From 3dbb75fb25c4258e50aa67c1f070b91749221fda Mon Sep 17 00:00:00 2001 From: Ricard <16720621+ricardf@users.noreply.github.com> Date: Mon, 23 Aug 2021 20:16:57 +0200 Subject: [PATCH 1/5] Fix invokation example on powershell when using mTLS #1739 Environment variables should be fullfiled using -raw to avoid windows to treat end of lines. --- .../en/operations/configuration/invoke-allowlist.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/daprdocs/content/en/operations/configuration/invoke-allowlist.md b/daprdocs/content/en/operations/configuration/invoke-allowlist.md index 24aaf6809..2388f8754 100644 --- a/daprdocs/content/en/operations/configuration/invoke-allowlist.md +++ b/daprdocs/content/en/operations/configuration/invoke-allowlist.md @@ -263,9 +263,9 @@ The following steps run the Sentry service locally with mTLS enabled, set up nec {{% codetab %}} ```powershell - $env:DAPR_TRUST_ANCHORS=$(Get-Content $env:USERPROFILE\.dapr\certs\ca.crt) - $env:DAPR_CERT_CHAIN=$(Get-Content $env:USERPROFILE\.dapr\certs\issuer.crt) - $env:DAPR_CERT_KEY=$(Get-Content $env:USERPROFILE\.dapr\certs\issuer.key) + $env:DAPR_TRUST_ANCHORS=$(Get-Content -raw $env:USERPROFILE\.dapr\certs\ca.crt) + $env:DAPR_CERT_CHAIN=$(Get-Content -raw $env:USERPROFILE\.dapr\certs\issuer.crt) + $env:DAPR_CERT_KEY=$(Get-Content -raw $env:USERPROFILE\.dapr\certs\issuer.key) $env:NAMESPACE="default" ``` @@ -356,4 +356,4 @@ spec: containers: - name: python image: dapriosamples/hello-k8s-python:edge - ``` \ No newline at end of file + ``` From cd0bd7ad8f406ea84d6ccfe542e56c4aa4847b6f Mon Sep 17 00:00:00 2001 From: Ricard <16720621+ricardf@users.noreply.github.com> Date: Mon, 23 Aug 2021 20:42:40 +0200 Subject: [PATCH 2/5] Add reference to service invokation operations documentation Add reference to service invokation operations documentation using mTLS --- daprdocs/content/en/operations/security/mtls.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/daprdocs/content/en/operations/security/mtls.md b/daprdocs/content/en/operations/security/mtls.md index 10e573ff4..71f3a9b78 100644 --- a/daprdocs/content/en/operations/security/mtls.md +++ b/daprdocs/content/en/operations/security/mtls.md @@ -229,6 +229,8 @@ If using `daprd` directly, use the following flags to enable mTLS: daprd --app-id myapp --enable-mtls --sentry-address localhost:50001 --config=./config.yaml ``` +Several environment variables should be filled in with the information of the certificates when invoking services with the dapr sidecar. Check the [Service Invocation access control]({{< ref "invoke-allowlist.md" >}}) self-hosted example using mTLS for more detail. + #### Sentry configuration Here's an example of a configuration for Sentry that changes the workload cert TTL to 25 seconds: From 4e36e72f7f93cbb5f0ab0493dfcb61a954dbccde Mon Sep 17 00:00:00 2001 From: Ricard <16720621+ricardf@users.noreply.github.com> Date: Mon, 23 Aug 2021 20:44:34 +0200 Subject: [PATCH 3/5] Added extra information regarding service invokation mtls Added extra information regarding service invokation mtls --- daprdocs/content/en/operations/security/mtls.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daprdocs/content/en/operations/security/mtls.md b/daprdocs/content/en/operations/security/mtls.md index 71f3a9b78..1354ba318 100644 --- a/daprdocs/content/en/operations/security/mtls.md +++ b/daprdocs/content/en/operations/security/mtls.md @@ -229,7 +229,7 @@ If using `daprd` directly, use the following flags to enable mTLS: daprd --app-id myapp --enable-mtls --sentry-address localhost:50001 --config=./config.yaml ``` -Several environment variables should be filled in with the information of the certificates when invoking services with the dapr sidecar. Check the [Service Invocation access control]({{< ref "invoke-allowlist.md" >}}) self-hosted example using mTLS for more detail. +Extra configuration is required using environment variables that be filled in with the information of the certificates when invoking services with the dapr sidecar. Check the [Service Invocation access control]({{< ref "invoke-allowlist.md" >}}) self-hosted example using mTLS for more detail. #### Sentry configuration From 678f18bd51fc19c6ddc5541baa3bea05217dd59a Mon Sep 17 00:00:00 2001 From: Ricard Forcada <16720621+ricardf@users.noreply.github.com> Date: Sun, 29 Aug 2021 09:05:29 +0200 Subject: [PATCH 4/5] Updated suggestions PR --- .../configuration/invoke-allowlist.md | 6 ++-- .../content/en/operations/security/mtls.md | 28 +++++++++++++++++-- 2 files changed, 29 insertions(+), 5 deletions(-) diff --git a/daprdocs/content/en/operations/configuration/invoke-allowlist.md b/daprdocs/content/en/operations/configuration/invoke-allowlist.md index 2388f8754..791c9fe08 100644 --- a/daprdocs/content/en/operations/configuration/invoke-allowlist.md +++ b/daprdocs/content/en/operations/configuration/invoke-allowlist.md @@ -300,9 +300,9 @@ The following steps run the Sentry service locally with mTLS enabled, set up nec {{% codetab %}} ```powershell - $env:DAPR_TRUST_ANCHORS=$(Get-Content $env:USERPROFILE\.dapr\certs\ca.crt) - $env:DAPR_CERT_CHAIN=$(Get-Content $env:USERPROFILE\.dapr\certs\issuer.crt) - $env:DAPR_CERT_KEY=$(Get-Content $env:USERPROFILE\.dapr\certs\issuer.key) + $env:DAPR_TRUST_ANCHORS=$(Get-Content -raw $env:USERPROFILE\.dapr\certs\ca.crt) + $env:DAPR_CERT_CHAIN=$(Get-Content -raw $env:USERPROFILE\.dapr\certs\issuer.crt) + $env:DAPR_CERT_KEY=$(Get-Content -raw $env:USERPROFILE\.dapr\certs\issuer.key) $env:NAMESPACE="default" ``` {{% /codetab %}} diff --git a/daprdocs/content/en/operations/security/mtls.md b/daprdocs/content/en/operations/security/mtls.md index 1354ba318..5cee6994a 100644 --- a/daprdocs/content/en/operations/security/mtls.md +++ b/daprdocs/content/en/operations/security/mtls.md @@ -217,6 +217,32 @@ spec: enabled: true ``` +In addition to the Dapr configuration, you will also need to provide the TLS certificates to each Dapr sidecar instance. You can do so by setting the following environment variables before running the Dapr instance: + +{{< tabs "Linux/MacOS" Windows >}} + +{{% codetab %}} +```bash +export DAPR_TRUST_ANCHORS=`cat $HOME/.dapr/certs/ca.crt` +export DAPR_CERT_CHAIN=`cat $HOME/.dapr/certs/issuer.crt` +export DAPR_CERT_KEY=`cat $HOME/.dapr/certs/issuer.key` +export NAMESPACE=default +``` + +{{% /codetab %}} + +{{% codetab %}} +```powershell +$env:DAPR_TRUST_ANCHORS=$(Get-Content -raw $env:USERPROFILE\.dapr\certs\ca.crt) +$env:DAPR_CERT_CHAIN=$(Get-Content -raw $env:USERPROFILE\.dapr\certs\issuer.crt) +$env:DAPR_CERT_KEY=$(Get-Content -raw $env:USERPROFILE\.dapr\certs\issuer.key) +$env:NAMESPACE="default" +``` + +{{% /codetab %}} + +{{< /tabs >}} + If using the Dapr CLI, point Dapr to the config file above to run the Dapr instance with mTLS enabled: ``` @@ -229,8 +255,6 @@ If using `daprd` directly, use the following flags to enable mTLS: daprd --app-id myapp --enable-mtls --sentry-address localhost:50001 --config=./config.yaml ``` -Extra configuration is required using environment variables that be filled in with the information of the certificates when invoking services with the dapr sidecar. Check the [Service Invocation access control]({{< ref "invoke-allowlist.md" >}}) self-hosted example using mTLS for more detail. - #### Sentry configuration Here's an example of a configuration for Sentry that changes the workload cert TTL to 25 seconds: From a4539734d2bd237ee896baa6e734ff1555bc5a4d Mon Sep 17 00:00:00 2001 From: Nick Greenfield Date: Tue, 31 Aug 2021 16:49:49 -0700 Subject: [PATCH 5/5] Fix spelling of "Event Hubs" --- .../reference/components-reference/supported-pubsub/_index.md | 2 +- .../supported-pubsub/setup-azure-eventhubs.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/_index.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/_index.md index 51335b33b..fb75ebe1c 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/_index.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/_index.md @@ -46,5 +46,5 @@ Table captions: | Name | Status | Component version | Since | |-----------------------------------------------------------|--------| ----------------| -- | -| [Azure Events Hub]({{< ref setup-azure-eventhubs.md >}}) | Alpha | v1 | 1.0 | +| [Azure Event Hubs]({{< ref setup-azure-eventhubs.md >}}) | Alpha | v1 | 1.0 | | [Azure Service Bus]({{< ref setup-azure-servicebus.md >}})| GA | v1 | 1.0 | diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-eventhubs.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-eventhubs.md index 526977f1d..ab1aed4db 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-eventhubs.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-eventhubs.md @@ -1,7 +1,7 @@ --- type: docs -title: "Azure Events Hub" -linkTitle: "Azure Events Hub" +title: "Azure Event Hubs" +linkTitle: "Azure Event Hubs" description: "Detailed documentation on the Azure Event Hubs pubsub component" aliases: - "/operations/components/setup-pubsub/supported-pubsub/setup-azure-eventhubs/"