File tree Expand file tree Collapse file tree
src/main/java/io/kubernetes/client/util Expand file tree Collapse file tree Original file line number Diff line number Diff line change 3030 <dependency >
3131 <groupId >commons-codec</groupId >
3232 <artifactId >commons-codec</artifactId >
33- <version >1.10 </version >
33+ <version >1.11 </version >
3434 </dependency >
3535 <dependency >
3636 <groupId >org.apache.commons</groupId >
Original file line number Diff line number Diff line change @@ -159,7 +159,6 @@ public static ClientBuilder kubeconfig(KubeConfig config) throws IOException {
159159 if (caBytes != null ) {
160160 builder .setCertificateAuthority (caBytes );
161161 }
162-
163162 builder .setVerifyingSsl (config .verifySSL ());
164163
165164 builder .setBasePath (server );
@@ -211,14 +210,23 @@ public ApiClient build() {
211210
212211 client .setVerifyingSsl (verifyingSsl );
213212
214- if (caCertBytes != null ) {
215- client .setSslCaCert (new ByteArrayInputStream (caCertBytes ));
216- }
217-
218213 if (authentication != null ) {
219214 authentication .provide (client );
220215 }
221216
217+ // NOTE: this ordering is important. The API Client re-evaluates the CA certificate every
218+ // time the SSL info changes, which means that if this comes after the following call
219+ // you will try to load a certificate with an exhausted InputStream. So setting the CA
220+ // certificate _has_ to be the last thing that you do related to SSL.
221+ //
222+ // TODO: this (imho) is broken in the generate Java Swagger Client code. We should fix it
223+ // upstream and remove this dependency.
224+ //
225+ // TODO: Add a test to ensure that this works correctly...
226+ if (caCertBytes != null ) {
227+ client .setSslCaCert (new ByteArrayInputStream (caCertBytes ));
228+ }
229+
222230 return client ;
223231 }
224232}
You can’t perform that action at this time.
0 commit comments