Addressing review comments

Signed-off-by: Pravin Pushkar <ppushkar@microsoft.com>

daprdocs/content/en/operations/security/mtls.md

@@ -199,6 +199,17 @@ kubectl rollout restart statefulsets/dapr-placement-server -n <DAPR_NAMESPACE>
 
 4. Restart your Dapr applications to pick up the latest trust bundle.
 
+{{% alert title="Recommended CLI command to rotate certificates with new ones" color="success" %}}
+The below CLI command can be used to renew root and issuer certificates of your Kubernetes cluster. It also gives an option to provide validity for the new certificates in number of days. 
+
+The 2nd variant of this command provides `--private-key` flag to support use of `private root key` of your existing deployed certificate.
+This command generate new certificates signed by same private key. In this case the `Dapr Sentry service` would be able to pick the new certificate without restarting it.
+{{% /alert %}}
+
+```bash
+dapr mtls renew-certificate -k --valid-unitl <days> --restart
+dapr mtls renew-certificate -k --private-key <private_key_file_path> --valid-until <days>
+```
 {{% alert title="Potential application downtime with mTLS enabled." color="warning" %}}
 Restarts of deployments using service to service invocation using mTLS will fail until the callee service has also been restarted (thereby loading the new Dapr Trust Bundle). Additionally, the placement service will not be able to assign new actors (while existing actors remain unaffected) until applications have been restarted to load the new Dapr Trust Bundle.
 {{% /alert %}}
@@ -246,6 +257,14 @@ Once Sentry has been completely restarted run:
 kubectl rollout restart deploy/dapr-operator -n <DAPR_NAMESPACE>
 kubectl rollout restart statefulsets/dapr-placement-server -n <DAPR_NAMESPACE>
 ```
+{{% alert title="Recommended CLI command to achieve above steps" color="success" %}}
+To update the provided certificates in Kubernetes cluster, the belowl CLI command can be used.
+**Note - It does not support `valid-until` flag to specify validity.** 
+{{% /alert %}}
+
+```bash
+dapr mtls renew-certificate -k --ca-root-certificate <ca.crt> --issuer-private-key <issuer.key> --issuer-public-certificate <issuer.crt> --restart
+```
 
 Next, you must restart all Dapr-enabled pods.
 The recommended way to do this is to perform a rollout restart of your deployment:

daprdocs/content/en/reference/cli/dapr-components.md

@@ -45,4 +45,15 @@ dapr components -k -n mycomponent
 
 # List Dapr components in all namespaces in Kubernetes mode
 dapr components -k --all-namespaces
+```
+
+### Warning messages
+This command can issue warning messages.
+
+#### Root certificate renewal warning
+If the mtls root certificate deployed to the Kubernetes cluster expires in under 30 days the following warning message is displayed:
+
+```
+Dapr root certificate of your Kubernetes cluster expires in <n> days. Expiry date: <date:time> UTC. 
+Please see docs.dapr.io for certificate renewal instructions to avoid service interruptions.
 ```

daprdocs/content/en/reference/cli/dapr-configurations.md

@@ -45,4 +45,14 @@ dapr configurations -k -n appconfig
 
 # List Dapr configurations in all namespaces in Kubernetes mode
 dapr configurations -k --all-namespaces
+```
+### Warning messages
+This command can issue warning messages.
+
+#### Root certificate renewal warning
+If the mtls root certificate deployed to the Kubernetes cluster expires in under 30 days the following warning message is displayed:
+
+```
+Dapr root certificate of your Kubernetes cluster expires in <n> days. Expiry date: <date:time> UTC. 
+Please see docs.dapr.io for certificate renewal instructions to avoid service interruptions.
 ```

daprdocs/content/en/reference/cli/dapr-dashboard.md

@@ -49,3 +49,13 @@ dapr dashboard -k -p 9999 --address 0.0.0.0
 # Port forward to dashboard service running in Kubernetes on a specified port
 dapr dashboard -k -p 9999
 ```
+### Warning messages - Kubernetes Mode 
+This command can issue warning messages.
+
+#### Root certificate renewal warning
+If the mtls root certificate deployed to the Kubernetes cluster expires in under 30 days the following warning message is displayed:
+
+```
+Dapr root certificate of your Kubernetes cluster expires in <n> days. Expiry date: <date:time> UTC. 
+Please see docs.dapr.io for certificate renewal instructions to avoid service interruptions.
+```

