mirror of https://github.com/dapr/docs.git
Addressing review comments
Signed-off-by: Pravin Pushkar <ppushkar@microsoft.com>
This commit is contained in:
parent
2a66de5e21
commit
f822b8193f
|
@ -450,6 +450,8 @@ By default, system services will look for the credentials in `/var/run/dapr/cred
|
|||
*Note: If you signed the cert root with a different private key, restart the Dapr instances.*
|
||||
|
||||
## Community call video on certificate rotation
|
||||
Watch this video on how to perform certificate rotation if your certicates are expiring.
|
||||
Watch this [video](https://www.youtube.com/watch?v=Hkcx9kBDrAc&feature=youtu.be&t=1400) on how to perform certificate rotation if your certicates are expiring.
|
||||
|
||||
<iframe width="1280" height="720" src="https://www.youtube.com/watch?v=Hkcx9kBDrAc" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
|
||||
<div class="embed-responsive embed-responsive-16by9">
|
||||
<iframe width="560" height="315" src="https://www.youtube.com/embed/Hkcx9kBDrAc?start=1400"></iframe>
|
||||
</div>
|
||||
|
|
|
@ -30,9 +30,9 @@ dapr mtls [command]
|
|||
### Available Commands
|
||||
|
||||
```txt
|
||||
expiry Checks the expiry of the root certificate
|
||||
export Export the root CA, issuer cert and key from Kubernetes to local files
|
||||
renew-certificate Rotates root CA, issuer cert and issuer key in Kubernetes secret used by Sentry service
|
||||
expiry Checks the expiry of the root Certificate Authority (CA) certificate
|
||||
export Export the root Certificate Authority (CA), issuer cert and issuer key to local files
|
||||
renew-certificate Rotates the existing root Certificate Authority (CA), issuer cert and issuer key
|
||||
```
|
||||
|
||||
### Command Reference
|
||||
|
@ -46,6 +46,6 @@ You can learn more about each sub command from the links below.
|
|||
### Examples
|
||||
|
||||
```bash
|
||||
# Check if mTLS is enabled
|
||||
# Check if mTLS is enabled on the Kubernetes cluster
|
||||
dapr mtls -k
|
||||
```
|
|
@ -8,7 +8,7 @@ weight: 2000
|
|||
|
||||
### Description
|
||||
|
||||
Checks the expiry of the root certificate
|
||||
Checks the expiry of the root Certificate Authority (CA) certificate
|
||||
|
||||
### Supported platforms
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ weight: 1000
|
|||
|
||||
### Description
|
||||
|
||||
Export the root CA, issuer cert and key from Kubernetes to local files
|
||||
Export the root Certificate Authority (CA), issuer cert and issuer key to local files
|
||||
|
||||
### Supported platforms
|
||||
|
||||
|
|
|
@ -7,8 +7,7 @@ weight: 3000
|
|||
---
|
||||
|
||||
### Description
|
||||
This command can be used to renew expiring Dapr certificates in Kubernetes cluster.
|
||||
It renews root CA certificate, issuer certificate and issuer key.
|
||||
This command can be used to renew expiring Dapr certificates. For example the Dapr Sentry service can generate default root and issuer certificates used by applications. For more information see [secure Dapr to Dapr communication]({{< ref "#secure-dapr-to-dapr-communication" >}})
|
||||
|
||||
### Supported platforms
|
||||
|
||||
|
@ -29,45 +28,45 @@ dapr mtls renew-certificate [flags]
|
|||
| `--valid-until` | | 365 days | Validity for newly created certificates |
|
||||
| `--restart` | | false | Restarts Dapr control plane services (Sentry service, Operator service and Placement server) |
|
||||
| `--timeout` | | 300 sec | The timeout for the certificate renewal process |
|
||||
| `--ca-root-certificate` | | | User provided root certificate pem file path|
|
||||
| `--issuer-public-certificate` | | | User provided issuer certificate pem file path|
|
||||
| `--issuer-private-key` | | | User provided issue private key file path|
|
||||
| `--ca-root-certificate` | | | File path to user provided PEM root certificate|
|
||||
| `--issuer-public-certificate` | | | File path to user provided PEM issuer certificate|
|
||||
| `--issuer-private-key` | | | File path to user provided PEM issue private key|
|
||||
| `--private-key` | | | User provided root.key file which is used to generate root certificate|
|
||||
|
||||
### Examples
|
||||
|
||||
#### Renew certificates by generating fresh new certificates
|
||||
Generates new root and issuer certificates for Dapr kubernetes cluster with a default validity of 365 days.
