From 6bca908aa1e894a6d4c6a137dc751f147ada613c Mon Sep 17 00:00:00 2001
From: Arik Hadas <ahadas@redhat.com>
Date: Wed, 24 Jan 2024 17:56:05 +0200
Subject: [PATCH] inject certificate for vcsim

Signed-off-by: Arik Hadas <ahadas@redhat.com>
---
 cluster/providers/vmware/setup.sh             |  1 +
 .../providers/vmware/vcsim_certificate.yml    | 19 +++++++++++++++++++
 cluster/providers/vmware/vcsim_deployment.yml |  9 +++++++++
 3 files changed, 29 insertions(+)
 create mode 100644 cluster/providers/vmware/vcsim_certificate.yml

diff --git a/cluster/providers/vmware/setup.sh b/cluster/providers/vmware/setup.sh
index 861e419..0cf4d95 100755
--- a/cluster/providers/vmware/setup.sh
+++ b/cluster/providers/vmware/setup.sh
@@ -6,6 +6,7 @@ set -ex
 [ -z "${NFS_SHARE}" ] && { echo "Provider cannot be installed - NFS_SHARE env required" ; return 2 ;}
 
 
+kubectl apply -f ./cluster/providers/vmware/vcsim_certificate.yml
 kubectl apply -f ./cluster/providers/vmware/vcsim_deployment.yml
 
 while ! kubectl get deployment -n konveyor-forklift vcsim; do sleep 5; done
diff --git a/cluster/providers/vmware/vcsim_certificate.yml b/cluster/providers/vmware/vcsim_certificate.yml
new file mode 100644
index 0000000..8225080
--- /dev/null
+++ b/cluster/providers/vmware/vcsim_certificate.yml
@@ -0,0 +1,19 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: vcsim-certificate
+  namespace: konveyor-forklift
+spec:
+  isCA: true
+  dnsNames:
+  - vcsim.konveyor-forklift
+  commonName: vcsim-certificate
+  secretName: vcsim-certificate
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: forklift-issuer
+    kind: Issuer
+    group: cert-manager.io
diff --git a/cluster/providers/vmware/vcsim_deployment.yml b/cluster/providers/vmware/vcsim_deployment.yml
index 5e3687a..936aac2 100644
--- a/cluster/providers/vmware/vcsim_deployment.yml
+++ b/cluster/providers/vmware/vcsim_deployment.yml
@@ -16,9 +16,18 @@ spec:
     spec:
       containers:
       - name: vcsim
+        command: ["/vcsim", "-l", "0.0.0.0:8989", "-tlscert", "/etc/secret/tls.crt", "-tlskey", "/etc/secret/tls.key"]
         image: docker.io/vmware/vcsim:latest
         ports:
         - containerPort: 8989
+        volumeMounts:
+        - mountPath: /etc/secret
+          name: vcsim-certificate
+      volumes:
+      - name: vcsim-certificate
+        secret:
+          secretName: vcsim-certificate
+          defaultMode: 420
 ---
 apiVersion: v1
 kind: Service