// newAPIClient creates a new client to speak to the kubernetes api service
func (r *kubeAPIImpl) newAPIClient() (*unversioned.Client, error) {
// step: create the configuration
cfg := unversioned.Config{
Host: getURL(),
Insecure: config.HTTPInsecure,
Version: config.APIVersion,
}
// check: ensure the token file exists
if config.TokenFile != "" {
if _, err := os.Stat(config.TokenFile); os.IsNotExist(err) {
return nil, fmt.Errorf("the token file: %s does not exist", config.TokenFile)
}
content, err := ioutil.ReadFile(config.TokenFile)
if err != nil {
return nil, fmt.Errorf("unable to read the token file: %s, error: %s", config.TokenFile, err)
}
config.Token = string(content)
}
// check: are we using a user token to authenticate?
if config.Token != "" {
cfg.BearerToken = config.Token
}
// check: are we using a cert to authenticate
if config.CaCertFile != "" {
cfg.Insecure = false
cfg.TLSClientConfig = unversioned.TLSClientConfig{
CAFile: config.CaCertFile,
}
}
// step: initialize the client
kube, err := unversioned.New(&cfg)
if err != nil {
return nil, fmt.Errorf("unable to create a kubernetes api client, reason: %s", err)
}
return kube, nil
}
func makeTransport(config *schedulerapi.ExtenderConfig) (http.RoundTripper, error) {
var cfg client.Config
if config.TLSConfig != nil {
cfg.TLSClientConfig = *config.TLSConfig
}
if config.EnableHttps {
hasCA := len(cfg.CAFile) > 0 || len(cfg.CAData) > 0
if !hasCA {
cfg.Insecure = true
}
}
tlsConfig, err := client.TLSConfigFor(&cfg)
if err != nil {
return nil, err
}
if tlsConfig != nil {
return &http.Transport{
TLSClientConfig: tlsConfig,
}, nil
}
return http.DefaultTransport, nil
}
