/// <summary>
/// Set credentials for the Client
/// </summary>
/// <param name="config">k8s client configuration</param>
/// <param name="handler">http client handler for the rest client</param>
/// <returns>Task</returns>
private void SetCredentials(KubernetesClientConfiguration config, HttpClientHandler handler)
{
// set the Credentails for token based auth
if (!string.IsNullOrWhiteSpace(config.AccessToken))
{
Credentials = new TokenCredentials(config.AccessToken);
}
else if (!string.IsNullOrWhiteSpace(config.Username) && !string.IsNullOrWhiteSpace(config.Password))
{
Credentials = new BasicAuthenticationCredentials
{
UserName = config.Username,
Password = config.Password
};
}
#if XAMARINIOS1_0 || MONOANDROID8_1
// handle.ClientCertificates is not implemented in Xamarin.
return;
#endif
if ((!string.IsNullOrWhiteSpace(config.ClientCertificateData) ||
!string.IsNullOrWhiteSpace(config.ClientCertificateFilePath)) &&
(!string.IsNullOrWhiteSpace(config.ClientCertificateKeyData) ||
!string.IsNullOrWhiteSpace(config.ClientKeyFilePath)))
{
var cert = CertUtils.GeneratePfx(config);
#if NET452
((WebRequestHandler)handler).ClientCertificates.Add(cert);
#else
handler.ClientCertificates.Add(cert);
#endif
}
}
/// <summary>
/// Set credentials for the Client
/// </summary>
/// <param name="config">k8s client configuration</param>
/// <param name="handler">http client handler for the rest client</param>
/// <returns>Task</returns>
private void SetCredentials(KubernetesClientConfiguration config, HttpClientHandler handler)
{
// set the Credentails for token based auth
if (!string.IsNullOrWhiteSpace(config.AccessToken))
{
Credentials = new TokenCredentials(config.AccessToken);
}
else if (!string.IsNullOrWhiteSpace(config.Username) && !string.IsNullOrWhiteSpace(config.Password))
{
Credentials = new BasicAuthenticationCredentials
{
UserName = config.Username,
Password = config.Password
};
}
// othwerwise set handler for clinet cert based auth
else if ((!string.IsNullOrWhiteSpace(config.ClientCertificateData) ||
!string.IsNullOrWhiteSpace(config.ClientCertificateFilePath)) &&
(!string.IsNullOrWhiteSpace(config.ClientCertificateKeyData) ||
!string.IsNullOrWhiteSpace(config.ClientKeyFilePath)))
{
var cert = CertUtils.GeneratePfx(config);
handler.ClientCertificates.Add(cert);
}
}
public void AddCertificates(HttpClientHandler handler)
{
if ((!string.IsNullOrWhiteSpace(this.ClientCertificateData) ||
!string.IsNullOrWhiteSpace(this.ClientCertificateFilePath)) &&
(!string.IsNullOrWhiteSpace(this.ClientCertificateKeyData) ||
!string.IsNullOrWhiteSpace(this.ClientKeyFilePath)))
{
var cert = CertUtils.GeneratePfx(this);
#if NET452
((WebRequestHandler)handler).ClientCertificates.Add(cert);
#else
handler.ClientCertificates.Add(cert);
#endif
}
}
public void AddCertificates(HttpClientHandler handler)
{
if (handler == null)
{
throw new ArgumentNullException(nameof(handler));
}
if ((!string.IsNullOrWhiteSpace(ClientCertificateData) ||
!string.IsNullOrWhiteSpace(ClientCertificateFilePath)) &&
(!string.IsNullOrWhiteSpace(ClientCertificateKeyData) ||
!string.IsNullOrWhiteSpace(ClientKeyFilePath)))
{
var cert = CertUtils.GeneratePfx(this);
handler.ClientCertificates.Add(cert);
}
}
private void InitializeFromConfig(KubernetesClientConfiguration config)
{
if (BaseUri.Scheme == "https")
{
if (config.SkipTlsVerify)
{
#if NET5_0_OR_GREATER
HttpClientHandler.SslOptions.RemoteCertificateValidationCallback =
#else
HttpClientHandler.ServerCertificateCustomValidationCallback =
#endif
(sender, certificate, chain, sslPolicyErrors) => true;
}
else
{
if (CaCerts == null)
{
throw new KubeConfigException("A CA must be set when SkipTlsVerify === false");
}
