Skip to content

Commit

Permalink
Fix certificate errors in vcluster container
Browse files Browse the repository at this point in the history
We need to ensure that the syncer's TLS certificate is also valid for
the pod IP. This only needs the pod IP passed to the container as an
environment variable, cf. loft-sh/vcluster#549
  • Loading branch information
simu committed Oct 24, 2022
1 parent 695709f commit 58969ea
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 4 deletions.
12 changes: 11 additions & 1 deletion component/cluster.libsonnet
Original file line number Diff line number Diff line change
Expand Up @@ -345,7 +345,17 @@ local cluster = function(name, options)
securityContext: {
allowPrivilegeEscalation: false,
},
env: [],
env: [
// ensure that syncer TLS certificate is also valid for pod IP
{
name: 'POD_IP',
valueFrom: {
fieldRef: {
fieldPath: 'status.podIP',
},
},
},
],
volumeMounts: [
{
mountPath: '/data',
Expand Down
6 changes: 5 additions & 1 deletion tests/golden/defaults/defaults/defaults/10_cluster.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -221,7 +221,11 @@ spec:
- --tls-san=defaults.syn-defaults.svc
- --tls-san=defaults.syn-defaults
- --tls-san=defaults
env: []
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
image: docker.io/loftsh/vcluster:0.12.2
livenessProbe:
failureThreshold: 10
Expand Down
6 changes: 5 additions & 1 deletion tests/golden/oidc/oidc/oidc/10_cluster.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,11 @@ spec:
- --tls-san=oidc.testns.svc
- --tls-san=oidc.testns
- --tls-san=oidc
env: []
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
image: docker.io/loftsh/vcluster:0.12.2
livenessProbe:
failureThreshold: 10
Expand Down
6 changes: 5 additions & 1 deletion tests/golden/openshift/openshift/openshift/10_cluster.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,11 @@ spec:
- --tls-san=openshift.syn-openshift.svc
- --tls-san=openshift.syn-openshift
- --tls-san=openshift
env: []
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
image: docker.io/loftsh/vcluster:0.12.2
livenessProbe:
failureThreshold: 10
Expand Down

0 comments on commit 58969ea

Please sign in to comment.