following component definitions:
+
+> [!div class="mx-tdBreakAll"]
+> | Component | Description |
+> |-|-|
+> | `metadata.name` | The component name is important and is how a Dapr application references the component. |
+> | `spec.type` | [The type of the component](https://docs.dapr.io/operations/components/pluggable-components-registration/#define-the-component), which must be declared exactly as shown. It tells Dapr what kind of component (`pubsub` or `state`) it is and which Unix socket to use.  |
+> | `spec.metadata.url` | The URL tells the component where the local MQ endpoint is. Defaults to `8883` is MQ's default MQTT port with TLS enabled. |
+> | `spec.metadata.satTokenPath` | The Service Account Token is used to authenticate the Dapr components with the MQTT broker |
+> | `spec.metadata.tlsEnabled` |  Define if TLS is used by the MQTT broker. Defaults to `true` |
+> | `spec.metadata.caCertPath` | The certificate chain path for validating the broker, required if `tlsEnabled` is `true` |
+> | `spec.metadata.logLevel` | The logging level of the component. 'Debug', 'Info', 'Warn' and 'Error' |
+
+1. Save the following yaml, which contains the component definitions, to a file named `components.yaml`:
+
+    ```yml
+    # Pub/sub component
+    apiVersion: dapr.io/v1alpha1
+    kind: Component
+    metadata:
+      name: aio-mq-pubsub
+      namespace: azure-iot-operations
+    spec:
+      type: pubsub.aio-mq-pubsub-pluggable # DO NOT CHANGE
+      version: v1
+      metadata:
+      - name: url
+        value: "aio-mq-dmqtt-frontend:8883"
+      - name: satTokenPath
+        value: "/var/run/secrets/tokens/mqtt-client-token"
+      - name: tlsEnabled
+        value: true
+      - name: caCertPath
+        value: "/var/run/certs/aio-mq-ca-cert/ca.crt"
+      - name: logLevel
+        value: "Info"
+    ---
+    # State Management component
+    apiVersion: dapr.io/v1alpha1
+    kind: Component
+    metadata:
+      name: aio-mq-statestore
+      namespace: azure-iot-operations
+    spec:
+      type: state.aio-mq-statestore-pluggable # DO NOT CHANGE
+      version: v1
+      metadata:
+      - name: url
+        value: "aio-mq-dmqtt-frontend:8883"
+      - name: satTokenPath
+        value: "/var/run/secrets/tokens/mqtt-client-token"
+      - name: tlsEnabled
+        value: true
+      - name: caCertPath
+        value: "/var/run/certs/aio-mq-ca-cert/ca.crt"
+      - name: logLevel
+        value: "Info"
+    ```
+
+1. Apply the component yaml to your cluster by running the following command:
+
+    ```bash
+    kubectl apply -f components.yaml
+    ```
+
+    Verify the following output:
+
+    ```output
+    component.dapr.io/aio-mq-pubsub created
+    component.dapr.io/aio-mq-statestore created
+    ```
+
+## Create authorization policy for IoT MQ
+
+To configure authorization policies to Azure IoT MQ, first you create a [BrokerAuthorization](../manage-mqtt-connectivity/howto-configure-authorization.md) resource.
+
+> [!NOTE]
+> If Broker Authorization is not enabled on this cluster, you can skip this section as the applications will have access to all MQTT topics, including those needed to access the IoT MQ State Store.
+
+1. Save the following yaml, which contains a BrokerAuthorization definition, to a file named `aio-dapr-authz.yaml`:
+
+    ```yml
+    apiVersion: mq.iotoperations.azure.com/v1beta1
+    kind: BrokerAuthorization
+    metadata:
+      name: my-dapr-authz-policies
+      namespace: azure-iot-operations
+    spec:
+      listenerRef:
+        - my-listener # change to match your listener name as needed
+      authorizationPolicies:
+        enableCache: false
+        rules:
+          - principals:
+              attributes:
+                - group: dapr-workload # match to the attribute annotated to the service account
+            brokerResources:
+              - method: Connect
+              - method: Publish
+                topics:
+                  - "$services/statestore/#"
+              - method: Subscribe
+                topics:
+                  - "clients/{principal.clientId}/services/statestore/#"
+    ```
+
+1. Apply the BrokerAuthorizaion definition to the cluster:
+
+    ```bash
+    kubectl apply -f aio-dapr-authz.yaml
+    ```
+
+## Next steps
+
+Now that you have deployed the Dapr components, you can [Use Dapr to develop distributed applications](howto-develop-dapr-apps.md).
@@ -10,162 +10,19 @@ ms.custom:
   - ignite-2023
 ms.date: 11/14/2023
 
-# CustomerIntent: As an developer, I want to understand how to use Dapr to develop distributed apps that talk with Azure IoT MQ.
+# CustomerIntent: As a developer, I want to understand how to use Dapr to develop distributed apps that talk with Azure IoT MQ.
 ---
 
 # Use Dapr to develop distributed application workloads
 
 [!INCLUDE [public-preview-note](../includes/public-preview-note.md)]
 
-The Distributed Application Runtime (Dapr) is a portable, serverless, event-driven runtime that simplifies the process of building distributed application. Dapr enables developers to build stateful or stateless apps without worrying about how the building blocks function. Dapr provides several [building blocks](https://docs.dapr.io/developing-applications/building-blocks/): state management, service invocation, actors, pub/sub, and more.  Azure IoT MQ Preview supports two of these building blocks:
+To use the IoT MQ Dapr pluggable components, deploy both the pub/sub and state store components in your application deployment along with your Dapr application. This guide shows you how to deploy an application using the Dapr SDK and IoT MQ pluggable components.
 
