From 3dbb75fb25c4258e50aa67c1f070b91749221fda Mon Sep 17 00:00:00 2001 From: Ricard <16720621+ricardf@users.noreply.github.com> Date: Mon, 23 Aug 2021 20:16:57 +0200 Subject: [PATCH 1/7] Fix invokation example on powershell when using mTLS #1739 Environment variables should be fullfiled using -raw to avoid windows to treat end of lines. --- .../en/operations/configuration/invoke-allowlist.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/daprdocs/content/en/operations/configuration/invoke-allowlist.md b/daprdocs/content/en/operations/configuration/invoke-allowlist.md index 24aaf6809..2388f8754 100644 --- a/daprdocs/content/en/operations/configuration/invoke-allowlist.md +++ b/daprdocs/content/en/operations/configuration/invoke-allowlist.md @@ -263,9 +263,9 @@ The following steps run the Sentry service locally with mTLS enabled, set up nec {{% codetab %}} ```powershell - $env:DAPR_TRUST_ANCHORS=$(Get-Content $env:USERPROFILE\.dapr\certs\ca.crt) - $env:DAPR_CERT_CHAIN=$(Get-Content $env:USERPROFILE\.dapr\certs\issuer.crt) - $env:DAPR_CERT_KEY=$(Get-Content $env:USERPROFILE\.dapr\certs\issuer.key) + $env:DAPR_TRUST_ANCHORS=$(Get-Content -raw $env:USERPROFILE\.dapr\certs\ca.crt) + $env:DAPR_CERT_CHAIN=$(Get-Content -raw $env:USERPROFILE\.dapr\certs\issuer.crt) + $env:DAPR_CERT_KEY=$(Get-Content -raw $env:USERPROFILE\.dapr\certs\issuer.key) $env:NAMESPACE="default" ``` @@ -356,4 +356,4 @@ spec: containers: - name: python image: dapriosamples/hello-k8s-python:edge - ``` \ No newline at end of file + ``` From cd0bd7ad8f406ea84d6ccfe542e56c4aa4847b6f Mon Sep 17 00:00:00 2001 From: Ricard <16720621+ricardf@users.noreply.github.com> Date: Mon, 23 Aug 2021 20:42:40 +0200 Subject: [PATCH 2/7] Add reference to service invokation operations documentation Add reference to service invokation operations documentation using mTLS --- daprdocs/content/en/operations/security/mtls.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/daprdocs/content/en/operations/security/mtls.md b/daprdocs/content/en/operations/security/mtls.md index 10e573ff4..71f3a9b78 100644 --- a/daprdocs/content/en/operations/security/mtls.md +++ b/daprdocs/content/en/operations/security/mtls.md @@ -229,6 +229,8 @@ If using `daprd` directly, use the following flags to enable mTLS: daprd --app-id myapp --enable-mtls --sentry-address localhost:50001 --config=./config.yaml ``` +Several environment variables should be filled in with the information of the certificates when invoking services with the dapr sidecar. Check the [Service Invocation access control]({{< ref "invoke-allowlist.md" >}}) self-hosted example using mTLS for more detail. + #### Sentry configuration Here's an example of a configuration for Sentry that changes the workload cert TTL to 25 seconds: From 4e36e72f7f93cbb5f0ab0493dfcb61a954dbccde Mon Sep 17 00:00:00 2001 From: Ricard <16720621+ricardf@users.noreply.github.com> Date: Mon, 23 Aug 2021 20:44:34 +0200 Subject: [PATCH 3/7] Added extra information regarding service invokation mtls Added extra information regarding service invokation mtls --- daprdocs/content/en/operations/security/mtls.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/operations/security/mtls.md b/daprdocs/content/en/operations/security/mtls.md index 71f3a9b78..1354ba318 100644 --- a/daprdocs/content/en/operations/security/mtls.md +++ b/daprdocs/content/en/operations/security/mtls.md @@ -229,7 +229,7 @@ If using `daprd` directly, use the following flags to enable mTLS: daprd --app-id myapp --enable-mtls --sentry-address localhost:50001 --config=./config.yaml ``` -Several environment variables should be filled in with the information of the certificates when invoking services with the dapr sidecar. Check the [Service Invocation access control]({{< ref "invoke-allowlist.md" >}}) self-hosted example using mTLS for more detail. +Extra configuration is required using environment variables