From 6d2646cfe9d4e8e64ef73963207c6d3250c35def Mon Sep 17 00:00:00 2001
From: Mark Chmarny <mchmarny@users.noreply.github.com>
Date: Thu, 17 Dec 2020 11:07:05 -0800
Subject: [PATCH 1/4] Upgrade command/how-to updates

---
 .../hosting/kubernetes/kubernetes-production.md     | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-production.md b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-production.md
index 00e736da2..04a5333ed 100644
--- a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-production.md
+++ b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-production.md
@@ -138,12 +138,19 @@ NAME     	CHART VERSION	APP VERSION	DESCRIPTION
 dapr/dapr	1.0.0-rc.1   	1.0.0-rc.1 	A Helm chart for Dapr on Kubernetes
 ```
 
-The APP VERSION column tells us which Dapr runtime version is installed by the chart.
+The APP VERSION column tells us which Dapr runtime version is installed by the chart. Now, use the following command to upgrade Dapr to your desired runtime version providing a path to the certificate files you saved before:
 
-Use the following command to upgrade Dapr to your desired runtime version providing a path to the certificate files you saved:
+> Remove the `--set global.ha.enabled=true` if your current Dapr installation has not been deployed is HA mode.
 
 ```bash
-helm upgrade dapr dapr/dapr --version <Dapr chart version> --namespace dapr-system --reset-values --set-file dapr_sentry.tls.root.certPEM=ca.crt --set-file dapr_sentry.tls.issuer.certPEM=issuer.crt --set-file dapr_sentry.tls.issuer.keyPEM=issuer.key
+helm upgrade dapr dapr/dapr \
+    --version <Dapr chart version> \
+    --namespace dapr-system \
+    --reset-values \
+    --set-file dapr_sentry.tls.root.certPEM=certs/ca.crt \
+    --set-file dapr_sentry.tls.issuer.certPEM=certs/issuer.crt \
+    --set-file dapr_sentry.tls.issuer.keyPEM=certs/issuer.key \
+    --set global.ha.enabled=true
 ```
 
 Kubernetes now performs a rolling update. Wait until all the new pods appear as running:

From 0b77c43c4f3fde0b01e5878317ebac651bdf9c9a Mon Sep 17 00:00:00 2001
From: Mukundan Sundararajan <musundar@microsoft.com>
Date: Thu, 17 Dec 2020 11:14:48 -0800
Subject: [PATCH 2/4] Add api-token-secret annotation for k8s

---
 .../operations/hosting/kubernetes/kubernetes-annotations.md   | 1 +
 daprdocs/content/en/operations/security/api-token.md          | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-annotations.md b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-annotations.md
index 39dcef64f..32dfdb6aa 100644
--- a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-annotations.md
+++ b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-annotations.md
@@ -17,6 +17,7 @@ The following table shows all the supported pod Spec annotations supported by Da
 | `dapr.io/config`                                  | Tells Dapr which Configuration CRD to use
 | `dapr.io/log-as-json`                             | Setting this parameter to `true` outputs logs in JSON format. Default is `false`
 | `dapr.io/enable-profiling`                        | Setting this paramater to `true` starts the Dapr profiling server on port `7777`. Default is `false`
+| `dapr.io/api-token-secret`                        | Tells Dapr which Kubernetes secret to use for token based API authentication. By default this is not set.
 | `dapr.io/app-protocol`                            | Tells Dapr which protocol your application is using. Valid options are `http` and `grpc`. Default is `http`
 | `dapr.io/app-max-concurrency`                     | Limit the concurrency of your application. A valid value is any number larger than `0`
 | `dapr.io/app-ssl`   | Tells Dapr to invoke the app over an insecure SSL connection. Applies to both HTTP and gRPC. Default is `false`.
diff --git a/daprdocs/content/en/operations/security/api-token.md b/daprdocs/content/en/operations/security/api-token.md
index e6d03c2d7..008ca4217 100644
--- a/daprdocs/content/en/operations/security/api-token.md
+++ b/daprdocs/content/en/operations/security/api-token.md
@@ -1,6 +1,6 @@
 ---
 type: docs
-title: "Enable API token based authentication"
+title: "Enable token based API authentication"
 linkTitle: "API token auth"
 weight: 3000
 description: "Require every incoming API request to include an authentication token before allowing that request to pass through"
@@ -14,7 +14,7 @@ Dapr uses [JWT](https://jwt.io/) tokens for API authentication.
 
 > Note, while Dapr itself is actually not the JWT token issuer in this implementation, being explicit about the use of JWT standard enables federated implementations in the future (e.g. OAuth2).
 
-To configure APIs authentication, start by generating your token using any JWT token compatible tool (e.g. https://jwt.io/) and your secret. 
+To configure API authentication, start by generating your token using any JWT token compatible tool (e.g. https://jwt.io/) and your secret. 
 
 > Note, that secret is only necessary to generate the token, and Dapr doesn't need to know about or store it
 

From 97be510fe701a3450de942fc306f362de6fe9c3e Mon Sep 17 00:00:00 2001
From: Mark Chmarny <mchmarny@users.noreply.github.com>
Date: Thu, 17 Dec 2020 11:17:06 -0800
Subject: [PATCH 3/4] Grammar

---
 .../en/operations/hosting/kubernetes/kubernetes-production.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-production.md b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-production.md
index 04a5333ed..1ddd47b72 100644
--- a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-production.md
+++ b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-production.md
@@ -140,7 +140,7 @@ dapr/dapr	1.0.0-rc.1   	1.0.0-rc.1 	A Helm chart for Dapr on Kubernetes
 
 The APP VERSION column tells us which Dapr runtime version is installed by the chart. Now, use the following command to upgrade Dapr to your desired runtime version providing a path to the certificate files you saved before:
 
-> Remove the `--set global.ha.enabled=true` if your current Dapr installation has not been deployed is HA mode.
+> Remove `--set global.ha.enabled=true` if current Dapr installation has not been deployed is HA mode.
 
 ```bash
 helm upgrade dapr dapr/dapr \

From 66fa5faaf70c383fd4542b22cc728840c01e98f6 Mon Sep 17 00:00:00 2001
From: Aaron Crawfis <Aaron.Crawfis@microsoft.com>
Date: Thu, 17 Dec 2020 11:29:30 -0800
Subject: [PATCH 4/4] Grammer

---
 .../en/operations/hosting/kubernetes/kubernetes-production.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-production.md b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-production.md
index 1ddd47b72..caaa85424 100644
--- a/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-production.md
+++ b/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-production.md
@@ -140,7 +140,7 @@ dapr/dapr	1.0.0-rc.1   	1.0.0-rc.1 	A Helm chart for Dapr on Kubernetes
 
 The APP VERSION column tells us which Dapr runtime version is installed by the chart. Now, use the following command to upgrade Dapr to your desired runtime version providing a path to the certificate files you saved before:
 
-> Remove `--set global.ha.enabled=true` if current Dapr installation has not been deployed is HA mode.
+> Remove `--set global.ha.enabled=true` if current Dapr installation has not been deployed in HA mode.
 
 ```bash
 helm upgrade dapr dapr/dapr \