daprdocs/content/en/reference/cli/dapr-list.md

@@ -48,4 +48,15 @@ dapr list -k --namespace default
 
 # List Dapr instances in all namespaces in  Kubernetes mode
 dapr list -k --all-namespaces
+```
+
+### Warning messages - Kubernetes Mode 
+This command can issue warning messages.
+
+#### Root certificate renewal warning
+If the mtls root certificate deployed to the Kubernetes cluster expires in under 30 days the following warning message is displayed:
+
+```
+Dapr root certificate of your Kubernetes cluster expires in <n> days. Expiry date: <date:time> UTC. 
+Please see docs.dapr.io for certificate renewal instructions to avoid service interruptions.
 ```

daprdocs/content/en/reference/cli/dapr-logs.md

@@ -35,3 +35,14 @@ dapr logs [flags]
 # Get logs of sample app from target pod in custom namespace
 dapr logs -k --app-id sample --pod-name target --namespace custom
 ```
+
+### Warning messages
+This command can issue warning messages.
+
+#### Root certificate renewal warning
+If the mtls root certificate deployed to the Kubernetes cluster expires in under 30 days the following warning message is displayed:
+
+```
+Dapr root certificate of your Kubernetes cluster expires in <n> days. Expiry date: <date:time> UTC. 
+Please see docs.dapr.io for certificate renewal instructions to avoid service interruptions.
+```

daprdocs/content/en/reference/cli/dapr-mtls/_index.md

@@ -48,4 +48,15 @@ You can learn more about each sub command from the links below.
 ```bash
 # Check if mTLS is enabled on the Kubernetes cluster
 dapr mtls -k
+```
+
+### Warning messages
+This command can issue warning messages.
+
+#### Root certificate renewal warning
+If the mtls root certificate deployed to the Kubernetes cluster expires in under 30 days the following warning message is displayed:
+
+```
+Dapr root certificate of your Kubernetes cluster expires in <n> days. Expiry date: <date:time> UTC. 
+Please see docs.dapr.io for certificate renewal instructions to avoid service interruptions.
 ```

daprdocs/content/en/reference/cli/dapr-mtls/dapr-mtls-export.md

@@ -33,3 +33,14 @@ dapr mtls export [flags]
 # Check expiry of Kubernetes certs
 dapr mtls export -o ./certs
 ```
+
+### Warning messages
+This command can issue warning messages.
+
+#### Root certificate renewal warning
+If the mtls root certificate deployed to the Kubernetes cluster expires in under 30 days the following warning message is displayed:
+
+```
+Dapr root certificate of your Kubernetes cluster expires in <n> days. Expiry date: <date:time> UTC. 
+Please see docs.dapr.io for certificate renewal instructions to avoid service interruptions.
+```

daprdocs/content/en/reference/cli/dapr-status.md

@@ -32,3 +32,14 @@ dapr status -k
 # Get status of Dapr services from Kubernetes
 dapr status -k
 ```
+
+### Warning messages
+This command can issue warning messages.
+
+#### Root certificate renewal warning
+If the mtls root certificate deployed to the Kubernetes cluster expires in under 30 days the following warning message is displayed:
+
+```
+Dapr root certificate of your Kubernetes cluster expires in <n> days. Expiry date: <date:time> UTC. 
+Please see docs.dapr.io for certificate renewal instructions to avoid service interruptions.
+```

daprdocs/content/en/reference/cli/dapr-upgrade.md

@@ -46,6 +46,16 @@ dapr upgrade -k --runtime-version 1.2
 # Upgrade or downgrade to a specified version of Dapr runtime in Kubernetes with value set
 dapr upgrade -k --runtime-version 1.2 --set global.logAsJson=true
 ```
+### Warning messages
+This command can issue warning messages.
+
+#### Root certificate renewal warning
+If the mtls root certificate deployed to the Kubernetes cluster expires in under 30 days the following warning message is displayed:
+
+```
+Dapr root certificate of your Kubernetes cluster expires in <n> days. Expiry date: <date:time> UTC. 
+Please see docs.dapr.io for certificate renewal instructions to avoid service interruptions.
+```
 
 ### Related links