https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# general
s
This message was deleted.
b
Just an example from me on using TLS:
Copy code
selfSignedKey, err := tls.NewPrivateKey(ctx, "self-signed-key", &tls.PrivateKeyArgs{
		Algorithm: pulumi.String("RSA"),
		RsaBits:   <http://pulumi.Int|pulumi.Int>(2048),
	})
	if err != nil {
		return err
	}

	selfSignedCert, err := tls.NewSelfSignedCert(ctx, "self-signed-cert", &tls.SelfSignedCertArgs{
		Subjects: tls.SelfSignedCertSubjectArray{
			tls.SelfSignedCertSubjectArgs{CommonName: pulumi.String("cluster.local")},
		},
		KeyAlgorithm:        selfSignedKey.Algorithm,
		PrivateKeyPem:       selfSignedKey.PrivateKeyPem,
		IsCaCertificate:     pulumi.Bool(false),
		ValidityPeriodHours: <http://pulumi.Int|pulumi.Int>(24 * 365 * 10),
		AllowedUses:         pulumi.StringArray{},
	})
	if err != nil {
		return err
	}
And then I get the key file using 
selfSignedKey.PrivateKeyPem
and the cert file as 
selfSignedCert.CertPem
m
Thanks! So I guess if set the IsCaCertificate = true, that will give me the CA certificate. And then I would use the tls.LocallySignedCert to create the server and client certificates (passing in the 
selfSignedKey.PrivateKeyPem
and 
selfSignedCert.CertPem
)?
b
I haven’t used LocallySignedCert, so not 100% sure
In the above example, I’m creating what is essentially a self-signed cert, though without a specific CA (since I don’t really need to do verification)
But what you said sounds about right - you’d likely need to use tls.CertRequest as well, to generate the CSR, and pass that into LocallySignedCert
m
That makes sense, thanks so much for your help
b
No worries - I was also struggling to figure it out so thought I could share 🙂 If you do figure it out, it would be great to update the thread, so if someone else finds it in the future they get the answer.
m
Will definitely do that
2 Views
Open in Slack
PreviousNext
Powered by