|
||||
#### Renew certificates by generating brand new certificates
|
||||
Generates new root and issuer certificates for the Kubernetes cluster with a default validity of 365 days. The certificates are not applied to the Dapr control plane.
|
||||
```bash
|
||||
dapr mtls renew-certificate -k
|
||||
```
|
||||
Generates new root and issuer certificates for kubernetes cluster with a default validity of 365 days and restart the control plane services.
|
||||
Generates new root and issuer certificates for the Kubernetes cluster with a default validity of 365 days and restarts the Dapr control plane services.
|
||||
```bash
|
||||
dapr mtls renew-certificate -k --restart
|
||||
```
|
||||
Generates new root and issuer certificates for kubernetes cluster with a given validity.
|
||||
Generates new root and issuer certificates for the Kubernetes cluster with a given validity time.
|
||||
```bash
|
||||
dapr mtls renew-certificate -k --valid-until <no of days>
|
||||
```
|
||||
Generates new root and issuer certificates for kubernetes cluster with a given validity and restart the control place services.
|
||||
Generates new root and issuer certificates for the Kubernetes cluster with a given validity time and restarts the Dapr control place services.
|
||||
```bash
|
||||
dapr mtls renew-certificate -k --valid-until <no of days> --restart
|
||||
```
|
||||
#### Renew certificate by using user provided certificates
|
||||
Rotates certificate of your kubernetes cluster with provided ca.pem, issuer.pem and issuer.key file path and restart the control plane services
|
||||
Rotates certificates for the Kubernetes cluster with the provided ca.pem, issuer.pem and issuer.key file paths and restarts the Dapr control plane services
|
||||
```bash
|
||||
dapr mtls renew-certificate -k --ca-root-certificate <ca.pem> --issuer-private-key <issuer.key> --issuer-public-certificate <issuer.pem> --restart
|
||||
```
|
||||
Rotates certificate of your kubernetes cluster with provided ca.pem, issuer.pem and issuer.key file path.
|
||||
Rotates certificates for the Kubernetes cluster with the provided ca.pem, issuer.pem and issuer.key file paths.
|
||||
```bash
|
||||
dapr mtls renew-certificate -k --ca-root-certificate <ca.pem> --issuer-private-key <issuer.key> --issuer-public-certificate <issuer.pem>
|
||||
```
|
||||
#### Renew certificates by generating fresh certificates using provided root private key
|
||||
Uses existing private root.key to generate new root and issuer certificates for kubernetes cluster with a given validity for created certs.
|
||||
#### Renew certificates by generating brand new certificates using the provided root private key
|
||||
Uses existing private root.key to generate new root and issuer certificates for the Kubernetes cluster with a given validity time for created certs.
|
||||
```bash
|
||||
dapr mtls renew-certificate -k --private-key myprivatekey.key --valid-until <no of days>
|
||||
```
|
||||
Uses existing private root.key to generate new root and issuer certificates for kubernetes cluster with a default validity of 365 days for created certs.
|
||||
Uses the existing private root.key to generate new root and issuer certificates for the Kubernetes cluster.
|
||||
```bash
|
||||
dapr mtls renew-certificate -k --private-key myprivatekey.key
|
||||
```
|
Loading…
Reference in New Issue