inject certificate for vcsim

ahadas · ahadas · commit 6bca908aa1e8 · 2024-01-24T18:26:00.000+02:00
Signed-off-by: Arik Hadas &lt;ahadas@redhat.com&gt;
diff --git a/cluster/providers/vmware/setup.sh b/cluster/providers/vmware/setup.sh
@@ -6,6 +6,7 @@ set -ex
 [ -z "${NFS_SHARE}" ] && { echo "Provider cannot be installed - NFS_SHARE env required" ; return 2 ;}
 
 
+kubectl apply -f ./cluster/providers/vmware/vcsim_certificate.yml
 kubectl apply -f ./cluster/providers/vmware/vcsim_deployment.yml
 
 while ! kubectl get deployment -n konveyor-forklift vcsim; do sleep 5; done
diff --git a/cluster/providers/vmware/vcsim_certificate.yml b/cluster/providers/vmware/vcsim_certificate.yml
@@ -0,0 +1,19 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: vcsim-certificate
+  namespace: konveyor-forklift
+spec:
+  isCA: true
+  dnsNames:
+  - vcsim.konveyor-forklift
+  commonName: vcsim-certificate
+  secretName: vcsim-certificate
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: forklift-issuer
+    kind: Issuer
+    group: cert-manager.io
diff --git a/cluster/providers/vmware/vcsim_deployment.yml b/cluster/providers/vmware/vcsim_deployment.yml
@@ -16,9 +16,18 @@ spec:
     spec:
       containers:
       - name: vcsim
+        command: ["/vcsim", "-l", "0.0.0.0:8989", "-tlscert", "/etc/secret/tls.crt", "-tlskey", "/etc/secret/tls.key"]
         image: docker.io/vmware/vcsim:latest
         ports:
         - containerPort: 8989
+        volumeMounts:
+        - mountPath: /etc/secret
+          name: vcsim-certificate
+      volumes:
+      - name: vcsim-certificate
+        secret:
+          secretName: vcsim-certificate
+          defaultMode: 420
 ---
 apiVersion: v1
 kind: Service
