From 2a1286c8f20db16780dde03d48c2ccb700261beb Mon Sep 17 00:00:00 2001
From: Jordan Liggitt <jliggitt@redhat.com>
Date: Fri, 2 Oct 2015 00:30:49 -0400
Subject: [PATCH] Add util to set transport defaults

---
 pkg/apiserver/validator.go                     | 14 ++++----------
 pkg/client/unversioned/helper.go               | 10 ++--------
 pkg/client/unversioned/kubelet.go              |  6 ++++--
 pkg/util/http.go                               | 18 ++++++++++++++++++
 .../pkg/auth/authenticator/token/oidc/oidc.go  | 11 ++---------
 5 files changed, 30 insertions(+), 29 deletions(-)

diff --git a/pkg/apiserver/validator.go b/pkg/apiserver/validator.go
index a3916da6867..b9860a4b109 100644
--- a/pkg/apiserver/validator.go
+++ b/pkg/apiserver/validator.go
@@ -23,9 +23,9 @@ import (
 	"net"
 	"net/http"
 	"strconv"
-	"time"
 
 	"k8s.io/kubernetes/pkg/probe"
+	"k8s.io/kubernetes/pkg/util"
 )
 
 // TODO: this basic interface is duplicated in N places.  consolidate?
@@ -59,15 +59,9 @@ func (server *Server) DoServerCheck(rt http.RoundTripper) (probe.Result, string,
 		// TODO(roberthbailey): The servers that use HTTPS are currently the
 		// kubelets, and we should be using a standard kubelet client library
 		// to talk to them rather than a separate http client.
-		transport := &http.Transport{
-			Proxy: http.ProxyFromEnvironment,
-			Dial: (&net.Dialer{
-				Timeout:   30 * time.Second,
-				KeepAlive: 30 * time.Second,
-			}).Dial,
-			TLSHandshakeTimeout: 10 * time.Second,
-			TLSClientConfig:     &tls.Config{InsecureSkipVerify: true},
-		}
+		transport := util.SetTransportDefaults(&http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		})
 
 		client = &http.Client{Transport: transport}
 		scheme = "https://"
diff --git a/pkg/client/unversioned/helper.go b/pkg/client/unversioned/helper.go
index f93c2417eaf..dbd7d85ce6a 100644
--- a/pkg/client/unversioned/helper.go
+++ b/pkg/client/unversioned/helper.go
@@ -380,15 +380,9 @@ func tlsTransportFor(config *Config) (http.RoundTripper, error) {
 	}
 
 	// Cache a single transport for these options
-	tlsTransports[key] = &http.Transport{
+	tlsTransports[key] = util.SetTransportDefaults(&http.Transport{
 		TLSClientConfig: tlsConfig,
-		Proxy:           http.ProxyFromEnvironment,
-		Dial: (&net.Dialer{
-			Timeout:   30 * time.Second,
-			KeepAlive: 30 * time.Second,
-		}).Dial,
-		TLSHandshakeTimeout: 10 * time.Second,
-	}
+	})
 	return tlsTransports[key], nil
 }
 
diff --git a/pkg/client/unversioned/kubelet.go b/pkg/client/unversioned/kubelet.go
index 004f3b192f5..975e13a67da 100644
--- a/pkg/client/unversioned/kubelet.go
+++ b/pkg/client/unversioned/kubelet.go
@@ -19,6 +19,8 @@ package unversioned
 import (
 	"errors"
 	"net/http"
+
+	"k8s.io/kubernetes/pkg/util"
 )
 
 // KubeletClient is an interface for all kubelet functionality
@@ -49,10 +51,10 @@ func MakeTransport(config *KubeletConfig) (http.RoundTripper, error) {
 		return nil, err
 	}
 	if config.Dial != nil || tlsConfig != nil {
-		return &http.Transport{
+		return util.SetTransportDefaults(&http.Transport{
 			Dial:            config.Dial,
 			TLSClientConfig: tlsConfig,
-		}, nil
+		}), nil
 	} else {
 		return http.DefaultTransport, nil
 	}
diff --git a/pkg/util/http.go b/pkg/util/http.go
index eca9affc833..e8253fa80f5 100644
--- a/pkg/util/http.go
+++ b/pkg/util/http.go
@@ -18,6 +18,7 @@ package util
 
 import (
 	"io"
+	"net/http"
 	"net/url"
 	"strings"
 )
@@ -44,3 +45,20 @@ func IsProbableEOF(err error) bool {
 	}
 	return false
 }
+
+var defaultTransport = http.DefaultTransport.(*http.Transport)
+
+// SetTransportDefaults applies the defaults from http.DefaultTransport
+// for the Proxy, Dial, and TLSHandshakeTimeout fields if unset
+func SetTransportDefaults(t *http.Transport) *http.Transport {
+	if t.Proxy == nil {
+		t.Proxy = defaultTransport.Proxy
+	}
+	if t.Dial == nil {
+		t.Dial = defaultTransport.Dial
+	}
+	if t.TLSHandshakeTimeout == 0 {
+		t.TLSHandshakeTimeout = defaultTransport.TLSHandshakeTimeout
+	}
+	return t
+}
diff --git a/plugin/pkg/auth/authenticator/token/oidc/oidc.go b/plugin/pkg/auth/authenticator/token/oidc/oidc.go
index 6f9f7e226dd..3975f1737e8 100644
--- a/plugin/pkg/auth/authenticator/token/oidc/oidc.go
+++ b/plugin/pkg/auth/authenticator/token/oidc/oidc.go
@@ -21,7 +21,6 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
-	"net"
 	"net/http"
 	"net/url"
 	"time"
@@ -72,17 +71,11 @@ func New(issuerURL, clientID, caFile, usernameClaim string) (*OIDCAuthenticator,
 	}
 
 	// Copied from http.DefaultTransport.
-	tr := &http.Transport{
+	tr := util.SetTransportDefaults(&http.Transport{
 		// According to golang's doc, if RootCAs is nil,
 		// TLS uses the host's root CA set.
 		TLSClientConfig: &tls.Config{RootCAs: roots},
-		Proxy:           http.ProxyFromEnvironment,
-		Dial: (&net.Dialer{
-			Timeout:   30 * time.Second,
-			KeepAlive: 30 * time.Second,
-		}).Dial,
-		TLSHandshakeTimeout: 10 * time.Second,
-	}
+	})
 
 	hc := &http.Client{}
 	hc.Transport = tr