harmonize spelling of frontProxy (variable) and front-proxy (kube ide…

…ntifier), reduce public interface

On-behalf-of: @SAP christoph.mewes@sap.com

README.md

@@ -43,15 +43,15 @@ graph TB
 
     C --> D(kcp-etcd-client-ca):::ca
     C --> E(kcp-etcd-peer-ca):::ca
-    C --> F($rootshard-fp-client-ca):::ca
+    C --> F($rootshard-front-proxy-client-ca):::ca
     C --> G($rootshard-server-ca):::ca
     C --> H($rootshard-requestheaer-client-ca):::ca
     C --> I($rootshard-client-ca):::ca
     C --> J(kcp-service-account-ca):::ca
 
     D --> K([kcp-etcd-client-issuer]):::issuer
     E --> L([kcp-etcd-peer-issuer]):::issuer
-    F --> M([$rootshard-fp-client-ca]):::issuer
+    F --> M([$rootshard-front-proxy-client-ca]):::issuer
     G --> N([$rootshard-server-ca]):::issuer
     H --> O([$rootshard-requestheader-client-ca]):::issuer
     I --> P([$rootshard-client-ca]):::issuer

internal/controller/frontproxy_controller_test.go

@@ -42,7 +42,7 @@ var _ = Describe("FrontProxy Controller", func() {
 			Name:      resourceName,
 			Namespace: "default",
 		}
-		frontproxy := &operatorv1alpha1.FrontProxy{}
+		frontProxy := &operatorv1alpha1.FrontProxy{}
 		rootShard := &operatorv1alpha1.RootShard{}
 		rootShardNamespacedName := types.NamespacedName{
 			Name:      fmt.Sprintf("rootshard-%s", resourceName),
@@ -74,7 +74,7 @@ var _ = Describe("FrontProxy Controller", func() {
 			}
 
 			By("creating a FrontProxy object")
-			err = k8sClient.Get(ctx, typeNamespacedName, frontproxy)
+			err = k8sClient.Get(ctx, typeNamespacedName, frontProxy)
 			if err != nil && errors.IsNotFound(err) {
 				resource := &operatorv1alpha1.FrontProxy{
 					ObjectMeta: metav1.ObjectMeta{

internal/resources/frontproxy/certificates.go

@@ -25,20 +25,20 @@ import (
 	operatorv1alpha1 "github.com/kcp-dev/kcp-operator/sdk/apis/operator/v1alpha1"
 )
 
-func ServerCertificateReconciler(frontproxy *operatorv1alpha1.FrontProxy, rootshard *operatorv1alpha1.RootShard) reconciling.NamedCertificateReconcilerFactory {
-	name := resources.GetFrontProxyCertificateName(rootshard, frontproxy, operatorv1alpha1.ServerCertificate)
+func ServerCertificateReconciler(frontProxy *operatorv1alpha1.FrontProxy, rootShard *operatorv1alpha1.RootShard) reconciling.NamedCertificateReconcilerFactory {
+	name := resources.GetFrontProxyCertificateName(rootShard, frontProxy, operatorv1alpha1.ServerCertificate)
 
 	dnsNames := []string{
-		rootshard.Spec.External.Hostname,
+		rootShard.Spec.External.Hostname,
 	}
 
-	if frontproxy.Spec.ExternalHostname != "" {
-		dnsNames = append(dnsNames, frontproxy.Spec.ExternalHostname)
+	if frontProxy.Spec.ExternalHostname != "" {
+		dnsNames = append(dnsNames, frontProxy.Spec.ExternalHostname)
 	}
 
 	return func() (string, reconciling.CertificateReconciler) {
 		return name, func(cert *certmanagerv1.Certificate) (*certmanagerv1.Certificate, error) {
-			cert.SetLabels(resources.GetFrontProxyResourceLabels(frontproxy))
+			cert.SetLabels(resources.GetFrontProxyResourceLabels(frontProxy))
 			cert.Spec = certmanagerv1.CertificateSpec{
 				SecretName:  name,
 				Duration:    &operatorv1alpha1.DefaultCertificateDuration,
@@ -56,7 +56,7 @@ func ServerCertificateReconciler(frontproxy *operatorv1alpha1.FrontProxy, rootsh
 				DNSNames: dnsNames,
 
