better-shampoo-48884
04/10/2021, 8:23 AMββ kubernetes:<http://helm.sh/v3:Chart|helm.sh/v3:Chart> akv2k8s
~ β ββ kubernetes:<http://admissionregistration.k8s.io/v1:MutatingWebhookConfiguration|admissionregistration.k8s.io/v1:MutatingWebhookConfiguration> akv2k8s/akv2k8s-envinjector update [diff: ~webhooks]
+- β ββ kubernetes:core/v1:Secret akv2k8s/akv2k8s-envinjector-tls replace [diff: ~data]
+- β ββ kubernetes:core/v1:Secret akv2k8s/akv2k8s-envinjector-ca replace [diff: ~data]
~ β ββ kubernetes:apps/v1:Deployment akv2k8s/akv2k8s-envinjector update [diff: ~spec]
Edit: neeevermind! there is a tiny diff in the certificates generated.. a bit frustrating, but of no consequence. Was almost certain there might have been some encoding issues triggering the diff or something, but no - new certs are generated by the chart every time it's touched. oh well.billowy-army-68599
better-shampoo-48884
04/11/2021, 3:09 PMakv2k8sValues.env_injector.certificate.custom = {
enabled: true,
server: {
tls: {
crt: tlsCert.crt.certPem,
key: tlsCert.key.privateKeyPem
}
},
ca: {
crt: tlsCert.caCert.certPem
}
}
with
const SPVakv2k8s = new k8s.helm.v3.Chart("akv2k8s",{
chart: "akv2k8s",
version: "2.0.10",
namespace: akv2k8sNamespace.metadata.name,
fetchOpts: {
repo: helmRepos.spv.url
},
values: akv2k8sValues
},{
provider: cluster
})
results in...
Error: invocation of kubernetes:helm:template returned an error: failed to generate YAML for specified Helm chart: failed to create chart from template: YAML parse error on akv2k8s/templates/env-injector-apiservice.yaml: error converting YAML to JSON: yaml: line 15: could not find expected ':'
Which makes me wonder.. how much json -> yaml -> json -> yaml is actually going on here :Dbillowy-army-68599
apply()
better-shampoo-48884
04/11/2021, 3:55 PMif (akv2k8sValues?.env_injector?.certificate?.custom) {
akv2k8sValues.env_injector.certificate = {
useCertManager: false,
custom: {
enabled: true,
server: {
tls: {
crt: tlsCert.crt.certPem.apply(x => x),
key: tlsCert.key.privateKeyPem.apply(x => x)
}
},
ca: {
crt: tlsCert.caCert.certPem.apply(x => x)
}
}
}
}
Basically - this produces the exact same error.//let serverCrt = pulumi.interpolate`${tlsCert.crt.certPem.apply(x => x)}`
let serverKey = "xzc";
let caCrt = "czx";
let serverCrt = "vcx";
tlsCert.crt.certPem.apply(pem => {
serverCrt = pem;
return true
})
tlsCert.key.privateKeyPem.apply(key => {
serverKey = key;
return true
})
tlsCert.caCert.certPem.apply(pem => {
caCrt = pem;
return true
})
if (akv2k8sValues?.env_injector?.certificate?.custom) {
akv2k8sValues.env_injector.certificate = {
useCertManager: false,
custom: {
enabled: true,
server: {
tls: {
crt: serverCrt,
key: serverKey
}
},
ca: {
crt: caCrt
}
}
}
}
let akv2k8sValues = yaml.load(fs.readFileSync("./components/chart-values/akv2k8s-production.yml")) as any
let tlsCrt = tlsCert.crt.certPem.apply(tlsCrt => {
let curObj = akv2k8sValues;
akv2k8sValues.env_injector.certificate = {
useCertManager: false,
custom: {
enabled: true,
server: {
tls: {
crt: tlsCert.crt.certPem.apply(x => x),
key: "toBeFilled"
}
},
ca: {
crt: "toBeFilled"
}
}
}
return akv2k8sValues;
})
let tlsKey = pulumi.all([tlsCrt, tlsCert.key.privateKeyPem]).apply(([objValue, key]) => {
objValue.env_injector.certificate.custom.server.tls.key = key;
return objValue;
})
let finalAkv2k8sValues = pulumi.all([tlsKey, tlsCert.caCert.certPem]).apply(([objValue, cert]) => {
objValue.env_injector.certificate.custom.ca.crt = cert;
return objValue;
})
const SPVakv2k8s = new k8s.helm.v3.Chart("akv2k8s",{
chart: "akv2k8s",
version: "2.0.10",
namespace: akv2k8sNamespace.metadata.name,
fetchOpts: {
repo: helmRepos.spv.url
},
values: finalAkv2k8sValues.apply(x => x)
},{
provider: cluster,
dependsOn: [tlsCert.crt, tlsCert.key, tlsCert.caCert]
})