Enhance certificate handling for .NET 9 compatibility in KubernetesClientConfiguration (#1638)

2025-07-14 11:12:24 -07:00
parent 67d457a3a2
commit 9efecfdcd4
2 changed files with 14 additions and 6 deletions
--- a/src/KubernetesClient.Aot/KubernetesClient.Aot.csproj
+++ b/src/KubernetesClient.Aot/KubernetesClient.Aot.csproj
@@ -6,6 +6,7 @@
    <PublishAot>true</PublishAot>
    <IsAotCompatible>true</IsAotCompatible>
    <EmitCompilerGeneratedFiles>true</EmitCompilerGeneratedFiles>
+    <DefineConstants>$(DefineConstants);K8S_AOT</DefineConstants>
  </PropertyGroup>

  <ItemGroup>
@@ -104,10 +105,6 @@
    <Compile Include="..\KubernetesClient\Authentication\TokenCredentials.cs" />
  </ItemGroup>

-  <ItemGroup>
-    <Reference Include="System.Net.Http" Condition="'$(TargetFramework)' == 'net48'" />
-  </ItemGroup>
-
  <ItemGroup>
    <ProjectReference Include="..\LibKubernetesGenerator\generators\LibKubernetesGenerator\LibKubernetesGenerator.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
  </ItemGroup>
--- a/src/KubernetesClient.Aot/KubernetesClientConfiguration.ConfigFile.cs
+++ b/src/KubernetesClient.Aot/KubernetesClientConfiguration.ConfigFile.cs
@@ -306,21 +306,32 @@ namespace k8s
            {
                if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthorityData))
                {
+                    var data = clusterDetails.ClusterEndpoint.CertificateAuthorityData;
+#if NET9_0_OR_GREATER
+                    SslCaCerts = new X509Certificate2Collection(X509CertificateLoader.LoadCertificate(Convert.FromBase64String(data)));
+#else
+                    string nullPassword = null;
                    // This null password is to change the constructor to fix this KB:
                    // https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b
-                    string nullPassword = null;
-                    var data = clusterDetails.ClusterEndpoint.CertificateAuthorityData;
                    SslCaCerts = new X509Certificate2Collection(new X509Certificate2(Convert.FromBase64String(data), nullPassword));
+#endif
                }
                else if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthority))
                {
+#if NET9_0_OR_GREATER
+                    SslCaCerts = new X509Certificate2Collection(X509CertificateLoader.LoadCertificateFromFile(GetFullPath(
+                        k8SConfig,
+                        clusterDetails.ClusterEndpoint.CertificateAuthority)));
+#else
                    SslCaCerts = new X509Certificate2Collection(new X509Certificate2(GetFullPath(
                        k8SConfig,
                        clusterDetails.ClusterEndpoint.CertificateAuthority)));
+#endif
                }
            }
        }

+
        private void SetUserDetails(K8SConfiguration k8SConfig, Context activeContext)
        {
            if (string.IsNullOrWhiteSpace(activeContext.ContextDetails.User))