that be filled in with the information of the certificates when invoking services with the dapr sidecar. Check the [Service Invocation access control]({{< ref "invoke-allowlist.md" >}}) self-hosted example using mTLS for more detail. #### Sentry configuration From 678f18bd51fc19c6ddc5541baa3bea05217dd59a Mon Sep 17 00:00:00 2001 From: Ricard Forcada <16720621+ricardf@users.noreply.github.com> Date: Sun, 29 Aug 2021 09:05:29 +0200 Subject: [PATCH 4/7] Updated suggestions PR --- .../configuration/invoke-allowlist.md | 6 ++-- .../content/en/operations/security/mtls.md | 28 +++++++++++++++++-- 2 files changed, 29 insertions(+), 5 deletions(-) diff --git a/daprdocs/content/en/operations/configuration/invoke-allowlist.md b/daprdocs/content/en/operations/configuration/invoke-allowlist.md index 2388f8754..791c9fe08 100644 --- a/daprdocs/content/en/operations/configuration/invoke-allowlist.md +++ b/daprdocs/content/en/operations/configuration/invoke-allowlist.md @@ -300,9 +300,9 @@ The following steps run the Sentry service locally with mTLS enabled, set up nec {{% codetab %}} ```powershell - $env:DAPR_TRUST_ANCHORS=$(Get-Content $env:USERPROFILE\.dapr\certs\ca.crt) - $env:DAPR_CERT_CHAIN=$(Get-Content $env:USERPROFILE\.dapr\certs\issuer.crt) - $env:DAPR_CERT_KEY=$(Get-Content $env:USERPROFILE\.dapr\certs\issuer.key) + $env:DAPR_TRUST_ANCHORS=$(Get-Content -raw $env:USERPROFILE\.dapr\certs\ca.crt) + $env:DAPR_CERT_CHAIN=$(Get-Content -raw $env:USERPROFILE\.dapr\certs\issuer.crt) + $env:DAPR_CERT_KEY=$(Get-Content -raw $env:USERPROFILE\.dapr\certs\issuer.key) $env:NAMESPACE="default" ``` {{% /codetab %}} diff --git a/daprdocs/content/en/operations/security/mtls.md b/daprdocs/content/en/operations/security/mtls.md index 1354ba318..5cee6994a 100644 --- a/daprdocs/content/en/operations/security/mtls.md +++ b/daprdocs/content/en/operations/security/mtls.md @@ -217,6 +217,32 @@ spec: enabled: true ``` +In addition to the Dapr configuration, you will also need to provide the TLS certificates to each Dapr sidecar instance. You can do so by setting the following environment variables before running the Dapr instance: + +{{< tabs "Linux/MacOS" Windows >}} + +{{% codetab %}} +```bash +export DAPR_TRUST_ANCHORS=`cat $HOME/.dapr/certs/ca.crt` +export DAPR_CERT_CHAIN=`cat $HOME/.dapr/certs/issuer.crt` +export DAPR_CERT_KEY=`cat $HOME/.dapr/certs/issuer.key` +export NAMESPACE=default +``` + +{{% /codetab %}} + +{{% codetab %}} +```powershell +$env:DAPR_TRUST_ANCHORS=$(Get-Content -raw $env:USERPROFILE\.dapr\certs\ca.crt) +$env:DAPR_CERT_CHAIN=$(Get-Content -raw $env:USERPROFILE\.dapr\certs\issuer.crt) +$env:DAPR_CERT_KEY=$(Get-Content -raw $env:USERPROFILE\.dapr\certs\issuer.key) +$env:NAMESPACE="default" +``` + +{{% /codetab %}} + +{{< /tabs >}} + If using the Dapr CLI, point Dapr to the config file above to run the Dapr instance with mTLS enabled: ``` @@ -229,8 +255,6 @@ If using `daprd` directly, use the following flags to enable mTLS: daprd --app-id myapp --enable-mtls --sentry-address localhost:50001 --config=./config.yaml ``` -Extra configuration is required using environment variables that be filled in with the information of the certificates when invoking services with the dapr sidecar. Check the [Service Invocation access control]({{< ref "invoke-allowlist.md" >}}) self-hosted example using mTLS for more detail. - #### Sentry configuration Here's an example of a configuration for Sentry that changes the workload cert TTL to 25 seconds: From 66949ed290f41ad0ffe24987dc2876dd0cbe5004 Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Tue, 7 Sep 2021 14:40:22 -0700 Subject: [PATCH 5/7] Remove alert saying Codespaces is in Beta --- daprdocs/content/en/contributing/codespaces.