dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'v1.1' into patch-1

This commit is contained in:
Aaron Crawfis 2021-04-28 09:12:11 -07:00 committed by GitHub
parent 2205991dc2 69075734f2
commit 52ea7e4373
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 26 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md
View File

@ -33,6 +33,7 @@ spec:
value: "[your_service_principal_tenant_id]" value: "[your_service_principal_tenant_id]"
- name: spnClientId - name: spnClientId
value: "[your_service_principal_app_id]" value: "[your_service_principal_app_id]"
value : "[pfx_certificate_contents]"
- name: spnCertificateFile - name: spnCertificateFile
value : "[pfx_certificate_file_fully_qualified_local_path]" value : "[pfx_certificate_file_fully_qualified_local_path]"
``` ```
@ -42,12 +43,25 @@ The above example uses secrets as plain strings. It is recommended to use a loca
## Spec metadata fields ## Spec metadata fields
### Self-Hosted
| Field | Required | Details | Example | | Field | Required | Details | Example |
|--------------------|:--------:|-------------------------------------------------------------------------|--------------------------| |--------------------|:--------:|---------|---------|
| vaultName | Y | The name of the Azure Key Vault | `"mykeyvault"` | | vaultName | Y | The name of the Azure Key Vault | `"mykeyvault"`
| spnTenantId | Y | Service Principal Tenant Id | `"spnTenantId"` | | spnTenantId | Y | Service Principal Tenant Id | `"spnTenantId"`
| spnClientId | Y | Service Principal App Id | `"spnAppId"` | | spnClientId | Y | Service Principal App Id | `"spnAppId"`
| spnCertificateFile | Y | PFX certificate file path. <br></br> For Windows the `[pfx_certificate_file_fully_qualified_local_path]` value must use escaped backslashes, i.e. double backslashes. For example `"C:\\folder1\\folder2\\certfile.pfx"`. <br></br> For Linux you can use single slashes. For example `"/folder1/folder2/certfile.pfx"`. <br></br> See [configure the component](#configure-the-component) for more details | `"C:\\folder1\\folder2\\certfile.pfx"`, `"/folder1/folder2/certfile.pfx"` | | spnCertificateFile | Y | PFX certificate file path. <br></br> For Windows the `[pfx_certificate_file_fully_qualified_local_path]` value must use escaped backslashes, i.e. double backslashes. For example `"C:\\folder1\\folder2\\certfile.pfx"`. <br></br> For Linux you can use single slashes. For example `"/folder1/folder2/certfile.pfx"`. <br></br> See [configure the component](#configure-the-component) for more details | `"C:\\folder1\\folder2\\certfile.pfx"`, `"/folder1/folder2/certfile.pfx"`
### Kubernetes
| Field | Required | Details | Example |
|----------------|:--------:|---------|---------|
| vaultName | Y | The name of the Azure Key Vault | `"mykeyvault"`
| spnTenantId | Y | Service Principal Tenant Id | `"spnTenantId"`
| spnClientId | Y | Service Principal App Id | `"spnAppId"`
| spnCertificate | Y | PKCS 12 encoded bytes of the certificate. See [configure the component](#configure-the-component) for details on encoding this in a Kubernetes secret. | `secretKeyRef: ...` <br /> See [configure the component](#configure-the-component) for more information.
## Setup Key Vault and service principal ## Setup Key Vault and service principal
@ -165,11 +179,12 @@ In Kubernetes, you store the certificate for the service principal into the Kube
1. Create a kubernetes secret using the following command: 1. Create a kubernetes secret using the following command:
```bash ```bash
kubectl create secret generic [your_k8s_spn_secret_name] --from-file=[pfx_certificate_file_fully_qualified_local_path] kubectl create secret generic [your_k8s_spn_secret_name] --from-file=[your_k8s_spn_secret_key]=[pfx_certificate_file_fully_qualified_local_path]
``` ```
- `[pfx_certificate_file_fully_qualified_local_path]` is the path of PFX cert file you downloaded above - `[pfx_certificate_file_fully_qualified_local_path]` is the path of PFX cert file you downloaded above
- `[your_k8s_spn_secret_name]` is secret name in Kubernetes secret store - `[your_k8s_spn_secret_name]` is secret name in Kubernetes secret store
- `[your_k8s_spn_secret_key]` is secret key in Kubernetes secret store
2. Create a `azurekeyvault.yaml` component file 2. Create a `azurekeyvault.yaml` component file
@ -194,7 +209,7 @@ spec:
- name: spnCertificate - name: spnCertificate
secretKeyRef: secretKeyRef:
name: [your_k8s_spn_secret_name] name: [your_k8s_spn_secret_name]
key: [pfx_certificate_file_fully_qualified_local_path] key: [your_k8s_spn_secret_key]
auth: auth:
secretStore: kubernetes secretStore: kubernetes
``` ```