 				IssuerRef: certmanagermetav1.ObjectReference{
-					Name:  resources.GetRootShardCAName(rootshard, operatorv1alpha1.ServerCA),
+					Name:  resources.GetRootShardCAName(rootShard, operatorv1alpha1.ServerCA),
 					Kind:  "Issuer",
 					Group: "cert-manager.io",
 				},
@@ -67,12 +67,12 @@ func ServerCertificateReconciler(frontproxy *operatorv1alpha1.FrontProxy, rootsh
 	}
 }
 
-func AdminKubeconfigCertificateReconciler(frontproxy *operatorv1alpha1.FrontProxy, rootshard *operatorv1alpha1.RootShard) reconciling.NamedCertificateReconcilerFactory {
-	name := resources.GetFrontProxyCertificateName(rootshard, frontproxy, operatorv1alpha1.AdminKubeconfigClientCertificate)
+func AdminKubeconfigCertificateReconciler(frontProxy *operatorv1alpha1.FrontProxy, rootShard *operatorv1alpha1.RootShard) reconciling.NamedCertificateReconcilerFactory {
+	name := resources.GetFrontProxyCertificateName(rootShard, frontProxy, operatorv1alpha1.AdminKubeconfigClientCertificate)
 
 	return func() (string, reconciling.CertificateReconciler) {
 		return name, func(cert *certmanagerv1.Certificate) (*certmanagerv1.Certificate, error) {
-			cert.SetLabels(resources.GetFrontProxyResourceLabels(frontproxy))
+			cert.SetLabels(resources.GetFrontProxyResourceLabels(frontProxy))
 			cert.Spec = certmanagerv1.CertificateSpec{
 				SecretName:  name,
 				Duration:    &operatorv1alpha1.DefaultCertificateDuration,
@@ -94,7 +94,7 @@ func AdminKubeconfigCertificateReconciler(frontproxy *operatorv1alpha1.FrontProx
 				},
 
 				IssuerRef: certmanagermetav1.ObjectReference{
-					Name:  resources.GetRootShardCAName(rootshard, operatorv1alpha1.FrontProxyClientCA),
+					Name:  resources.GetRootShardCAName(rootShard, operatorv1alpha1.FrontProxyClientCA),
 					Kind:  "Issuer",
 					Group: "cert-manager.io",
 				},
@@ -105,12 +105,12 @@ func AdminKubeconfigCertificateReconciler(frontproxy *operatorv1alpha1.FrontProx
 	}
 }
 
-func KubeconfigCertificateReconciler(frontproxy *operatorv1alpha1.FrontProxy, rootshard *operatorv1alpha1.RootShard) reconciling.NamedCertificateReconcilerFactory {
-	name := resources.GetFrontProxyCertificateName(rootshard, frontproxy, operatorv1alpha1.KubeconfigCertificate)
+func KubeconfigCertificateReconciler(frontProxy *operatorv1alpha1.FrontProxy, rootShard *operatorv1alpha1.RootShard) reconciling.NamedCertificateReconcilerFactory {
+	name := resources.GetFrontProxyCertificateName(rootShard, frontProxy, operatorv1alpha1.KubeconfigCertificate)
 
 	return func() (string, reconciling.CertificateReconciler) {
 		return name, func(cert *certmanagerv1.Certificate) (*certmanagerv1.Certificate, error) {
-			cert.SetLabels(resources.GetFrontProxyResourceLabels(frontproxy))
+			cert.SetLabels(resources.GetFrontProxyResourceLabels(frontProxy))
 			cert.Spec = certmanagerv1.CertificateSpec{
 				SecretName:  name,
 				Duration:    &operatorv1alpha1.DefaultCertificateDuration,
@@ -132,7 +132,7 @@ func KubeconfigCertificateReconciler(frontproxy *operatorv1alpha1.FrontProxy, ro
 				},
 
 				IssuerRef: certmanagermetav1.ObjectReference{
-					Name:  resources.GetRootShardCAName(rootshard, operatorv1alpha1.ClientCA),
+					Name:  resources.GetRootShardCAName(rootShard, operatorv1alpha1.ClientCA),
 					Kind:  "Issuer",
 					Group: "cert-manager.io",
 				},
@@ -143,12 +143,12 @@ func KubeconfigCertificateReconciler(frontproxy *operatorv1alpha1.FrontProxy, ro
 	}
 }
 
