busy-journalist-6936
02/24/2022, 12:51 AMtls.SelfSignedCert
to issue an mtls certificate used between a few pods.
It feels like I'm close, but I'm getting the following error. I guess perhaps I need to b64 decode the
Diagnostics:
kubernetes:core/v1:Secret (kong-cluster-cert):
error: Preview failed: resource kong/kong-kong-cluster was not successfully created by the Kubernetes API server : Secret in version "v1" cannot be handled as a Secret: illegal base64 data at input byte 0
And it seems these would be the problematic lines in question.
data: {
"tls.crt": kongClusterCert.certPem,
"tls.key": kongClusterCert.privateKeyPem,
Snippet:
//// Issue certificate for kong cluster mtls
const kongClusterKey = new tls.PrivateKey(`${name}-cluster-mtls-pkey`, {
algorithm: "RSA",
rsaBits: 2048,
});
const kongClusterCert = new tls.SelfSignedCert(`${name}-cluster-mtls-cert`, {
privateKeyPem: kongClusterKey.privateKeyPem,
allowedUses: [
"keyEncipherment",
"digitalSignature",
"serverAuth",
"cert_signing",
"crl_signing",
],
keyAlgorithm: kongClusterKey.algorithm,
subjects: [{ commonName: 'kong_clustering' }],
dnsNames: ['kong_clustering'],
validityPeriodHours: 4870,
isCaCertificate: false,
},{
parent: kongClusterKey,
});
// TODO: Consider Rotation Strategy
const secretKongClusterCert = new k8s.core.v1.Secret(`${name}-cluster-cert`, {
apiVersion: "v1",
kind: "Secret",
type: "tls",
metadata: {
name: "kong-kong-cluster",
namespace: "kong",
},
data: {
"tls.crt": kongClusterCert.certPem,
"tls.key": kongClusterCert.privateKeyPem,
},
}, {
dependsOn: [
nsKong,
],
parent: kongClusterCert,
provider: kubeconfig,
});
wonderful-twilight-70958
02/24/2022, 1:12 AMstringData
stringData
easier though ๐busy-journalist-6936
02/24/2022, 1:13 AMwonderful-twilight-70958
02/24/2022, 1:13 AMbusy-journalist-6936
02/24/2022, 1:13 AM