in src/common/Kubernetes/KubernetesWatcher.cs [46:118]
public KubernetesWatcher(ILog log, KubernetesClientConfiguration config = null, bool useInClusterConfig = false)
{
this._log = log ?? throw new ArgumentNullException(nameof(log));
if (config == null && useInClusterConfig)
{
config = KubernetesClientConfiguration.InClusterConfig();
}
if (config == null)
{
throw new ArgumentNullException(nameof(config));
}
try
{
this._baseUri = new Uri(config.Host);
}
catch (UriFormatException e)
{
throw new KubeConfigException("Bad host url", e);
}
this._caCerts = config.SslCaCerts;
this._skipTlsVerify = config.SkipTlsVerify;
var httpClientHandler = new HttpClientHandler();
if (_baseUri.Scheme == "https")
{
if (config.SkipTlsVerify)
{
httpClientHandler.ServerCertificateCustomValidationCallback =
(sender, certificate, chain, sslPolicyErrors) => true;
}
else
{
if (_caCerts == null)
{
throw new KubeConfigException("A CA must be set when SkipTlsVerify === false");
}
httpClientHandler.ServerCertificateCustomValidationCallback =
(sender, certificate, chain, sslPolicyErrors) =>
{
return CertificateValidationCallBack(sender, _caCerts, certificate, chain,
sslPolicyErrors);
};
}
}
// set credentails for the kubernetes client
if (config.TokenProvider != null)
{
CancellationToken cancellationToken = new CancellationTokenSource().Token;
AuthenticationHeaderValue credentials = config.TokenProvider.GetAuthenticationHeaderAsync(cancellationToken).Result;
_credentials = new TokenCredentials(credentials.Parameter, credentials.Scheme);
}
else if (!string.IsNullOrEmpty(config.AccessToken))
{
_credentials = new TokenCredentials(config.AccessToken);
}
else if (!string.IsNullOrEmpty(config.Username))
{
_credentials = new BasicAuthenticationCredentials() { UserName = config.Username, Password = config.Password };
}
var clientCert = ClientCertUtil.GetClientCert(config);
if (clientCert != null)
{
httpClientHandler.ClientCertificates.Add(clientCert);
}
_httpClient = new HttpClient(httpClientHandler);
}