akillibulut
/
cost-model
зеркало из https://github.com/kubecost/cost-model


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586
							package costmodel

import (
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"net/http"
	"os"
	"strings"

	coreenv "github.com/opencost/opencost/core/pkg/env"
	"github.com/opencost/opencost/core/pkg/log"
	nodes "github.com/opencost/opencost/core/pkg/nodestats"
	"github.com/opencost/opencost/pkg/env"
)

const (
	defaultConcurrentPollers = 10
	serviceAccountCaCert     = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
)

func NewNodeClientConfigFromEnv() (*nodes.NodeClientConfig, error) {
	clusterId := coreenv.GetClusterID()
	concurrentPollers := defaultConcurrentPollers
	insecure := env.IsNodeStatsInsecure()
	certFile := env.GetNodeStatsCertFile()
	keyFile := env.GetNodeStatsKeyFile()
	forceKubeProxy := env.IsNodeStatsForceKubeProxy()
	localProxy := env.GetNodeStatsLocalProxy()

	if strings.TrimSpace(clusterId) == "" {
		return nil, fmt.Errorf("cluster id is required and cannot be exclusively whitespace.")
	}

	var transport *http.Transport
	if insecure {
		transport = &http.Transport{
			TLSClientConfig: &tls.Config{
				InsecureSkipVerify: true,
				MinVersion:         tls.VersionTLS12,
			},
		}
	} else {
		pemData, err := os.ReadFile(serviceAccountCaCert)
		if err != nil {
			log.Fatalf("Could not load CA certificate: %v", err)
		}

		caCertPool := x509.NewCertPool()
		caCertPool.AppendCertsFromPEM(pemData)

		var tlsConfig *tls.Config

		if certFile != "" && keyFile != "" {
			cert, err := tls.LoadX509KeyPair(certFile, keyFile)

			if err != nil {
				log.Fatalf("Unable to load cert: %s key: %s error: %v", certFile, keyFile, err)
			}

			tlsConfig = &tls.Config{
				Certificates: []tls.Certificate{cert},
				RootCAs:      caCertPool,
				MinVersion:   tls.VersionTLS12,
			}

			transport = &http.Transport{TLSClientConfig: tlsConfig}
		} else {
			tlsConfig := &tls.Config{
				RootCAs:    caCertPool,
				MinVersion: tls.VersionTLS12,
			}
			transport = &http.Transport{TLSClientConfig: tlsConfig}
		}
	}

	return &nodes.NodeClientConfig{
		ClusterId:         clusterId,
		ConcurrentPollers: concurrentPollers,
		Transport:         transport,
		ProxyConfig: nodes.NodeClientProxyConfig{
			ForceKubeProxy: forceKubeProxy,
			LocalProxy:     localProxy,
		},
	}, nil
}