-- Publish and Subscribe, powered by [Azure IoT MQ MQTT broker](../manage-mqtt-connectivity/overview-iot-mq.md)
-- State Management
+## Prerequisites
 
-To use Dapr pluggable components, define all the components, then add pluggable component containers to your [deployments](https://docs.dapr.io/operations/components/pluggable-components-registration/). The Dapr component listens to a Unix Domain Socket placed on the shared volume, and Dapr runtime connects with each socket and discovers all services from a given building block API that the component implements. Each deployment must have its own pluggable component defined. This guide shows you how to deploy an application using the Dapr SDK and IoT MQ pluggable components.
-
-## Install Dapr runtime
-
-To install the Dapr runtime, use the following Helm command. If you completed the provided Azure IoT Operations Preview [quickstart](../get-started/quickstart-deploy.md), you already installed the runtime.
-
-```bash
-helm repo add dapr https://dapr.github.io/helm-charts/
-helm repo update
-helm upgrade --install dapr dapr/dapr --version=1.11 --namespace dapr-system --create-namespace --wait
-```
-
-> [!IMPORTANT]
-> **Dapr v1.12** is currently not supported.
-
-## Register MQ's pluggable components
-
-To register MQ's pluggable Pub/sub and State Management components, create the component manifest yaml, and apply it to your cluster. 
-
-To create the yaml file, use the following component definitions:
-
-> [!div class="mx-tdBreakAll"]
-> | Component | Description |
-> |-|-|
-> | `metadata.name` | The component name is important and is how a Dapr application references the component. |
-> | `spec.type` | [The type of the component](https://docs.dapr.io/operations/components/pluggable-components-registration/#define-the-component), which must be declared exactly as shown. It tells Dapr what kind of component (`pubsub` or `state`) it is and which Unix socket to use.  |
-> | `spec.metadata.url` | The URL tells the component where the local MQ endpoint is. Defaults to `8883` is MQ's default MQTT port with TLS enabled. |
-> | `spec.metadata.satTokenPath` | The Service Account Token is used to authenticate the Dapr components with the MQTT broker |
-> | `spec.metadata.tlsEnabled` |  Define if TLS is used by the MQTT broker. Defaults to `true` |
-> | `spec.metadata.caCertPath` | The certificate chain path for validating the broker, required if `tlsEnabled` is `true` |
-> | `spec.metadata.logLevel` | The logging level of the component. 'Debug', 'Info', 'Warn' and 'Error' |
-
-1. Save the following yaml, which contains the component definitions, to a file named `components.yaml`:
-
-    ```yml
-    # Pub/sub component
-    apiVersion: dapr.io/v1alpha1
-    kind: Component
-    metadata:
-      name: aio-mq-pubsub
-      namespace: azure-iot-operations
-    spec:
-      type: pubsub.aio-mq-pubsub-pluggable # DO NOT CHANGE
-      version: v1
-      metadata:
-      - name: url
-        value: "aio-mq-dmqtt-frontend:8883"
-      - name: satTokenPath
-        value: "/var/run/secrets/tokens/mqtt-client-token"
-      - name: tlsEnabled
-        value: true
-      - name: caCertPath
-        value: "/var/run/certs/aio-mq-ca-cert/ca.crt"
-      - name: logLevel
-        value: "Info"
-    ---
-    # State Management component
-    apiVersion: dapr.io/v1alpha1
-    kind: Component
-    metadata:
-      name: aio-mq-statestore
-      namespace: azure-iot-operations
-    spec:
-      type: state.aio-mq-statestore-pluggable # DO NOT CHANGE
-      version: v1
-      metadata:
-      - name: url
-        value: "aio-mq-dmqtt-frontend:8883"
-      - name: satTokenPath
-        value: "/var/run/secrets/tokens/mqtt-client-token"
-      - name: tlsEnabled
-        value: true
-      - name: caCertPath
-        value: "/var/run/certs/aio-mq-ca-cert/ca.crt"
-      - name: logLevel
-        value: "Info"
-    ```
-
-1. Apply the component yaml to your cluster by running the following command:
-
-    ```bash
-    kubectl apply -f components.yaml
-    ```
-
-    Verify the following output:
-
-    ```output
-    component.dapr.io/aio-mq-pubsub created
-    component.dapr.io/aio-mq-statestore created
-    ```
-
-## Set up authorization policy between the application and MQ
-
-To configure authorization policies to Azure IoT MQ, first you create a [BrokerAuthorization resource](../manage-mqtt-connectivity/howto-configure-authorization.md). 
-
-> [!NOTE]
-> If Broker Authorization is not enabled on this cluster, you can skip this section as the applications will have access to all MQTT topics.
-
-1. Annotate the service account `mqtt-client` with an [authorization attribute](../manage-mqtt-connectivity/howto-configure-authentication.md#create-a-service-account):
-
-    ```bash
-    kubectl annotate serviceaccount mqtt-client aio-mq-broker-auth/group=dapr-workload -n azure-iot-operations
-    ```
-
-1. Save the following yaml, which contains the BrokerAuthorization definition, to a file named `aio-mq-authz.yaml`. 
-
-    Use the following definitions:
-
-    > [!div class="mx-tdBreakAll"]
-    > | Item | Description |
-    > |-|-|
-    > | `dapr-workload` | The Dapr application authorization attribute assigned to the service account |
-    > | `topics` | Describe the topics required to communicate with the MQ State Store |
-
-    ```yml
-    apiVersion: mq.iotoperations.azure.com/v1beta1
-    kind: BrokerAuthorization
-    metadata:
-      name: my-authz-policies
-      namespace: azure-iot-operations
-    spec:
-      listenerRef:
-        - my-listener # change to match your listener name as needed
-      authorizationPolicies:
-        enableCache: false
-        rules:
-          - principals:
-              attributes:
-                - group: dapr-workload
-            brokerResources:
-              - method: Connect
-              - method: Publish
-                topics:
-                  - "$services/statestore/#"
-              - method: Subscribe
-                topics:
-                  - "clients/{principal.clientId}/services/statestore/#"
-    ```
-
-1. Apply the BrokerAuthorizaion definition to the cluster:
-
-    ```bash
-    kubectl apply -f aio-mq-authz.yaml
-    ```
+* Azure IoT Operations deployed - [Deploy Azure IoT Operations](../get-started/quickstart-deploy.md)
+* IoT MQ Dapr Components deployed - [Deploy IoT MQ Dapr Components](./howto-deploy-dapr.md)
 