#if NET5_0_OR_GREATER
HttpClientHandler.SslOptions.RemoteCertificateValidationCallback =
#else
HttpClientHandler.ServerCertificateCustomValidationCallback =
#endif
(sender, certificate, chain, sslPolicyErrors) =>
{
return(CertificateValidationCallBack(sender, CaCerts, certificate, chain,
sslPolicyErrors));
};
}
}
// set credentails for the kubernetes client
SetCredentials(config);
var clientCert = CertUtils.GetClientCert(config);
if (clientCert != null)
{
#if NET5_0_OR_GREATER
HttpClientHandler.SslOptions.ClientCertificates.Add(clientCert);
#else
HttpClientHandler.ClientCertificates.Add(clientCert);
#endif
}
}
public static KubernetesClientConfiguration InClusterConfig()
{
if (!IsInCluster())
{
throw new KubeConfigException(
"unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined");
}
var rootCAFile = Path.Combine(serviceAccountPath, ServiceAccountRootCAKeyFileName);
var host = Environment.GetEnvironmentVariable("KUBERNETES_SERVICE_HOST");
var port = Environment.GetEnvironmentVariable("KUBERNETES_SERVICE_PORT");
return(new KubernetesClientConfiguration
{
Host = new UriBuilder("https", host, Convert.ToInt32(port)).ToString(),
TokenProvider = new TokenFileAuth(Path.Combine(serviceAccountPath, ServiceAccountTokenKeyFileName)),
SslCaCerts = CertUtils.LoadPemFileCert(rootCAFile),
});
}
public static KubernetesClientConfiguration InClusterConfig()
{
var host = Environment.GetEnvironmentVariable("KUBERNETES_SERVICE_HOST");
var port = Environment.GetEnvironmentVariable("KUBERNETES_SERVICE_PORT");
if (string.IsNullOrWhiteSpace(host) || string.IsNullOrWhiteSpace(port))
{
throw new KubeConfigException(
"unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined");
}
var token = File.ReadAllText(Path.Combine(ServiceaccountPath, ServiceAccountTokenKeyFileName));
var rootCAFile = Path.Combine(ServiceaccountPath, ServiceAccountRootCAKeyFileName);
return(new KubernetesClientConfiguration
{
Host = new UriBuilder("https", host, Convert.ToInt32(port)).ToString(),
AccessToken = token,
SslCaCert = CertUtils.LoadPemFileCert(rootCAFile)
});
}
public void AddCertificates(HttpClientHandler handler)
{
#if XAMARINIOS1_0 || MONOANDROID8_1
// handle.ClientCertificates is not implemented in Xamarin.
return;
#endif
if ((!string.IsNullOrWhiteSpace(this.ClientCertificateData) ||
!string.IsNullOrWhiteSpace(this.ClientCertificateFilePath)) &&
(!string.IsNullOrWhiteSpace(this.ClientCertificateKeyData) ||
!string.IsNullOrWhiteSpace(this.ClientKeyFilePath)))
{
var cert = CertUtils.GeneratePfx(this);
#if NET452
((WebRequestHandler)handler).ClientCertificates.Add(cert);
#else
handler.ClientCertificates.Add(cert);
#endif
}
}
public static KubernetesClientConfiguration InClusterConfig()
{
if (!IsInCluster())
{
throw new KubeConfigException(
"unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined");
}
var rootCAFile = Path.Combine(ServiceAccountPath, ServiceAccountRootCAKeyFileName);
var host = Environment.GetEnvironmentVariable("KUBERNETES_SERVICE_HOST");
var port = Environment.GetEnvironmentVariable("KUBERNETES_SERVICE_PORT");
if (string.IsNullOrEmpty(host))
{
host = "kubernetes.default.svc";
}
if (string.IsNullOrEmpty(port))
{
port = "443";
}
var result = new KubernetesClientConfiguration
{
Host = new UriBuilder("https", host, Convert.ToInt32(port)).ToString(),
TokenProvider = new TokenFileAuth(Path.Combine(ServiceAccountPath, ServiceAccountTokenKeyFileName)),
SslCaCerts = CertUtils.LoadPemFileCert(rootCAFile),
};
var namespaceFile = Path.Combine(ServiceAccountPath, ServiceAccountNamespaceFileName);
if (FileUtils.FileSystem().File.Exists(namespaceFile))
{
result.Namespace = FileUtils.FileSystem().File.ReadAllText(namespaceFile);
}
return(result);
}
