Support No Check X509TrustManager in KubernetesApiServiceDiscovery

[YouXiang-Wang]

I am working on look up Kubernetes's pods by Kubernetes rest api. Actually, I want to access kube api server without TrustManager configuration.

For currently implementation, I have no way to override the httpsContext because it is private.

  private val httpsTrustStoreConfig =
    TrustStoreConfig(data = None, filePath = Some(settings.apiCaPath)).withStoreType("PEM")

  private val httpsConfig =
    AkkaSSLConfig()(system).mapSettings(
        s => s.withTrustManagerConfig(s.trustManagerConfig.withTrustStoreConfigs(Seq(httpsTrustStoreConfig))))

  private val httpsContext = http.createClientHttpsContext(httpsConfig)

Could we change the httpsContext as protected which could be overrided on demand?

protected val httpsContext = http.createClientHttpsContext(httpsConfig)

[raboof]

While I'm surprised this is needed and it'd be better to correctly configure the trustmanager, I agree it can make sense to have an 'escape hatch' here.

As KubernetesApiServiceDiscovery is created by reflection, I guess there's 2 ways to achieve this: via configuration or via subclassing. Your proposal, allowing it via subclassing, seems like a reasonable idea.

Perhaps instead of making httpsConfig protected we should introduce a protected method that can be overridden, receives the system as a parameter and produces the HttpsConnectionContext?

Would you be interested in creating a PR?

[YouXiang-Wang]

@raboof ok. sure. My pleasure to do this.