 ## Creating a Dapr application
 
@@ -194,11 +51,9 @@ After you finish writing the Dapr application, build the container:
 
 ## Deploy a Dapr application
 
-To deploy the Dapr application to your cluster, you can use either a Kubernetes [Pod](https://kubernetes.io/docs/concepts/workloads/pods/) or [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/)
+The following [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) definition defines the different volumes required to deploy the application along with the required containers.
 
-The following Pod definition defines the different volumes required to deploy the application along with the required containers.
-
-To start, you create a yaml file that uses the following definitions:
+To start, create a yaml file with the following definitions:
 
 > | Component | Description |
 > |-|-|
@@ -210,6 +65,14 @@ To start, you create a yaml file that uses the following definitions:
 1. Save the following yaml to a file named `dapr-app.yaml`:
 
     ```yml
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+      name: dapr-client
+      namespace: azure-iot-operations
+      annotations:
+        aio-mq-broker-auth/group: dapr-workload
+    ---
     apiVersion: apps/v1
     kind: Deployment
     metadata:
@@ -231,6 +94,8 @@ To start, you create a yaml file that uses the following definitions:
             dapr.io/app-port: "6001"
             dapr.io/app-protocol: "grpc"
         spec:
+          serviceAccountName: dapr-client
+
           volumes:
           - name: dapr-unix-domain-socket
             emptyDir: {}
@@ -250,11 +115,11 @@ To start, you create a yaml file that uses the following definitions:
               name: aio-ca-trust-bundle-test-only
 
           containers:
-          # Container for the dapr quickstart application 
+          # Container for the Dapr application 
           - name: mq-dapr-app
-            image: <YOUR DAPR APPLICATION>
+            image: <YOUR_DAPR_APPLICATION>
 
-          # Container for the Pub/sub component
+          # Container for the Dapr Pub/sub component
           - name: aio-mq-pubsub-pluggable
             image: ghcr.io/azure/iot-mq-dapr-components/pubsub:latest
             volumeMounts:
@@ -265,7 +130,7 @@ To start, you create a yaml file that uses the following definitions:
             - name: aio-ca-trust-bundle
               mountPath: /var/run/certs/aio-mq-ca-cert/
 
-          # Container for the State Management component
+          # Container for the Dapr State store component
           - name: aio-mq-statestore-pluggable
             image: ghcr.io/azure/iot-mq-dapr-components/statestore:latest
             volumeMounts:
@@ -303,6 +168,6 @@ Run the following command to view the logs:
 kubectl logs dapr-workload daprd
 ```
 
-## Related content
+## Next steps
 
-- [Develop highly available applications](concept-about-distributed-apps.md)
+Now that you know how to develop a Dapr application, you can run through the tutorial to [Build an event-driven app with Dapr](tutorial-event-driven-with-dapr.md).