-func RequestHeaderCertificateReconciler(frontproxy *operatorv1alpha1.FrontProxy, rootshard *operatorv1alpha1.RootShard) reconciling.NamedCertificateReconcilerFactory {
-	name := resources.GetFrontProxyRequestHeaderName(rootshard, frontproxy)
+func RequestHeaderCertificateReconciler(frontProxy *operatorv1alpha1.FrontProxy, rootShard *operatorv1alpha1.RootShard) reconciling.NamedCertificateReconcilerFactory {
+	name := resources.GetFrontProxyRequestHeaderName(rootShard, frontProxy)
 
 	return func() (string, reconciling.CertificateReconciler) {
 		return name, func(cert *certmanagerv1.Certificate) (*certmanagerv1.Certificate, error) {
-			cert.SetLabels(resources.GetFrontProxyResourceLabels(frontproxy))
+			cert.SetLabels(resources.GetFrontProxyResourceLabels(frontProxy))
 			cert.Spec = certmanagerv1.CertificateSpec{
 				SecretName:  name,
 				Duration:    &operatorv1alpha1.DefaultCertificateDuration,
@@ -168,7 +168,7 @@ func RequestHeaderCertificateReconciler(frontproxy *operatorv1alpha1.FrontProxy,
 				},
 
 				IssuerRef: certmanagermetav1.ObjectReference{
-					Name:  resources.GetRootShardCAName(rootshard, operatorv1alpha1.RequestHeaderClientCA),
+					Name:  resources.GetRootShardCAName(rootShard, operatorv1alpha1.RequestHeaderClientCA),
 					Kind:  "Issuer",
 					Group: "cert-manager.io",
 				},

internal/resources/frontproxy/configmap.go

@@ -26,15 +26,15 @@ import (
 	operatorv1alpha1 "github.com/kcp-dev/kcp-operator/sdk/apis/operator/v1alpha1"
 )
 
-func PathMappingConfigMapReconciler(frontproxy *operatorv1alpha1.FrontProxy, rootShard *operatorv1alpha1.RootShard) reconciling.NamedConfigMapReconcilerFactory {
-	name := resources.GetFrontProxyConfigName(frontproxy)
+func PathMappingConfigMapReconciler(frontProxy *operatorv1alpha1.FrontProxy, rootShard *operatorv1alpha1.RootShard) reconciling.NamedConfigMapReconcilerFactory {
+	name := resources.GetFrontProxyConfigName(frontProxy)
 
 	return func() (string, reconciling.ConfigMapReconciler) {
 		return name, func(cm *corev1.ConfigMap) (*corev1.ConfigMap, error) {
-			cm.SetLabels(resources.GetFrontProxyResourceLabels(frontproxy))
+			cm.SetLabels(resources.GetFrontProxyResourceLabels(frontProxy))
 
 			mappings := defaultPathMappings(rootShard)
-			mappings = append(mappings, frontproxy.Spec.AdditionalPathMappings...)
+			mappings = append(mappings, frontProxy.Spec.AdditionalPathMappings...)
 			d, err := yaml.Marshal(mappings)
 			if err != nil {
 				return nil, err

internal/resources/frontproxy/deployment.go

@@ -31,25 +31,20 @@ import (
 	operatorv1alpha1 "github.com/kcp-dev/kcp-operator/sdk/apis/operator/v1alpha1"
 )
 
