modify tls cert def

johnstcn · johnstcn · commit ae6842694f83 · 2023-05-11T17:51:14.000+01:00
diff --git a/scaletest/terraform/coder.tf b/scaletest/terraform/coder.tf
@@ -50,17 +50,18 @@ resource "kubernetes_secret" "coder-db" {
 }
 
 resource "tls_private_key" "coder" {
-  algorithm = "ED25519"
+  algorithm = "RSA"
 }
 
 resource "tls_self_signed_cert" "coder" {
   private_key_pem = tls_private_key.coder.private_key_pem
+  is_ca_certificate = true
 
   subject {
     common_name = "${local.coder_release_name}.${local.coder_namespace}.svc.cluster.local"
   }
 
-  allowed_uses = ["server_auth", "digital_signature", "data_encipherment", "key_agreement", "key_encipherment"]
+  allowed_uses = ["digital_signature", "cert_signing", "crl_signing"]
 
   # 1 year
   validity_period_hours = 8760

Original file line number	Diff line number	Diff line change
`@@ -50,17 +50,18 @@ resource "kubernetes_secret" "coder-db" {`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`resource "tls_private_key" "coder" {`
`53`		`- algorithm = "ED25519"`
	`53`	`+ algorithm = "RSA"`
`54`	`54`	`}`
`55`	`55`
`56`	`56`	`resource "tls_self_signed_cert" "coder" {`
`57`	`57`	`private_key_pem = tls_private_key.coder.private_key_pem`
	`58`	`+ is_ca_certificate = true`
`58`	`59`
`59`	`60`	`subject {`
`60`	`61`	`common_name = "${local.coder_release_name}.${local.coder_namespace}.svc.cluster.local"`
`61`	`62`	`}`
`62`	`63`
`63`		`- allowed_uses = ["server_auth", "digital_signature", "data_encipherment", "key_agreement", "key_encipherment"]`
	`64`	`+ allowed_uses = ["digital_signature", "cert_signing", "crl_signing"]`
`64`	`65`
`65`	`66`	`# 1 year`
`66`	`67`	`validity_period_hours = 8760`