Skip to content

Dispose certificates in Kubernetes.Dispose() #1191

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 1, 2023
Merged

Dispose certificates in Kubernetes.Dispose() #1191

merged 2 commits into from
Feb 1, 2023
+39 −34

Conversation

@shenglol
Copy link
Contributor

@shenglol shenglol commented Feb 1, 2023

The Kubernetes constructor creates client and SSL CA certs via new X509Certificate2(...) if the kubeconfig contains cert path/data. As a result, on Windows, some one-time use files may be created for each new Kuberentes(...) call (see The most dangerous constructor in .NET).

According to the SO answer, the files will be removed by GC and calling Dispose is not required. However, since GC is not guaranteed to invoke all finalizers, we cannot rely on it to do the cleanup. I ran a local test and found that the files are not always cleaned up automatically. Thus, calling X509Certificate2.Dispose() is a must. This is also mentioned in the MS doc.

The PR updates Kubernetes.Dispose() to dispose certificates.

Closes #1189.

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Feb 1, 2023
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Feb 1, 2023

Welcome @shenglol!

It looks like this is your first PR to kubernetes-client/csharp 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-client/csharp has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Feb 1, 2023
@shenglol shenglol mentioned this pull request Feb 1, 2023
Closed
brendandburns
brendandburns reviewed Feb 1, 2023
View reviewed changes
src/KubernetesClient/Kubernetes.WebSocket.cs
}

// Set Credentials
if (this.ClientCert != null)
Copy link
Contributor

@brendandburns brendandburns Feb 1, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are you deleting this?

Copy link
Contributor Author

@shenglol shenglol Feb 1, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is dead code. this.ClientCert is never assigned and is always null before the change. I did a git blame and it seems it's a leftover from a previous refactoring. The logic is covered by the code blow.

@brendandburns
Copy link
Contributor

brendandburns commented Feb 1, 2023

Generally looks good, one comment.

tg123
tg123 approved these changes Feb 1, 2023
View reviewed changes
Copy link
Member

@tg123 tg123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/LGTM

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 1, 2023
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Feb 1, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: shenglol, tg123

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 1, 2023
@k8s-ci-robot k8s-ci-robot merged commit e150837 into kubernetes-client:master Feb 1, 2023
This was referenced Sep 17, 2025
Closed
Open
Closed
Open
@dependabot dependabot bot mentioned this pull request Oct 15, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brendandburns brendandburns brendandburns left review comments

@tg123 tg123 tg123 approved these changes

Assignees

@tg123 tg123

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Got "There is not enough space on the disk" error when testing the Kubernetes client in a Windows based CI pipeline

4 participants

@shenglol @k8s-ci-robot @brendandburns @tg123