fix: merge global agent CA certificates with cluster-specific ones

[cyphercodes]

Description

When system certificates are configured through the global https.agent, they were being ignored by the kubernetes-client because it provides its own dispatcher to undici. This PR merges the global agent's CA certificates with any cluster-specific CA certificates, ensuring that custom CAs configured via the global agent are respected.

Changes

• Modified createDispatcherOptions in src/config.ts to:
  • Read CA certificates from https.globalAgent.options.ca
  • Merge global CA with cluster-specific CA by concatenating them
  • Handle both Buffer and string CA formats, as well as arrays

Testing

Added two new test cases:

1. should merge global agent CA with cluster CA - verifies that when both global and cluster CAs are present, they are concatenated
2. should use global CA when no cluster CA is provided - verifies that global CA is used when no cluster CA is specified

Related Issue

Fixes #2546

[k8s-ci-robot]

Keywords which can automatically close issues and hashtag(#) mentions are not allowed in commit messages.

The list of commits with invalid commit messages:

• 59ec54e fix: merge global agent CA certificates with cluster-specific ones

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[linux-foundation-easycla]

• ❌ - login: @cyphercodes / name: Rayan Salhab . The commit (59ec54e) is not authorized under a signed CLA. Please click here to be authorized. For further assistance with EasyCLA, please submit a support request ticket.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: cyphercodes
Once this PR has been reviewed and has the lgtm label, please assign davidgamero for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Welcome @cyphercodes!

It looks like this is your first PR to kubernetes-client/javascript 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-client/javascript has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[brendandburns]

What is the behavior if tlsOptions.ca is null/undefined? Wouldn't it fall back on the global CA anyway? Why is this necessary?

[brendandburns]

What is the use case for this? If there is a CA in the kubeconfig, that should be the CA for the server, the global CAs shouldn't be necessary.