I'm using dapr in Kubernetes with microservices, it has been one year since I installed dapr with helm, but recently microservices were down due to following error:
x509: certificate has expired or is not yet valid dapr
So, when investigating from https://docs.dapr.io/operations/security/mtls/:
If custom certificates have not been provided, Dapr automatically creates and persist self-signed certs valid for one year.
It's clear, that mtls expire one year after creation and they are managed by daprsystem configuration.
apiVersion: dapr.io/v1alpha1
kind: Configuration
...
labels:
app.kubernetes.io/managed-by: Helm
name: daprsystem
spec:
metric:
enabled: true
mtls:
allowedClockSkew: 15m
enabled: true
workloadCertTTL: 24h
I managed to get a new mtls certificate by removing dapr chart and re-installing it, but is there a renewal policy I can apply to the configuration ?
Thanks,
