|
|
@@ -2,24 +2,12 @@ package com.redhat.training;
|
|
|
|
|
|
import java.io.BufferedReader;
|
|
|
import java.io.File;
|
|
|
-import java.io.FileInputStream;
|
|
|
import java.io.FileReader;
|
|
|
import java.io.IOException;
|
|
|
import java.net.URI;
|
|
|
import java.net.URISyntaxException;
|
|
|
-import java.security.KeyManagementException;
|
|
|
-import java.security.KeyStore;
|
|
|
-import java.security.KeyStoreException;
|
|
|
-import java.security.NoSuchAlgorithmException;
|
|
|
-import java.security.cert.CertificateException;
|
|
|
-import java.security.cert.CertificateFactory;
|
|
|
-import java.security.cert.X509Certificate;
|
|
|
import java.util.Optional;
|
|
|
|
|
|
-import javax.net.ssl.SSLContext;
|
|
|
-
|
|
|
-import org.apache.http.ssl.SSLContextBuilder;
|
|
|
-import org.apache.http.ssl.SSLContexts;
|
|
|
import org.eclipse.microprofile.config.inject.ConfigProperty;
|
|
|
import org.eclipse.microprofile.rest.client.RestClientBuilder;
|
|
|
import org.jboss.logging.Logger;
|
|
|
@@ -40,8 +28,8 @@ public class Activator {
|
|
|
@ConfigProperty(name = "api.endpoint")
|
|
|
Optional<String> apiserver;
|
|
|
|
|
|
- @ConfigProperty(name = "api.tlsca.file")
|
|
|
- Optional<String> tlsca;
|
|
|
+ // @ConfigProperty(name = "api.tlsca.file")
|
|
|
+ // Optional<String> tlsca;
|
|
|
|
|
|
ApiClient k8s;
|
|
|
|
|
|
@@ -74,50 +62,50 @@ public class Activator {
|
|
|
apiserver = Optional.of("https://kubernetes.default/");
|
|
|
}
|
|
|
|
|
|
- // Check for TLS CA cert.
|
|
|
- SSLContext sc = null;
|
|
|
- if (apiserver.get().startsWith("https://")) {
|
|
|
- // API URL is HTTPS (as it should be)
|
|
|
- File tlscaFile;
|
|
|
- if (tlsca.isPresent() && !tlsca.get().isEmpty()) {
|
|
|
- LOG.debug("Got TLS CA cert file from environment, checking.");
|
|
|
- tlscaFile = new File(tlsca.get());
|
|
|
- } else {
|
|
|
- LOG.warn("TLS CA cert not found in environment. Trying service account.");
|
|
|
- tlscaFile = new File("/var/run/secrets/kubernetes.io/serviceaccount/ca.crt");
|
|
|
- }
|
|
|
- if (!tlscaFile.exists()) {
|
|
|
- throw new RuntimeException("TLS CA cert file set, but does not exist.");
|
|
|
- }
|
|
|
- // Try to build an SSLContext by using a PEM file.
|
|
|
- LOG.info("Attempting to build SSLContext with " + tlscaFile.getAbsolutePath());
|
|
|
- try {
|
|
|
- KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
|
|
|
- ks.load(null);
|
|
|
-
|
|
|
- X509Certificate crt = (X509Certificate)CertificateFactory.getInstance("X509")
|
|
|
- .generateCertificate(new FileInputStream(tlscaFile));
|
|
|
-
|
|
|
- ks.setCertificateEntry(crt.getSubjectX500Principal().getName(), crt);
|
|
|
-
|
|
|
- SSLContextBuilder scb = SSLContexts.custom().loadTrustMaterial(ks, (a, b) -> {return true;});
|
|
|
- sc = scb.build();
|
|
|
- } catch (NoSuchAlgorithmException | KeyStoreException | CertificateException | IOException | KeyManagementException e) {
|
|
|
- throw new RuntimeException("Could not load TLS CA: " + e.getMessage(), e);
|
|
|
- }
|
|
|
- }
|
|
|
+ // // Check for TLS CA cert.
|
|
|
+ // SSLContext sc = null;
|
|
|
+ // if (apiserver.get().startsWith("https://")) {
|
|
|
+ // // API URL is HTTPS (as it should be)
|
|
|
+ // File tlscaFile;
|
|
|
+ // if (tlsca.isPresent() && !tlsca.get().isEmpty()) {
|
|
|
+ // LOG.debug("Got TLS CA cert file from environment, checking.");
|
|
|
+ // tlscaFile = new File(tlsca.get());
|
|
|
+ // } else {
|
|
|
+ // LOG.warn("TLS CA cert not found in environment. Trying service account.");
|
|
|
+ // tlscaFile = new File("/var/run/secrets/kubernetes.io/serviceaccount/ca.crt");
|
|
|
+ // }
|
|
|
+ // if (!tlscaFile.exists()) {
|
|
|
+ // throw new RuntimeException("TLS CA cert file set, but does not exist.");
|
|
|
+ // }
|
|
|
+ // // Try to build an SSLContext by using a PEM file.
|
|
|
+ // LOG.info("Attempting to build SSLContext with " + tlscaFile.getAbsolutePath());
|
|
|
+ // try {
|
|
|
+ // KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
|
|
|
+ // ks.load(null);
|
|
|
+
|
|
|
+ // X509Certificate crt = (X509Certificate)CertificateFactory.getInstance("X509")
|
|
|
+ // .generateCertificate(new FileInputStream(tlscaFile));
|
|
|
+
|
|
|
+ // ks.setCertificateEntry(crt.getSubjectX500Principal().getName(), crt);
|
|
|
+
|
|
|
+ // SSLContextBuilder scb = SSLContexts.custom().loadTrustMaterial(ks, (a, b) -> {return true;});
|
|
|
+ // sc = scb.build();
|
|
|
+ // } catch (NoSuchAlgorithmException | KeyStoreException | CertificateException | IOException | KeyManagementException e) {
|
|
|
+ // throw new RuntimeException("Could not load TLS CA: " + e.getMessage(), e);
|
|
|
+ // }
|
|
|
+ // }
|
|
|
|
|
|
try {
|
|
|
- if (sc == null) {
|
|
|
+ // if (sc == null) {
|
|
|
this.k8s = RestClientBuilder.newBuilder()
|
|
|
.baseUri(new URI(this.apiserver.get()))
|
|
|
.build(ApiClient.class);
|
|
|
- } else {
|
|
|
- this.k8s = RestClientBuilder.newBuilder()
|
|
|
- .baseUri(new URI(this.apiserver.get()))
|
|
|
- .sslContext(sc)
|
|
|
- .build(ApiClient.class);
|
|
|
- }
|
|
|
+ // } else {
|
|
|
+ // this.k8s = RestClientBuilder.newBuilder()
|
|
|
+ // .baseUri(new URI(this.apiserver.get()))
|
|
|
+ // .sslContext(sc)
|
|
|
+ // .build(ApiClient.class);
|
|
|
+ // }
|
|
|
} catch (URISyntaxException use) {
|
|
|
throw new RuntimeException("Could not construct BASE URI for REST client: " + use.getMessage(), use);
|
|
|
}
|
