csharp icon indicating copy to clipboard operation
csharp copied to clipboard
verified publisher icon kubernetes-client

Not all certificates from certificate-authority-data are loaded

Open WakaToa opened this issue 1 month ago • 0 comments

Describe the bug If i export a kubeconfig from Rancher there are three certificates present in the certificate-authority-data.

SetClusterDetails in KubernetesClientConfiguration.ConfigFile.cs uses X509CertificateLoader.LoadCertificate to load the certificate, but that does not support certificate collections. Therefore only the first certificate is loaded and the other two are lost and not added to SslCaCerts.

Kubernetes C# SDK Client Version 18.0.5

Dotnet Runtime Version .NET 9.0+

To Reproduce Load a kubeconfig file with more than one certificate. SslCaCerts will only contain the first one.

Expected behavior All certificates are loaded.

Potential fix X509Certificate2Collection.ImportFromPem imports a collection of PEM certificates and could be a potential fix. At least thats what we do as a workaround for now:

// Import all Certificates
var certData = kubernetesConfiguration.Clusters.FirstOrDefault()?.ClusterEndpoint?.CertificateAuthorityData;

if (!string.IsNullOrWhiteSpace(certData))
{
    var collection = new X509Certificate2Collection();
    var pemText = Encoding.UTF8.GetString(Convert.FromBase64String(certData));
    collection.ImportFromPem(pemText);

    kubernetesClientConfig.SslCaCerts = collection;
}

WakaToa avatar Nov 25 '25 13:11 WakaToa