An execution plan has been generated and is shown below.

Resource actions are indicated with the following symbols:

  + create

 <= read (data resources)

​

Terraform will perform the following actions:

​

  # data.archive_file.userinfos will be read during apply

  # (config refers to values not yet known)

 <= data "archive_file" "userinfos" {

      + id = (known after apply)

      + output_base64sha256 = (known after apply)

      + output_md5 = (known after apply)

      + output_path = "tf-result/cert.zip"

      + output_sha = (known after apply)

      + output_size = (known after apply)

      + type = "zip"

​

      + source {

          + content = (known after apply)

          + filename = "cert_pem"

        }

      + source {

          + content = (known after apply)

          + filename = "private_key_pem"

        }

      + source {

          + content = (known after apply)

          + filename = "public_key_pem"

        }

    }

​

  # tls_private_key.example will be created

  + resource "tls_private_key" "example" {

      + algorithm = "RSA"

      + ecdsa_curve = "P224"

      + id = (known after apply)

      + private_key_pem = (known after apply)

      + public_key_fingerprint_md5 = (known after apply)

      + public_key_openssh = (known after apply)

      + public_key_pem = (known after apply)

      + rsa_bits = 2048

    }

​

  # tls_self_signed_cert.example will be created

  + resource "tls_self_signed_cert" "example" {

      + allowed_uses = [

          + "key_encipherment",

          + "digital_signature",

          + "server_auth",

        ]

      + cert_pem = (known after apply)

      + dns_names = [

          + "api.example.com",

          + "k8sapi.example.com",

        ]

      + early_renewal_hours = 30000000

      + id = (known after apply)

      + ip_addresses = [

          + "127.0.0.1",

          + "192.168.0.111",

          + "10.10.18.119",

        ]

      + is_ca_certificate = true

      + key_algorithm = "RSA"

      + private_key_pem = (known after apply)

      + validity_end_time = (known after apply)

      + validity_period_hours = 120000000

      + validity_start_time = (known after apply)

​

      + subject {

          + common_name = "example.com"

          + organization = "example, Inc"

        }

    }

​

Plan: 2 to add, 0 to change, 0 to destroy.

​

Do you want to perform these actions?

  Terraform will perform the actions described above.

  Only 'yes' will be accepted to approve.

​

  Enter a value: yes

​

tls_private_key.example: Creating...

tls_private_key.example: Creation complete after 0s [id=4bb57b583566785ce23a003432515e07fcebfdba]

tls_self_signed_cert.example: Creating...

tls_self_signed_cert.example: Creation complete after 0s [id=132700825268662052341550768328847386301]

data.archive_file.userinfos: Refreshing state...

​

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

• 文件内容

unzip cert.zip 

Archive: cert.zip

  inflating: cert_pem                

  inflating: private_key_pem         

  inflating: public_key_pem   

说明

我们可以结合vault 的tls 管理以及tf 方便的进行证书管理——基础设施即代码

参考资料

https://www.terraform.io/docs/providers/tls/r/self_signed_cert.html
https://learn.hashicorp.com/vault/secrets-management/sm-pki-engine

优质内容筛选与推荐>>
1、python数据库编程_sqlite
2、interface IEngineControl封装引擎通用操作
3、标准时间转YYYY-MMM-DD
4、Eclipse快捷键
5、Java注释规范整理

赞赏

长按二维码向我转账

受苹果公司新规定影响，微信 iOS 版的赞赏功能被关闭，可通过二维码转账支持公众号。

阅读

好看

已推荐到看一看

你的朋友可以在“发现”-“看一看”看到你认为好看的文章。

取消 推荐

我知道了

已取消，“好看”想法已同步删除

知道了

已推荐到看一看 和朋友分享想法

最多200字，当前共字 发送

已发送

朋友将在看一看看到

确定

分享你的想法...

取消

分享想法到看一看

确定

最多200字，当前共字

发送中

网络异常，请稍后重试

知道了

微信扫一扫
关注该公众号

0 │ 收藏 │ 举报