dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding documentation for certificate renewal 

Signed-off-by: Pravin Pushkar <ppushkar@microsoft.com>
This commit is contained in:
Pravin Pushkar 2022-03-24 14:18:30 +05:30
parent 67d65a75b7
commit 2a66de5e21
2 changed files with 77 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
daprdocs/content/en/reference/cli/dapr-mtls/_index.md
View File

@ -30,8 +30,9 @@ dapr mtls [command]
### Available Commands
```txt
expiry Checks the expiry of the root certificate
export Export the root CA, issuer cert and key from Kubernetes to local files
expiry Checks the expiry of the root certificate
export Export the root CA, issuer cert and key from Kubernetes to local files
renew-certificate Rotates root CA, issuer cert and issuer key in Kubernetes secret used by Sentry service
```
### Command Reference
@ -40,6 +41,7 @@ You can learn more about each sub command from the links below.
- [`dapr mtls expiry`]({{< ref dapr-mtls-expiry.md >}})
- [`dapr mtls export`]({{< ref dapr-mtls-export.md >}})
- [`dapr mtls renew-certificate`]({{< ref dapr-mtls-renew-certificate.md >}})
### Examples

73
daprdocs/content/en/reference/cli/dapr-mtls/dapr-mtls-renew-certificate.md Normal file
View File

@ -0,0 +1,73 @@
---
type: docs
title: "mtls renew certificate CLI command reference"
linkTitle: "mtls renew certificate"
description: "Detailed information on the mtls renew certificate CLI command"
weight: 3000
---
### Description
This command can be used to renew expiring Dapr certificates in Kubernetes cluster.
It renews root CA certificate, issuer certificate and issuer key.
### Supported platforms
- [Kubernetes]({{< ref kubernetes >}})
### Usage
```bash
dapr mtls renew-certificate [flags]
```
### Flags
| Name | Environment Variable | Default | Description |
| -------------- | -------------------- | ----------------- | ------------------------------------------- |
| `--help`, `-h` | | | help for renew-certificate
| `--kubernetes`, `-k` | | `false` | supprted platform| |
| `--valid-until` | | 365 days | Validity for newly created certificates |
| `--restart` | | false | Restarts Dapr control plane services (Sentry service, Operator service and Placement server) |
| `--timeout` | | 300 sec | The timeout for the certificate renewal process |
| `--ca-root-certificate` | | | User provided root certificate pem file path|
| `--issuer-public-certificate` | | | User provided issuer certificate pem file path|
| `--issuer-private-key` | | | User provided issue private key file path|
| `--private-key` | | | User provided root.key file which is used to generate root certificate|
### Examples
#### Renew certificates by generating fresh new certificates
Generates new root and issuer certificates for Dapr kubernetes cluster with a default validity of 365 days.
```bash
dapr mtls renew-certificate -k
```
Generates new root and issuer certificates for kubernetes cluster with a default validity of 365 days and restart the control plane services.
```bash
dapr mtls renew-certificate -k --restart
```
Generates new root and issuer certificates for kubernetes cluster with a given validity.
```bash
dapr mtls renew-certificate -k --valid-until <no of days>
```
Generates new root and issuer certificates for kubernetes cluster with a given validity and restart the control place services.
```bash
dapr mtls renew-certificate -k --valid-until <no of days> --restart
```
#### Renew certificate by using user provided certificates
Rotates certificate of your kubernetes cluster with provided ca.pem, issuer.pem and issuer.key file path and restart the control plane services
```bash
dapr mtls renew-certificate -k --ca-root-certificate <ca.pem> --issuer-private-key <issuer.key> --issuer-public-certificate <issuer.pem> --restart
```
Rotates certificate of your kubernetes cluster with provided ca.pem, issuer.pem and issuer.key file path.
```bash
dapr mtls renew-certificate -k --ca-root-certificate <ca.pem> --issuer-private-key <issuer.key> --issuer-public-certificate <issuer.pem>
```
#### Renew certificates by generating fresh certificates using provided root private key
Uses existing private root.key to generate new root and issuer certificates for kubernetes cluster with a given validity for created certs.
```bash
dapr mtls renew-certificate -k --private-key myprivatekey.key --valid-until <no of days>
```
Uses existing private root.key to generate new root and issuer certificates for kubernetes cluster with a default validity of 365 days for created certs.
```bash
dapr mtls renew-certificate -k --private-key myprivatekey.key
```