This message was deleted.
# kubernetes
s
This message was deleted.
b
I use the
tls
package for similar purposes and haven’t seen this happen. What does this code look like?
f
So the
PrivateKey
resource in tls only outputs
privateKeyPem
, so I use the
sshpk
util to convert over to openssh format:
Copy code
function convertPrivateKeyToOpenSSH(key: pulumi.Input<string>) {
  return pulumi.output(key).apply((unwrappedKey) => {
    const parsedKey = sshpk.parsePrivateKey(unwrappedKey, "pem");
    // @ts-ignore
    return parsedKey.toString("ssh");
  });
}
... which is called like:
convertPrivateKeyToOpenSSH(tlsPrivateKeyOutput.privateKeyPem)
... the result of which is pushed in
stringData
in a k8s cluster Secret.
b
what's in the diff?
b
and presumably
convertPrivateKeyToOpenSSH
returns the same string every time?
f
Diff looks like this, it's odd I can't see the keys inside `stringData`:
Copy code
+-kubernetes:core/v1:Secret: (replace)
                      ~ stringData: {
                        }
... and I compared secrets before/after application and they look identical.
If I jump into the json diff seems like the reasons are just the converted private keys (public keys unchanged), so I must be doing something wrong re: converting these keys. I also tried trimming the converted private keys just in case to no avail.