faint-dog-16036
07/26/2021, 6:26 PMtls.PrivateKey
pem
into openssh
format and throwing it into a k8s secret using stringData
The issue is that pulumi thinks the secret changes every single update (despite it remaining stable), and so it recreates the secret every time. Anyone run into this?bored-table-20691
07/26/2021, 6:27 PMtls
package for similar purposes and haven’t seen this happen.
What does this code look like?faint-dog-16036
07/26/2021, 6:32 PMPrivateKey
resource in tls only outputs privateKeyPem
, so I use the sshpk
util to convert over to openssh format:
function convertPrivateKeyToOpenSSH(key: pulumi.Input<string>) {
return pulumi.output(key).apply((unwrappedKey) => {
const parsedKey = sshpk.parsePrivateKey(unwrappedKey, "pem");
// @ts-ignore
return parsedKey.toString("ssh");
});
}
... which is called like:
convertPrivateKeyToOpenSSH(tlsPrivateKeyOutput.privateKeyPem)
... the result of which is pushed in stringData
in a k8s cluster Secret.billowy-army-68599
bored-table-20691
07/26/2021, 6:40 PMconvertPrivateKeyToOpenSSH
returns the same string every time?faint-dog-16036
07/26/2021, 6:47 PM+-kubernetes:core/v1:Secret: (replace)
~ stringData: {
}
... and I compared secrets before/after application and they look identical.