func MakeTransport(config *KubeletConfig) (http.RoundTripper, error) {
cfg := &Config{TLSClientConfig: config.TLSClientConfig}
if config.EnableHttps {
hasCA := len(config.CAFile) > 0 || len(config.CAData) > 0
if !hasCA {
cfg.Insecure = true
}
}
tlsConfig, err := TLSConfigFor(cfg)
if err != nil {
return nil, err
}
transport := http.DefaultTransport
if config.Dial != nil || tlsConfig != nil {
transport = util.SetTransportDefaults(&http.Transport{
Dial: config.Dial,
TLSClientConfig: tlsConfig,
})
}
if len(config.BearerToken) > 0 {
transport = NewBearerAuthRoundTripper(config.BearerToken, transport)
}
return transport, nil
}
// tlsTransportFor returns a http.RoundTripper for the given config, or an error
// The same RoundTripper will be returned for configs with identical TLS options
// If the config has no custom TLS options, http.DefaultTransport is returned
func tlsTransportFor(config *Config) (http.RoundTripper, error) {
// Get a unique key for the TLS options in the config
key, err := tlsConfigKey(config)
if err != nil {
return nil, err
}
// Ensure we only create a single transport for the given TLS options
tlsTransportLock.Lock()
defer tlsTransportLock.Unlock()
// See if we already have a custom transport for this config
if cachedTransport, ok := tlsTransports[key]; ok {
return cachedTransport, nil
}
// Get the TLS options for this client config
tlsConfig, err := TLSConfigFor(config)
if err != nil {
return nil, err
}
// The options didn't require a custom TLS config
if tlsConfig == nil {
return http.DefaultTransport, nil
}
// Cache a single transport for these options
tlsTransports[key] = util.SetTransportDefaults(&http.Transport{
TLSClientConfig: tlsConfig,
})
return tlsTransports[key], nil
}