Channels
pulumi-ai
package-authoring
pulumi-cdk
oracle-cloud-infrastructure
learn-pulumi-events
linen
registry
built-with-pulumi
pulumi-cloud
contribex
testingtesting321
hacktoberfest
cloudengineering
yaml
pulumi-crosscode
content-share
finops
multi-language-hackathon
office-hours
workshops
blog-posts
localstack
welcome
gitlab
pulumi-kubernetes-operator
jobs
aws
pulumi-deployments
dotnet
golang
announcements
java
pulumiverse
python
install
getting-started
cloudengineering-support
testingtesting123
hackathon-03-19-2020
typescript
google-cloud
contribute
azure
kubernetes
docs
automation-api
status
general
Title
b
busy-journalist-6936
02/24/2022, 12:51 AMI'm trying to use
tls.SelfSignedCertDiagnostics:
kubernetes:core/v1:Secret (kong-cluster-cert):
error: Preview failed: resource kong/kong-kong-cluster was not successfully created by the Kubernetes API server : Secret in version "v1" cannot be handled as a Secret: illegal base64 data at input byte 0data: {
"tls.crt": kongClusterCert.certPem,
"tls.key": kongClusterCert.privateKeyPem,//// Issue certificate for kong cluster mtls
const kongClusterKey = new tls.PrivateKey(`${name}-cluster-mtls-pkey`, {
algorithm: "RSA",
rsaBits: 2048,
});
const kongClusterCert = new tls.SelfSignedCert(`${name}-cluster-mtls-cert`, {
privateKeyPem: kongClusterKey.privateKeyPem,
allowedUses: [
"keyEncipherment",
"digitalSignature",
"serverAuth",
"cert_signing",
"crl_signing",
],
keyAlgorithm: kongClusterKey.algorithm,
subjects: [{ commonName: 'kong_clustering' }],
dnsNames: ['kong_clustering'],
validityPeriodHours: 4870,
isCaCertificate: false,
},{
parent: kongClusterKey,
});
// TODO: Consider Rotation Strategy
const secretKongClusterCert = new k8s.core.v1.Secret(`${name}-cluster-cert`, {
apiVersion: "v1",
kind: "Secret",
type: "tls",
metadata: {
name: "kong-kong-cluster",
namespace: "kong",
},
data: {
"tls.crt": kongClusterCert.certPem,
"tls.key": kongClusterCert.privateKeyPem,
},
}, {
dependsOn: [
nsKong,
],
parent: kongClusterCert,
provider: kubeconfig,
});๐งต
w
wonderful-twilight-70958
02/24/2022, 1:12 AMuse
stringDataOr b64 encode them
stringDatab
busy-journalist-6936
02/24/2022, 1:13 AMjust flipped it to stringData to blindly test without understanding what I effectively did. lol.
reading about the differences now
w
wonderful-twilight-70958
02/24/2022, 1:13 AMstringData allows you to input as txt, then k8s will encode for you
๐ 1
still ends up encoded
b
busy-journalist-6936
02/24/2022, 1:13 AMmagic!
the message was weird to read though, I literally tried to decode them thinking they were b64 encoded already and it was getting a double encoding or something