-const (
-	ContainerName = "kcp-front-proxy"
-)
-
-func DeploymentReconciler(frontproxy *operatorv1alpha1.FrontProxy, rootshard *operatorv1alpha1.RootShard) reconciling.NamedDeploymentReconcilerFactory {
-	image, _ := resources.GetImageSettings(frontproxy.Spec.Image)
-	args := getArgs(frontproxy)
-	name := resources.GetFrontProxyDeploymentName(frontproxy)
-
+func DeploymentReconciler(frontProxy *operatorv1alpha1.FrontProxy, rootShard *operatorv1alpha1.RootShard) reconciling.NamedDeploymentReconcilerFactory {
 	return func() (string, reconciling.DeploymentReconciler) {
-		return name, func(dep *appsv1.Deployment) (*appsv1.Deployment, error) {
-			dep.SetLabels(resources.GetFrontProxyResourceLabels(frontproxy))
+		return resources.GetFrontProxyDeploymentName(frontProxy), func(dep *appsv1.Deployment) (*appsv1.Deployment, error) {
+			dep.SetLabels(resources.GetFrontProxyResourceLabels(frontProxy))
 			dep.Spec.Selector = &v1.LabelSelector{
-				MatchLabels: resources.GetFrontProxyResourceLabels(frontproxy),
+				MatchLabels: resources.GetFrontProxyResourceLabels(frontProxy),
 			}
-			dep.Spec.Template.ObjectMeta.SetLabels(resources.GetFrontProxyResourceLabels(frontproxy))
+			dep.Spec.Template.ObjectMeta.SetLabels(resources.GetFrontProxyResourceLabels(frontProxy))
+
+			image, _ := resources.GetImageSettings(frontProxy.Spec.Image)
+			args := getArgs()
 
 			container := corev1.Container{
-				Name:    ContainerName,
+				Name:    "kcp-front-proxy",
 				Image:   image,
 				Command: []string{"/kcp-front-proxy"},
 				Args:    args,
@@ -100,21 +95,21 @@ func DeploymentReconciler(frontproxy *operatorv1alpha1.FrontProxy, rootshard *op
 
 			// front-proxy dynamic kubeconfig
 			volumes = append(volumes, corev1.Volume{
-				Name: resources.GetFrontProxyDynamicKubeconfigName(rootshard, frontproxy),
+				Name: resources.GetFrontProxyDynamicKubeconfigName(rootShard, frontProxy),
 				VolumeSource: corev1.VolumeSource{
 					Secret: &corev1.SecretVolumeSource{
-						SecretName: resources.GetFrontProxyDynamicKubeconfigName(rootshard, frontproxy),
+						SecretName: resources.GetFrontProxyDynamicKubeconfigName(rootShard, frontProxy),
 					},
 				},
 			})
 			volumeMounts = append(volumeMounts, corev1.VolumeMount{
-				Name:      resources.GetFrontProxyDynamicKubeconfigName(rootshard, frontproxy),
+				Name:      resources.GetFrontProxyDynamicKubeconfigName(rootShard, frontProxy),
 				ReadOnly:  false, // as FrontProxy writes to it to work with different shards
-				MountPath: FrontProxyBasepath + "/kubeconfig",
+				MountPath: frontProxyBasepath + "/kubeconfig",
 			})
 
 			// front-proxy kubeconfig client cert
-			kubeconfigClientCertName := resources.GetFrontProxyCertificateName(rootshard, frontproxy, operatorv1alpha1.KubeconfigCertificate)
+			kubeconfigClientCertName := resources.GetFrontProxyCertificateName(rootShard, frontProxy, operatorv1alpha1.KubeconfigCertificate)
 			volumes = append(volumes, corev1.Volume{
 				Name: kubeconfigClientCertName,
 				VolumeSource: corev1.VolumeSource{
@@ -126,41 +121,41 @@ func DeploymentReconciler(frontproxy *operatorv1alpha1.FrontProxy, rootshard *op
 			volumeMounts = append(volumeMounts, corev1.VolumeMount{
 				Name:      kubeconfigClientCertName,
 				ReadOnly:  true,
-				MountPath: FrontProxyBasepath + "/kubeconfig-client-cert",
+				MountPath: frontProxyBasepath + "/kubeconfig-client-cert",
 			})
 
