Azure Cosmos DB binding spec
To setup Azure Cosmos DB binding create a component of type . See on how to create and apply a binding configuration.
Warning
The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described .
Spec metadata fields
For more information see .
The Azure Cosmos DB binding component supports authentication using all Azure Active Directory mechanisms. For further information and the relevant component metadata fields to provide depending on the choice of AAD authentication mechanism, see the docs for authenticating to Azure.
This component supports output binding with the following operations:
create
Best Practices for Production Use
Azure Cosmos DB shares a strict metadata request rate limit across all databases in a single Azure Cosmos DB account. New connections to Azure Cosmos DB assume a large percentage of the allowable request rate limit. (See the Cosmos DB documentation)
Therefore several strategies must be applied to avoid simultaneous new connections to Azure Cosmos DB:
- Ensure sidecars of applications only load the Azure Cosmos DB component when they require it to avoid unnecessary database connections. This can be done by .
- Choose deployment strategies that sequentially deploy or start your applications to minimize bursts in new connections to your Azure Cosmos DB accounts.
- Avoid reusing the same Azure Cosmos DB account for unrelated databases or systems (even outside of Dapr). Distinct Azure Cosmos DB accounts have distinct rate limits.
- Increase the
initTimeout
value to allow the component to retry connecting to Azure Cosmos DB during side car initialization for up to 5 minutes. The default value is5s
and should be increased. When using Kubernetes, increasing this value may also require an update to your Readiness and Liveness probes.
The output binding operation requires the following keys to exist in the payload of every document to be created:
id
: a unique ID for the document to be created<partitionKey>
: the name of the partition key specified via thespec.partitionKey
in the component definition. This must also match the partition key specified upon creation of the Cosmos DB container.
Setting up Cosmos DB for authenticating with Azure AD
Prerequisites:
- Azure CLI
- The scripts below are optimized for a bash or zsh shell
Granting your Azure AD application access to Cosmos DB
In order to grant your application permissions to access data stored in Cosmos DB, you need to assign it a custom role for the Cosmos DB data plane. In this example you’re going to use a built-in role, “Cosmos DB Built-in Data Contributor”, which grants your application full read-write access to the data; you can optionally create custom, fine-tuned roles following the instructions in the official docs.