Fix certificate errors in vcluster container

simu · simu · commit 58969eacd3f3 · 2022-10-24T15:58:22.000+02:00
We need to ensure that the syncer's TLS certificate is also valid for the pod IP. This only needs the pod IP passed to the container as an environment variable, cf. loft-sh/vcluster#549
diff --git a/component/cluster.libsonnet b/component/cluster.libsonnet
@@ -345,7 +345,17 @@ local cluster = function(name, options)
               securityContext: {
                 allowPrivilegeEscalation: false,
               },
-              env: [],
+              env: [
+                // ensure that syncer TLS certificate is also valid for pod IP
+                {
+                  name: 'POD_IP',
+                  valueFrom: {
+                    fieldRef: {
+                      fieldPath: 'status.podIP',
+                    },
+                  },
+                },
+              ],
               volumeMounts: [
                 {
                   mountPath: '/data',
diff --git a/tests/golden/defaults/defaults/defaults/10_cluster.yaml b/tests/golden/defaults/defaults/defaults/10_cluster.yaml
@@ -221,7 +221,11 @@ spec:
             - --tls-san=defaults.syn-defaults.svc
             - --tls-san=defaults.syn-defaults
             - --tls-san=defaults
-          env: []
+          env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
           image: docker.io/loftsh/vcluster:0.12.2
           livenessProbe:
             failureThreshold: 10
diff --git a/tests/golden/oidc/oidc/oidc/10_cluster.yaml b/tests/golden/oidc/oidc/oidc/10_cluster.yaml
@@ -225,7 +225,11 @@ spec:
             - --tls-san=oidc.testns.svc
             - --tls-san=oidc.testns
             - --tls-san=oidc
-          env: []
+          env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
           image: docker.io/loftsh/vcluster:0.12.2
           livenessProbe:
             failureThreshold: 10
diff --git a/tests/golden/openshift/openshift/openshift/10_cluster.yaml b/tests/golden/openshift/openshift/openshift/10_cluster.yaml
@@ -227,7 +227,11 @@ spec:
             - --tls-san=openshift.syn-openshift.svc
             - --tls-san=openshift.syn-openshift
             - --tls-san=openshift
-          env: []
+          env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
           image: docker.io/loftsh/vcluster:0.12.2
           livenessProbe:
             failureThreshold: 10
