// newAPIClient creates a new client to speak to the kubernetes api service func (r *kubeAPIImpl) newAPIClient() (*unversioned.Client, error) { // step: create the configuration cfg := unversioned.Config{ Host: getURL(), Insecure: config.HTTPInsecure, Version: config.APIVersion, } // check: ensure the token file exists if config.TokenFile != "" { if _, err := os.Stat(config.TokenFile); os.IsNotExist(err) { return nil, fmt.Errorf("the token file: %s does not exist", config.TokenFile) } content, err := ioutil.ReadFile(config.TokenFile) if err != nil { return nil, fmt.Errorf("unable to read the token file: %s, error: %s", config.TokenFile, err) } config.Token = string(content) } // check: are we using a user token to authenticate? if config.Token != "" { cfg.BearerToken = config.Token } // check: are we using a cert to authenticate if config.CaCertFile != "" { cfg.Insecure = false cfg.TLSClientConfig = unversioned.TLSClientConfig{ CAFile: config.CaCertFile, } } // step: initialize the client kube, err := unversioned.New(&cfg) if err != nil { return nil, fmt.Errorf("unable to create a kubernetes api client, reason: %s", err) } return kube, nil }
func makeTransport(config *schedulerapi.ExtenderConfig) (http.RoundTripper, error) { var cfg client.Config if config.TLSConfig != nil { cfg.TLSClientConfig = *config.TLSConfig } if config.EnableHttps { hasCA := len(cfg.CAFile) > 0 || len(cfg.CAData) > 0 if !hasCA { cfg.Insecure = true } } tlsConfig, err := client.TLSConfigFor(&cfg) if err != nil { return nil, err } if tlsConfig != nil { return &http.Transport{ TLSClientConfig: tlsConfig, }, nil } return http.DefaultTransport, nil }