dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

finish freshness pass 

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>
This commit is contained in:
Hannah Hunter 2024-08-08 13:36:16 -04:00
parent d41dd5753c
commit 31830bfeea
2 changed files with 55 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
daprdocs/content/en/operations/configuration/install-certificates.md
View File

@ -6,20 +6,26 @@ weight: 6500
description: "Configure the Dapr sidecar container to trust certificates"
---
The Dapr sidecar can be configured to trust certificates for communicating with external services. This is useful in scenarios where a self-signed certificate needs to be trusted. For example, using an HTTP binding or configuring an outbound proxy for the sidecar. Both certificate authority (CA) certificates and leaf certificates are supported.
The Dapr sidecar can be configured to trust certificates for communicating with external services. This is useful in scenarios where a self-signed certificate needs to be trusted, such as:
- Using an HTTP binding
- Configuring an outbound proxy for the sidecar
Both certificate authority (CA) certificates and leaf certificates are supported.
{{< tabs Self-hosted Kubernetes >}}
<!--self-hosted-->
{{% codetab %}}
When the sidecar is not running inside a container, certificates must be directly installed on the host operating system.
You can make the following configurations when the sidecar is running as a container.
When the sidecar is running as a container:
1. Certificates must be available to the sidecar container. This can be configured using volume mounts.
1. The environment variable `SSL_CERT_DIR` must be set in the sidecar container, pointing to the directory containing the certificates.
1. For Windows containers, the container needs to run with administrator privileges to be able to install the certificates.
1. Configure certificates to be available to the sidecar container using volume mounts.
1. Point the environment variable `SSL_CERT_DIR` in the sidecar container to the directory containing the certificates.
> **Note:** For Windows containers, make sure the container is running with administrator privileges so it can install the certificates.
The following example uses Docker Compose to install certificates (present locally in the `./certificates` directory) in the sidecar container:
Below is an example that uses Docker Compose to install certificates (present locally in the `./certificates` directory) in the sidecar container:
```yaml
version: '3'
services:
@ -39,16 +45,22 @@ services:
# user: ContainerAdministrator
```
> **Note:** When the sidecar is not running inside a container, certificates must be directly installed on the host operating system.
{{% /codetab %}}
<!--kubernetes-->
{{% codetab %}}
On Kubernetes:
1. Certificates must be available to the sidecar container using a volume mount.
1. The environment variable `SSL_CERT_DIR` must be set in the sidecar container, pointing to the directory containing the certificates.
The YAML below is an example of a deployment that attaches a pod volume to the sidecar, and sets `SSL_CERT_DIR` to install the certificates.
1. Configure certificates to be available to the sidecar container using a volume mount.
1. Point the environment variable `SSL_CERT_DIR` in the sidecar container to the directory containing the certificates.
The following example YAML shows a deployment that:
- Attaches a pod volume to the sidecar
- Sets `SSL_CERT_DIR` to install the certificates
```yaml
apiVersion: apps/v1
kind: Deployment
@ -77,23 +89,21 @@ spec:
- name: certificates-vol
hostPath:
path: /certificates
...
#...
```
**Note**: When using Windows containers, the sidecar container is started with admin privileges, which is required to install the certificates. This does not apply to Linux containers.
> **Note**: When using Windows containers, the sidecar container is started with admin privileges, which is required to install the certificates. This does not apply to Linux containers.
{{% /codetab %}}
{{< /tabs >}}
<hr/>
After following these steps, all the certificates in the directory pointed by `SSL_CERT_DIR` are installed.
All the certificates in the directory pointed by `SSL_CERT_DIR` are installed.
- **On Linux containers:** All the certificate extensions supported by OpenSSL are supported. [Learn more.](https://www.openssl.org/docs/man1.1.1/man1/openssl-rehash.html)
- **On Windows container:** All the certificate extensions supported by `certoc.exe` are supported. [See certoc.exe present in Windows Server Core](https://hub.docker.com/_/microsoft-windows-servercore).
1. On Linux containers, all the certificate extensions supported by OpenSSL are supported. For more information, see https://www.openssl.org/docs/man1.1.1/man1/openssl-rehash.html
1. On Windows container, all the certificate extensions supported by certoc.exe are supported. For more information, see certoc.exe present in [Windows Server Core](https://hub.docker.com/_/microsoft-windows-servercore)
## Example
## Demo
Watch the demo on using installing SSL certificates and securely using the HTTP binding in community call 64:
@ -106,3 +116,7 @@ Watch the demo on using installing SSL certificates and securely using the HTTP
- [HTTP binding spec]({{< ref http.md >}})
- [(Kubernetes) How-to: Mount Pod volumes to the Dapr sidecar]({{< ref kubernetes-volume-mounts.md >}})
- [Dapr Kubernetes pod annotations spec]({{< ref arguments-annotations-overview.md >}})
## Next steps
{{< button text="Enable preview features" page="preview-features" >}}

31
daprdocs/content/en/operations/configuration/preview-features.md
View File

@ -6,23 +6,21 @@ weight: 7000
description: "How to specify and enable preview features"
---
## Overview
Preview features in Dapr are considered experimental when they are first released. These preview features require explicit opt-in in order to be used. The opt-in is specified in Dapr's configuration.
[Preview features]({{< ref support-preview-features >}}) in Dapr are considered experimental when they are first released. These preview features require you to explicitly opt-in to use them. You specify this opt-in in Dapr's Configuration file.
Preview features are enabled on a per application basis by setting configuration when running an application instance.
### Preview features
The current list of preview features can be found [here]({{<ref support-preview-features>}}).
## Configuration properties
The `features` section under the `Configuration` spec contains the following properties:
| Property | Type | Description |
|----------------|--------|-------------|
|name|string|The name of the preview feature that is enabled/disabled
|enabled|bool|Boolean specifying if the feature is enabled or disabled
|`name`|string|The name of the preview feature that is enabled/disabled
|`enabled`|bool|Boolean specifying if the feature is enabled or disabled
## Enabling a preview feature
Preview features are specified in the configuration. Here is an example of a full configuration that contains multiple features:
```yaml
@ -42,7 +40,11 @@ spec:
enabled: true
```
### Standalone
{{< tabs Self-hosted Kubernetes >}}
<!--self-hosted-->
{{% codetab %}}
To enable preview features when running Dapr locally, either update the default configuration or specify a separate config file using `dapr run`.
The default Dapr config is created when you run `dapr init`, and is located at:
@ -55,8 +57,11 @@ Alternately, you can update preview features on all apps run locally by specifyi
dapr run --app-id myApp --config ./previewConfig.yaml ./app
```
{{% /codetab %}}
<!--kubernetes-->
{{% codetab %}}
### Kubernetes
In Kubernetes mode, the configuration must be provided via a configuration component. Using the same configuration as above, apply it via `kubectl`:
```bash
@ -94,3 +99,11 @@ spec:
- containerPort: 3000
imagePullPolicy: Always
```
{{% /codetab %}}
{{< /tabs >}}
## Next steps
{{< button text="Configuration schema" page="configuration-schema" >}}