 			// front-proxy service-account cert
 			volumes = append(volumes, corev1.Volume{
-				Name: resources.GetRootShardCertificateName(rootshard, operatorv1alpha1.ServiceAccountCertificate),
+				Name: resources.GetRootShardCertificateName(rootShard, operatorv1alpha1.ServiceAccountCertificate),
 				VolumeSource: corev1.VolumeSource{
 					Secret: &corev1.SecretVolumeSource{
-						SecretName: resources.GetRootShardCertificateName(rootshard, operatorv1alpha1.ServiceAccountCertificate),
+						SecretName: resources.GetRootShardCertificateName(rootShard, operatorv1alpha1.ServiceAccountCertificate),
 					},
 				},
 			})
 			volumeMounts = append(volumeMounts, corev1.VolumeMount{
-				Name:      resources.GetRootShardCertificateName(rootshard, operatorv1alpha1.ServiceAccountCertificate),
+				Name:      resources.GetRootShardCertificateName(rootShard, operatorv1alpha1.ServiceAccountCertificate),
 				ReadOnly:  true,
 				MountPath: fmt.Sprintf("/etc/kcp/tls/%s", string(operatorv1alpha1.ServiceAccountCertificate)),
 			})
 
 			// front-proxy server cert
 			volumes = append(volumes, corev1.Volume{
-				Name: resources.GetRootShardCertificateName(rootshard, operatorv1alpha1.ServerCertificate),
+				Name: resources.GetRootShardCertificateName(rootShard, operatorv1alpha1.ServerCertificate),
 				VolumeSource: corev1.VolumeSource{
 					Secret: &corev1.SecretVolumeSource{
-						SecretName: resources.GetRootShardCertificateName(rootshard, operatorv1alpha1.ServerCertificate),
+						SecretName: resources.GetRootShardCertificateName(rootShard, operatorv1alpha1.ServerCertificate),
 					},
 				},
 			})
 			volumeMounts = append(volumeMounts, corev1.VolumeMount{
-				Name:      resources.GetRootShardCertificateName(rootshard, operatorv1alpha1.ServerCertificate),
+				Name:      resources.GetRootShardCertificateName(rootShard, operatorv1alpha1.ServerCertificate),
 				ReadOnly:  true,
-				MountPath: FrontProxyBasepath + "/tls",
+				MountPath: frontProxyBasepath + "/tls",
 			})
 
 			// front-proxy requestheader client cert
-			requestHeaderClientCertName := resources.GetFrontProxyCertificateName(rootshard, frontproxy, operatorv1alpha1.RequestHeaderClientCertificate)
+			requestHeaderClientCertName := resources.GetFrontProxyCertificateName(rootShard, frontProxy, operatorv1alpha1.RequestHeaderClientCertificate)
 			volumes = append(volumes, corev1.Volume{
 				Name: requestHeaderClientCertName,
 				VolumeSource: corev1.VolumeSource{
@@ -172,11 +167,11 @@ func DeploymentReconciler(frontproxy *operatorv1alpha1.FrontProxy, rootshard *op
 			volumeMounts = append(volumeMounts, corev1.VolumeMount{
 				Name:      requestHeaderClientCertName,
 				ReadOnly:  true,
-				MountPath: FrontProxyBasepath + "/requestheader-client",
+				MountPath: frontProxyBasepath + "/requestheader-client",
 			})
 
 			// front-proxy config
-			cmName := resources.GetFrontProxyConfigName(frontproxy)
+			cmName := resources.GetFrontProxyConfigName(frontProxy)
 			volumes = append(volumes, corev1.Volume{
 				Name: cmName,
 				VolumeSource: corev1.VolumeSource{
@@ -190,11 +185,11 @@ func DeploymentReconciler(frontproxy *operatorv1alpha1.FrontProxy, rootshard *op
 			volumeMounts = append(volumeMounts, corev1.VolumeMount{
 				Name:      cmName,
 				ReadOnly:  true,
-				MountPath: FrontProxyBasepath + "/config",
+				MountPath: frontProxyBasepath + "/config",
 			})
 
 			// rootshard frontproxy client ca
-			rsClientCAName := resources.GetRootShardCAName(rootshard, operatorv1alpha1.FrontProxyClientCA)
+			rsClientCAName := resources.GetRootShardCAName(rootShard, operatorv1alpha1.FrontProxyClientCA)
 			volumes = append(volumes, corev1.Volume{
 				Name: rsClientCAName,
 				VolumeSource: corev1.VolumeSource{
@@ -206,11 +201,11 @@ func DeploymentReconciler(frontproxy *operatorv1alpha1.FrontProxy, rootshard *op
 			volumeMounts = append(volumeMounts, corev1.VolumeMount{
 				Name:      rsClientCAName,
 				ReadOnly:  true,
-				MountPath: FrontProxyBasepath + "/client-ca",
+				MountPath: frontProxyBasepath + "/client-ca",
 			})
 
