dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'v1.8' into update-wasm

This commit is contained in:
greenie-msft 2022-07-27 14:25:05 -07:00 committed by GitHub
parent 1a2ec21520 c62919bb2a
commit 419f3b14c8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 136 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
daprdocs/content/en/getting-started/install-dapr-cli.md
View File

@ -74,7 +74,7 @@ curl -fsSL https://raw.githubusercontent.com/dapr/cli/master/install/install.sh
**For ARM64 Macs:** **For ARM64 Macs:**
ARM64 Macs support is available as a *preview feature*. When installing from the terminal, native ARM64 binaries are downloaded once available. For older releases, AMD64 binaries are downloaded and must be run with Rosetta2 emulation enabled. When installing from the terminal, native ARM64 binaries are available.
To install Rosetta emulation: To install Rosetta emulation:
@ -92,7 +92,7 @@ brew install dapr/tap/dapr-cli
**For ARM64 Macs:** **For ARM64 Macs:**
For ARM64 Macs, only Homebrew 3.0 and higher versions are supported. Please update Homebrew to 3.0.0 or higher and then run the command below: For ARM64 Macs, Homebrew 3.0 and higher versions are supported. Update Homebrew to 3.0.0 or higher and then run the command below:
```bash ```bash
arch -arm64 brew install dapr/tap/dapr-cli arch -arm64 brew install dapr/tap/dapr-cli

21
daprdocs/content/en/operations/configuration/install-certificates.md
View File

@ -80,18 +80,29 @@ spec:
... ...
``` ```
{{% alert title="Note" color="primary" %}} **Note**: When using Windows containers, the sidecar container is started with admin privileges, which is required to install the certificates. This does not apply to Linux containers.
When using Windows containers, the sidecar container is started with admin privileges, which is required to install the certificates. This does not apply to Linux containers.
{{% /alert %}}
{{% /codetab %}} {{% /codetab %}}
Note, all the certificates in the directory pointed by `SSL_CERT_DIR` are installed. {{< /tabs >}}
<hr/>
All the certificates in the directory pointed by `SSL_CERT_DIR` are installed.
1. On Linux containers, all the certificate extensions supported by OpenSSL are supported. For more information, see https://www.openssl.org/docs/man1.1.1/man1/openssl-rehash.html 1. On Linux containers, all the certificate extensions supported by OpenSSL are supported. For more information, see https://www.openssl.org/docs/man1.1.1/man1/openssl-rehash.html
1. On Windows container, all the certificate extensions supported by certoc.exe are supported. For more information, see certoc.exe present in [Windows Server Core](https://hub.docker.com/_/microsoft-windows-servercore) 1. On Windows container, all the certificate extensions supported by certoc.exe are supported. For more information, see certoc.exe present in [Windows Server Core](https://hub.docker.com/_/microsoft-windows-servercore)
{{< /tabs >}} ## Example
Watch the demo on using installing SSL certificates and securely using the HTTP binding in community call 64:
<div class="embed-responsive embed-responsive-16by9">
<iframe width="560" height="315" src="https://www.youtube.com/embed/M0VM7GlphAU?start=800" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
</div>
## Related links ## Related links
- [HTTP binding spec]({{< ref http.md >}})
- [(Kubernetes) How-to: Mount Pod volumes to the Dapr sidecar]({{< ref kubernetes-volume-mounts.md >}}) - [(Kubernetes) How-to: Mount Pod volumes to the Dapr sidecar]({{< ref kubernetes-volume-mounts.md >}})
- [Dapr Kubernetes pod annotations spec]({{< ref arguments-annotations-overview.md >}}) - [Dapr Kubernetes pod annotations spec]({{< ref arguments-annotations-overview.md >}})

119
daprdocs/content/en/reference/components-reference/supported-bindings/http.md
View File

@ -172,9 +172,126 @@ curl -d '{ "operation": "post", "data": "YOUR_BASE_64_CONTENT", "metadata": { "p
The HTTP binding can also be used with HTTPS endpoints by configuring the Dapr sidecar to trust the server's SSL certificate. The HTTP binding can also be used with HTTPS endpoints by configuring the Dapr sidecar to trust the server's SSL certificate.
1. Update the binding component's YAML to use `https` instead of `http`
1. Update the binding URL to use `https` instead of `http`.
1. Refer [How-To: Install certificates in the Dapr sidecar]({{< ref install-certificates >}}), to install the SSL certificate in the sidecar. 1. Refer [How-To: Install certificates in the Dapr sidecar]({{< ref install-certificates >}}), to install the SSL certificate in the sidecar.
### Example
#### Update the binding component
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: <NAME>
namespace: <NAMESPACE>
spec:
type: bindings.http
version: v1
metadata:
- name: url
value: https://my-secured-website.com # Use HTTPS
```
#### Install the SSL certificate in the sidecar
{{< tabs Self-Hosted Kubernetes >}}
{{% codetab %}}
When the sidecar is not running inside a container, the SSL certificate can be directly installed on the host operating system.
Below is an example when the sidecar is running as a container. The SSL certificate is located on the host computer at `/tmp/ssl/cert.pem`.
```yaml
version: '3'
services:
my-app:
# ...
dapr-sidecar:
image: "daprio/daprd:1.8.0"
command: [
"./daprd",
"-app-id", "myapp",
"-app-port", "3000",
]
volumes:
- "./components/:/components"
- "/tmp/ssl/:/certificates" # Mount the certificates folder to the sidecar container at /certificates
environment:
- "SSL_CERT_DIR=/certificates" # Set the environment variable to the path of the certificates folder
depends_on:
- my-app
```
{{% /codetab %}}
{{% codetab %}}
The sidecar can read the SSL certificate from a variety of sources. See [How-to: Mount Pod volumes to the Dapr sidecar]({{< ref kubernetes-volume-mounts >}}) for more. In this example, we store the SSL certificate as a Kubernetes secret.
```bash
kubectl create secret generic myapp-cert --from-file /tmp/ssl/cert.pem
```
The YAML below is an example of the Kubernetes deployment that mounts the above secret to the sidecar and sets `SSL_CERT_DIR` to install the certificates.
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
namespace: default
labels:
app: myapp
spec:
replicas: 1
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
annotations:
dapr.io/enabled: "true"
dapr.io/app-id: "myapp"
dapr.io/app-port: "8000"
dapr.io/volume-mounts: "cert-vol:/certificates" # Mount the certificates folder to the sidecar container at /certificates
dapr.io/env: "SSL_CERT_DIR=/certificates" # Set the environment variable to the path of the certificates folder
spec:
volumes:
- name: cert-vol
secret:
secretName: myapp-cert
...
```
{{% /codetab %}}
{{< /tabs >}}
#### Invoke the binding securely
{{< tabs Windows Linux >}}
{{% codetab %}}
```bash
curl -d "{ \"operation\": \"get\" }" \
https://localhost:<dapr-port>/v1.0/bindings/<binding-name>
```
{{% /codetab %}}
{{% codetab %}}
```bash
curl -d '{ "operation": "get" }' \
https://localhost:<dapr-port>/v1.0/bindings/<binding-name>
```
{{% /codetab %}}
{{< /tabs >}}
## Related links ## Related links