From 58969eacd3f3c45fcc280e3202cc98d9b9444ff4 Mon Sep 17 00:00:00 2001
From: Simon Gerber <simon.gerber@vshn.ch>
Date: Mon, 24 Oct 2022 15:52:34 +0200
Subject: [PATCH] Fix certificate errors in vcluster container

We need to ensure that the syncer's TLS certificate is also valid for
the pod IP. This only needs the pod IP passed to the container as an
environment variable, cf. https://github.com/loft-sh/vcluster/pull/549
---
 component/cluster.libsonnet                          | 12 +++++++++++-
 .../defaults/defaults/defaults/10_cluster.yaml       |  6 +++++-
 tests/golden/oidc/oidc/oidc/10_cluster.yaml          |  6 +++++-
 .../openshift/openshift/openshift/10_cluster.yaml    |  6 +++++-
 4 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/component/cluster.libsonnet b/component/cluster.libsonnet
index 2cf3b59..385f1f0 100644
--- a/component/cluster.libsonnet
+++ b/component/cluster.libsonnet
@@ -345,7 +345,17 @@ local cluster = function(name, options)
               securityContext: {
                 allowPrivilegeEscalation: false,
               },
-              env: [],
+              env: [
+                // ensure that syncer TLS certificate is also valid for pod IP
+                {
+                  name: 'POD_IP',
+                  valueFrom: {
+                    fieldRef: {
+                      fieldPath: 'status.podIP',
+                    },
+                  },
+                },
+              ],
               volumeMounts: [
                 {
                   mountPath: '/data',
diff --git a/tests/golden/defaults/defaults/defaults/10_cluster.yaml b/tests/golden/defaults/defaults/defaults/10_cluster.yaml
index 5314e31..7baa9c1 100644
--- a/tests/golden/defaults/defaults/defaults/10_cluster.yaml
+++ b/tests/golden/defaults/defaults/defaults/10_cluster.yaml
@@ -221,7 +221,11 @@ spec:
             - --tls-san=defaults.syn-defaults.svc
             - --tls-san=defaults.syn-defaults
             - --tls-san=defaults
-          env: []
+          env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
           image: docker.io/loftsh/vcluster:0.12.2
           livenessProbe:
             failureThreshold: 10
diff --git a/tests/golden/oidc/oidc/oidc/10_cluster.yaml b/tests/golden/oidc/oidc/oidc/10_cluster.yaml
index bcdf74d..c179652 100644
--- a/tests/golden/oidc/oidc/oidc/10_cluster.yaml
+++ b/tests/golden/oidc/oidc/oidc/10_cluster.yaml
@@ -225,7 +225,11 @@ spec:
             - --tls-san=oidc.testns.svc
             - --tls-san=oidc.testns
             - --tls-san=oidc
-          env: []
+          env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
           image: docker.io/loftsh/vcluster:0.12.2
           livenessProbe:
             failureThreshold: 10
diff --git a/tests/golden/openshift/openshift/openshift/10_cluster.yaml b/tests/golden/openshift/openshift/openshift/10_cluster.yaml
index 2f67814..967728e 100644
--- a/tests/golden/openshift/openshift/openshift/10_cluster.yaml
+++ b/tests/golden/openshift/openshift/openshift/10_cluster.yaml
@@ -227,7 +227,11 @@ spec:
             - --tls-san=openshift.syn-openshift.svc
             - --tls-san=openshift.syn-openshift
             - --tls-san=openshift
-          env: []
+          env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
           image: docker.io/loftsh/vcluster:0.12.2
           livenessProbe:
             failureThreshold: 10