Beispiel #1
0
func MakeTransport(config *KubeletConfig) (http.RoundTripper, error) {
	cfg := &Config{TLSClientConfig: config.TLSClientConfig}
	if config.EnableHttps {
		hasCA := len(config.CAFile) > 0 || len(config.CAData) > 0
		if !hasCA {
			cfg.Insecure = true
		}
	}
	tlsConfig, err := TLSConfigFor(cfg)
	if err != nil {
		return nil, err
	}

	transport := http.DefaultTransport
	if config.Dial != nil || tlsConfig != nil {
		transport = util.SetTransportDefaults(&http.Transport{
			Dial:            config.Dial,
			TLSClientConfig: tlsConfig,
		})
	}

	if len(config.BearerToken) > 0 {
		transport = NewBearerAuthRoundTripper(config.BearerToken, transport)
	}

	return transport, nil
}
Beispiel #2
0
// tlsTransportFor returns a http.RoundTripper for the given config, or an error
// The same RoundTripper will be returned for configs with identical TLS options
// If the config has no custom TLS options, http.DefaultTransport is returned
func tlsTransportFor(config *Config) (http.RoundTripper, error) {
	// Get a unique key for the TLS options in the config
	key, err := tlsConfigKey(config)
	if err != nil {
		return nil, err
	}

	// Ensure we only create a single transport for the given TLS options
	tlsTransportLock.Lock()
	defer tlsTransportLock.Unlock()

	// See if we already have a custom transport for this config
	if cachedTransport, ok := tlsTransports[key]; ok {
		return cachedTransport, nil
	}

	// Get the TLS options for this client config
	tlsConfig, err := TLSConfigFor(config)
	if err != nil {
		return nil, err
	}
	// The options didn't require a custom TLS config
	if tlsConfig == nil {
		return http.DefaultTransport, nil
	}

	// Cache a single transport for these options
	tlsTransports[key] = util.SetTransportDefaults(&http.Transport{
		TLSClientConfig: tlsConfig,
	})
	return tlsTransports[key], nil
}