some-twilight-56575
07/07/2021, 4:44 PMkey = pulumi_tls.PrivateKey(
"cluster-issuer-key", algorithm="RSA", rsa_bits=4096
)
# private_key_pem public_key_pem
ca = pulumi_tls.SelfSignedCert(
"cluster-issuer-cert",
is_ca_certificate=True,
private_key_pem=key.private_key_pem,
validity_period_hours=87600,
key_algorithm="RSA",
subjects=[
pulumi_tls.SelfSignedCertSubjectArgs(
common_name=f"{stack_name} Communication CA"
)
],
allowed_uses=[
"cert_signing",
"key_encipherment",
"digital_signature",
"server_auth",
],
)
issuer_secret = pulumi_kubernetes.core.v1.Secret(
"cluster-issuer-secret",
metadata={"name": "ca-issuer", "namespace": "cert-manager"},
type="<http://kubernetes.io/tls|kubernetes.io/tls>",
data={"tls.key": key.private_key_pem, "tls.crt": key.cert_pem},
)
it appears data must be pre base64 encodedbillowy-army-68599
07/07/2021, 4:49 PMissuer_secret = pulumi_kubernetes.core.v1.Secret(
"cluster-issuer-secret",
metadata={"name": "ca-issuer", "namespace": "cert-manager"},
type="<http://kubernetes.io/tls|kubernetes.io/tls>",
string_data={"tls.key": key.private_key_pem, "tls.crt": key.cert_pem},
)
some-twilight-56575
07/07/2021, 5:17 PM