https://pulumi.com logo
#python
Title
# python
s

some-twilight-56575

07/07/2021, 4:44 PM
I could use some help with this use case I need to create a k8s secret (tls) from a SelfSigned Cert generated by pulumi
Copy code
key = pulumi_tls.PrivateKey(
        "cluster-issuer-key", algorithm="RSA", rsa_bits=4096
    )
    # private_key_pem public_key_pem
    ca = pulumi_tls.SelfSignedCert(
        "cluster-issuer-cert",
        is_ca_certificate=True,
        private_key_pem=key.private_key_pem,
        validity_period_hours=87600,
        key_algorithm="RSA",
        subjects=[
            pulumi_tls.SelfSignedCertSubjectArgs(
                common_name=f"{stack_name} Communication CA"
            )
        ],
        allowed_uses=[
            "cert_signing",
            "key_encipherment",
            "digital_signature",
            "server_auth",
        ],
    )

    issuer_secret = pulumi_kubernetes.core.v1.Secret(
        "cluster-issuer-secret",
        metadata={"name": "ca-issuer", "namespace": "cert-manager"},
        type="<http://kubernetes.io/tls|kubernetes.io/tls>",
        data={"tls.key": key.private_key_pem, "tls.crt": key.cert_pem},
    )
it appears data must be pre base64 encoded
b

billowy-army-68599

07/07/2021, 4:49 PM
try this:
Copy code
issuer_secret = pulumi_kubernetes.core.v1.Secret(
        "cluster-issuer-secret",
        metadata={"name": "ca-issuer", "namespace": "cert-manager"},
        type="<http://kubernetes.io/tls|kubernetes.io/tls>",
        string_data={"tls.key": key.private_key_pem, "tls.crt": key.cert_pem},
    )
s

some-twilight-56575

07/07/2021, 5:17 PM
testing
worked thanks
2 Views