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/daprdocs/content/en/contributing/codespaces.md b/daprdocs/content/en/contributing/codespaces.md index 62585e50f..993f3e2bd 100644 --- a/daprdocs/content/en/contributing/codespaces.md +++ b/daprdocs/content/en/contributing/codespaces.md @@ -10,10 +10,6 @@ aliases: [GitHub Codespaces](https://github.com/features/codespaces) are the easiest way to get up and running for contributing to a Dapr repo. In as little as a single click, you can have an environment with all of the prerequisites ready to go in your browser. -{{% alert title="Private Beta" color="warning" %}} -GitHub Codespaces is currently in a private beta. Sign up [here](https://github.com/features/codespaces/signup). -{{% /alert %}} - ## Features - **Click and Run**: Get a dedicated and sandboxed environment with all of the required frameworks and packages ready to go. From dd197ee52b725064bdd23b61b68a7cac0978c09e Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Thu, 9 Sep 2021 10:26:56 -0700 Subject: [PATCH 6/7] Add doc for how to use setup-dapr GitHub Action --- .../integrations/github_actions.md | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 daprdocs/content/en/developing-applications/integrations/github_actions.md diff --git a/daprdocs/content/en/developing-applications/integrations/github_actions.md b/daprdocs/content/en/developing-applications/integrations/github_actions.md new file mode 100644 index 000000000..7ae699cb1 --- /dev/null +++ b/daprdocs/content/en/developing-applications/integrations/github_actions.md @@ -0,0 +1,37 @@ +--- +type: docs +weight: 10000 +title: "Use the Dapr CLI in a GitHub Actions workflow" +linkTitle: "GitHub Actions" +description: "Learn how to add the Dapr CLI to your GitHub Actions to deploy and manage Dapr in your environments." +--- + +Dapr can be integrated with GitHub Actions via the [Dapr tool installer](https://github.com/marketplace/actions/dapr-tool-installer) available in the GitHub Marketplace. This installer adds the Dapr CLI to your workflow, allowing you to deploy, manage, and upgrade Dapr across your environments. + +## Overview + +The `dapr/setup-dapr` action will install the specified version of the Dapr CLI on macOS, Linux and Windows runners. Once installed, you can run any [Dapr CLI command]({{< ref cli >}}) to manage your Dapr environments. + +## Example + +```yaml +- name: Install Dapr + uses: dapr/setup-dapr@v1 + with: + version: '1.3.0' + +- name: Initialize Dapr + shell: pwsh + run: | + # Get the credentials to K8s to use with dapr init + az aks get-credentials --resource-group ${{ env.RG_NAME }} --name "${{ steps.azure-deployment.outputs.aksName }}" + + # Initialize Dapr + # Group the Dapr init logs so these lines can be collapsed. + Write-Output "::group::Initialize Dapr" + dapr init --kubernetes --wait --runtime-version ${{ env.DAPR_VERSION }} + Write-Output "::endgroup::" + + dapr status --kubernetes + working-directory: ./twitter-sentiment-processor/demos/demo3 +``` \ No newline at end of file From 417fbf73fe59e614151c1fce468425f1cf4d23bd Mon Sep 17 00:00:00 2001 From: Ori Zohar Date: Thu, 9 Sep 2021 14:58:05 -0700 Subject: [PATCH 7/7] Update version in helm deployment section --- .../en/operations/hosting/kubernetes/kubernetes-deploy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-deploy.md b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-deploy.md index cf71a7c32..be72cd6c9 100644 --- a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-deploy.md +++ b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-deploy.md @@ -122,7 +122,7 @@ The latest Dapr helm chart no longer supports Helm v2. Please migrate from Helm ```bash helm upgrade --install dapr dapr/dapr \ - --version=1.2 \ + --version=1.3 \ --namespace dapr-system \ --create-namespace \ --wait @@ -132,7 +132,7 @@ The latest Dapr helm chart no longer supports Helm v2. Please migrate from Helm ```bash helm upgrade --install dapr dapr/dapr \ - --version=1.2 \ + --version=1.3 \ --namespace dapr-system \ --create-namespace \ --set global.ha.enabled=true \