@@ -21,9 +21,9 @@ import (
21
21
"net/url"
22
22
"time"
23
23
24
- "k8s.io/apimachinery/ pkg/types "
24
+ "github.com/devfile/devworkspace-operator/ pkg/config "
25
25
26
- controller "github.com/devfile/devworkspace-operator/apis/controller/v1alpha1 "
26
+ "k8s.io/apimachinery/pkg/types "
27
27
28
28
"github.com/go-logr/logr"
29
29
corev1 "k8s.io/api/core/v1"
@@ -37,28 +37,25 @@ var (
37
37
healthCheckHttpClient * http.Client
38
38
)
39
39
40
- func setupHttpClients (k8s client.Client , config * controller. OperatorConfiguration , logger logr.Logger ) {
40
+ func setupHttpClients (k8s client.Client , logger logr.Logger ) {
41
41
transport := http .DefaultTransport .(* http.Transport ).Clone ()
42
- if certs , ok := readCertificates (k8s , config , logger ); ok {
43
- for _ , certsPem := range certs {
44
- injectCertificates ([]byte (certsPem ), transport )
45
- }
46
- }
47
42
healthCheckTransport := http .DefaultTransport .(* http.Transport ).Clone ()
48
43
healthCheckTransport .TLSClientConfig = & tls.Config {
49
44
InsecureSkipVerify : true ,
50
45
}
51
46
52
- if config .Routing != nil && config .Routing .ProxyConfig != nil {
47
+ globalConfig := config .GetGlobalConfig ()
48
+
49
+ if globalConfig .Routing != nil && globalConfig .Routing .ProxyConfig != nil {
53
50
proxyConf := httpproxy.Config {}
54
- if config .Routing .ProxyConfig .HttpProxy != nil {
55
- proxyConf .HTTPProxy = * config .Routing .ProxyConfig .HttpProxy
51
+ if globalConfig .Routing .ProxyConfig .HttpProxy != nil {
52
+ proxyConf .HTTPProxy = * globalConfig .Routing .ProxyConfig .HttpProxy
56
53
}
57
- if config .Routing .ProxyConfig .HttpsProxy != nil {
58
- proxyConf .HTTPSProxy = * config .Routing .ProxyConfig .HttpsProxy
54
+ if globalConfig .Routing .ProxyConfig .HttpsProxy != nil {
55
+ proxyConf .HTTPSProxy = * globalConfig .Routing .ProxyConfig .HttpsProxy
59
56
}
60
- if config .Routing .ProxyConfig .NoProxy != nil {
61
- proxyConf .NoProxy = * config .Routing .ProxyConfig .NoProxy
57
+ if globalConfig .Routing .ProxyConfig .NoProxy != nil {
58
+ proxyConf .NoProxy = * globalConfig .Routing .ProxyConfig .NoProxy
62
59
}
63
60
64
61
proxyFunc := func (req * http.Request ) (* url.URL , error ) {
@@ -75,10 +72,19 @@ func setupHttpClients(k8s client.Client, config *controller.OperatorConfiguratio
75
72
Transport : healthCheckTransport ,
76
73
Timeout : 500 * time .Millisecond ,
77
74
}
75
+ InjectCertificates (k8s , logger )
78
76
}
79
77
80
- func readCertificates (k8s client.Client , config * controller.OperatorConfiguration , logger logr.Logger ) (map [string ]string , bool ) {
81
- configmapRef := config .Routing .TLSCertificateConfigmapRef
78
+ func InjectCertificates (k8s client.Client , logger logr.Logger ) {
79
+ if certs , ok := readCertificates (k8s , logger ); ok {
80
+ for _ , certsPem := range certs {
81
+ injectCertificates ([]byte (certsPem ), httpClient .Transport .(* http.Transport ), logger )
82
+ }
83
+ }
84
+ }
85
+
86
+ func readCertificates (k8s client.Client , logger logr.Logger ) (map [string ]string , bool ) {
87
+ configmapRef := config .GetGlobalConfig ().Routing .TLSCertificateConfigmapRef
82
88
if configmapRef == nil {
83
89
return nil , false
84
90
}
@@ -95,10 +101,16 @@ func readCertificates(k8s client.Client, config *controller.OperatorConfiguratio
95
101
return configMap .Data , true
96
102
}
97
103
98
- func injectCertificates (certsPem []byte , transport * http.Transport ) {
104
+ func injectCertificates (certsPem []byte , transport * http.Transport , logger logr. Logger ) {
99
105
caCertPool := transport .TLSClientConfig .RootCAs
100
106
if caCertPool == nil {
101
- caCertPool = x509 .NewCertPool ()
107
+ systemCertPool , err := x509 .SystemCertPool ()
108
+ if err != nil {
109
+ logger .Error (err , "Failed to load system cert pool" )
110
+ caCertPool = x509 .NewCertPool ()
111
+ } else {
112
+ caCertPool = systemCertPool
113
+ }
102
114
}
103
115
if ok := caCertPool .AppendCertsFromPEM (certsPem ); ok {
104
116
transport .TLSClientConfig = & tls.Config {RootCAs : caCertPool }
0 commit comments