I could use some help with this use case I need to create a pulumi-community #python

Title

some-twilight-56575

07/07/2021, 4:44 PM

I could use some help with this use case I need to create a k8s secret (tls) from a SelfSigned Cert generated by pulumi

key = pulumi_tls.PrivateKey(
        "cluster-issuer-key", algorithm="RSA", rsa_bits=4096
    )
    # private_key_pem public_key_pem
    ca = pulumi_tls.SelfSignedCert(
        "cluster-issuer-cert",
        is_ca_certificate=True,
        private_key_pem=key.private_key_pem,
        validity_period_hours=87600,
        key_algorithm="RSA",
        subjects=[
            pulumi_tls.SelfSignedCertSubjectArgs(
                common_name=f"{stack_name} Communication CA"
            )
        ],
        allowed_uses=[
            "cert_signing",
            "key_encipherment",
            "digital_signature",
            "server_auth",
        ],
    )

    issuer_secret = pulumi_kubernetes.core.v1.Secret(
        "cluster-issuer-secret",
        metadata={"name": "ca-issuer", "namespace": "cert-manager"},
        type="<http://kubernetes.io/tls|kubernetes.io/tls>",
        data={"tls.key": key.private_key_pem, "tls.crt": key.cert_pem},
    )

it appears data must be pre base64 encoded

billowy-army-68599

07/07/2021, 4:49 PM

try this:

issuer_secret = pulumi_kubernetes.core.v1.Secret(
        "cluster-issuer-secret",
        metadata={"name": "ca-issuer", "namespace": "cert-manager"},
        type="<http://kubernetes.io/tls|kubernetes.io/tls>",
        string_data={"tls.key": key.private_key_pem, "tls.crt": key.cert_pem},
    )

some-twilight-56575

07/07/2021, 5:17 PM

testing

worked thanks

#python Join Slack