Extract self-signed PEM certificate from vCenter

README-K8s.md

Make CA Certificate available to a pod

Create a ConfigMap:

$ kubectl create cm ca-cert --from-file ca-cert.pem

Example how to use custom CA cert in govmomi:

  // make this configurable
	const file = "/etc/ssl/certs/ca-certificates.crt:/etc/vmware-event-router/ssl/ca-cert.pem"
  
	soapClient := soap.NewClient(u, *insecureFlag)
	err = soapClient.SetRootCAs(file)
	if err != nil {
		panic(err)
	}

	vimClient, err := vim25.NewClient(ctx, soapClient)
	if err != nil {
		return nil, err
	}

	c := &govmomi.Client{
		Client:         vimClient,
		SessionManager: session.NewManager(vimClient),
	}

	err = c.Login(ctx, u.User)
	if err != nil {
		panic(err)
	}

Use ConfigMap in a pod:

apiVersion: v1
kind: Pod
metadata:
  name: events-example
spec:
  containers:
    - image: ko://github.com/vmware/govmomi/examples/events
      name: events-example
      args:
        - "-f" # follow
        - "-b" # since 1h
        - "1h"
      env:
        - name: "GOVMOMI_USERNAME"
          value: "administrator@vsphere.local"
        - name: "GOVMOMI_PASSWORD"
          value: "Admin!23"
        - name: "GOVMOMI_URL"
          value: "https://sc2-10-184-165-188.eng.vmware.com"
      volumeMounts:
        - name: ca-cert
          mountPath: /etc/vmware-event-router/ssl
  volumes:
    - name: ca-cert
      configMap:
        name: ca-cert

README.md

Download from certificate via highlighted link in the screenshot, then

$ openssl x509 -inform der -in ~/Downloads/ca.cer -out ca-cert.pem

Verify with:

# use hostname used to retrieve the cert
$ curl -i -vv --cacert ca-cert.pem https://sc2-10-184-165-188.eng.vmware.com