Dispose certs created by Kuberentes

Author: shenglol

src/KubernetesClient/Kubernetes.ConfigInit.cs

@@ -90,27 +90,27 @@ private void InitializeFromConfig(KubernetesClientConfiguration config)
             // set credentails for the kubernetes client
             SetCredentials(config);
 
-            var clientCert = CertUtils.GetClientCert(config);
-            if (clientCert != null)
+            ClientCert = CertUtils.GetClientCert(config);
+            if (ClientCert != null)
             {
 #if NET5_0_OR_GREATER
-                HttpClientHandler.SslOptions.ClientCertificates.Add(clientCert);
+                HttpClientHandler.SslOptions.ClientCertificates.Add(ClientCert);
 
                 // TODO this is workaround for net7.0, remove it when the issue is fixed
                 // seems the client certificate is cached and cannot be updated
                 HttpClientHandler.SslOptions.LocalCertificateSelectionCallback = (sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) =>
                 {
-                    return clientCert;
+                    return ClientCert;
                 };
 #else
-                HttpClientHandler.ClientCertificates.Add(clientCert);
+                HttpClientHandler.ClientCertificates.Add(ClientCert);
 #endif
             }
         }
 
         private X509Certificate2Collection CaCerts { get; }
 
-        private X509Certificate2 ClientCert { get; }
+        private X509Certificate2 ClientCert { get; set; }
 
         private bool SkipTlsVerify { get; }
 

src/KubernetesClient/Kubernetes.WebSocket.cs

@@ -239,11 +239,6 @@ protected async Task<WebSocket> StreamConnectAsync(Uri uri, string webSocketSubP
             }
 
             // Set Credentials
-            if (this.ClientCert != null)
-            {
-                webSocketBuilder.AddClientCertificate(this.ClientCert);
-            }
-
             if (this.HttpClientHandler != null)
             {
 #if NET5_0_OR_GREATER

src/KubernetesClient/Kubernetes.cs

@@ -202,12 +202,27 @@ public void Dispose()
         /// <param name="disposing">True to release both managed and unmanaged resources; false to releases only unmanaged resources.</param>
         protected virtual void Dispose(bool disposing)
         {
-            if (!_disposed)
+            if (disposing && !_disposed)
             {
                 _disposed = true;
 
                 // Dispose the client
                 HttpClient?.Dispose();
+
+                // Dispose the certificates
+                if (CaCerts is not null)
+                {
+                    foreach (var caCert in CaCerts)
+                    {
+                        caCert.Dispose();
+                    }
+
+                    CaCerts.Clear();
+                }
+
+
+                ClientCert?.Dispose();
+
                 HttpClient = null;
                 FirstMessageHandler = null;
                 HttpClientHandler = null;