 			// kcp rootshard root ca
-			rootCAName := resources.GetRootShardCAName(rootshard, operatorv1alpha1.RootCA)
+			rootCAName := resources.GetRootShardCAName(rootShard, operatorv1alpha1.RootCA)
 			volumes = append(volumes, corev1.Volume{
 				Name: rootCAName,
 				VolumeSource: corev1.VolumeSource{
@@ -222,13 +217,13 @@ func DeploymentReconciler(frontproxy *operatorv1alpha1.FrontProxy, rootshard *op
 			volumeMounts = append(volumeMounts, corev1.VolumeMount{
 				Name:      rootCAName,
 				ReadOnly:  true,
-				MountPath: KcpBasepath + "/tls/ca",
+				MountPath: kcpBasepath + "/tls/ca",
 			})
 
 			container.VolumeMounts = volumeMounts
 
-			if frontproxy.Spec.Replicas != nil {
-				dep.Spec.Replicas = frontproxy.Spec.Replicas
+			if frontProxy.Spec.Replicas != nil {
+				dep.Spec.Replicas = frontProxy.Spec.Replicas
 			} else if dep.Spec.Replicas == nil {
 				dep.Spec.Replicas = ptr.To[int32](2)
 			}
@@ -241,7 +236,7 @@ func DeploymentReconciler(frontproxy *operatorv1alpha1.FrontProxy, rootshard *op
 	}
 }
 
-func getArgs(frontproxy *operatorv1alpha1.FrontProxy) []string {
+func getArgs() []string {
 	args := []string{
 		"--secure-port=6443",
 		"--root-kubeconfig=/etc/kcp-front-proxy/kubeconfig/kubeconfig",

internal/resources/frontproxy/path.go

@@ -17,6 +17,6 @@ limitations under the License.
 package frontproxy
 
 const (
-	FrontProxyBasepath = "/etc/kcp-front-proxy"
-	KcpBasepath        = "/etc/kcp"
+	frontProxyBasepath = "/etc/kcp-front-proxy"
+	kcpBasepath        = "/etc/kcp"
 )

internal/resources/frontproxy/secrets.go

@@ -28,23 +28,23 @@ import (
 )
 
 const (
-	ClientCertPath        = FrontProxyBasepath + "/kubeconfig-client-cert"
-	ClientCertificatePath = ClientCertPath + "/tls.crt"
-	ClientKeyPath         = ClientCertPath + "/tls.key"
-	KubeconfigCAPath      = "/etc/kcp/tls/ca/tls.crt"
+	clientCertPath        = frontProxyBasepath + "/kubeconfig-client-cert"
+	clientCertificatePath = clientCertPath + "/tls.crt"
+	clientKeyPath         = clientCertPath + "/tls.key"
+	kubeconfigCAPath      = "/etc/kcp/tls/ca/tls.crt"
 )
 
-func DynamicKubeconfigSecretReconciler(frontproxy *operatorv1alpha1.FrontProxy, rootshard *operatorv1alpha1.RootShard) reconciling.NamedSecretReconcilerFactory {
+func DynamicKubeconfigSecretReconciler(frontProxy *operatorv1alpha1.FrontProxy, rootshard *operatorv1alpha1.RootShard) reconciling.NamedSecretReconcilerFactory {
 	return func() (string, reconciling.SecretReconciler) {
-		return resources.GetFrontProxyDynamicKubeconfigName(rootshard, frontproxy), func(obj *corev1.Secret) (*corev1.Secret, error) {
-			obj.SetLabels(resources.GetFrontProxyResourceLabels(frontproxy))
+		return resources.GetFrontProxyDynamicKubeconfigName(rootshard, frontProxy), func(obj *corev1.Secret) (*corev1.Secret, error) {
+			obj.SetLabels(resources.GetFrontProxyResourceLabels(frontProxy))
 
 			kubeconfig := clientcmdv1.Config{
 				Clusters: []clientcmdv1.NamedCluster{
 					{
 						Name: "system:admin",
 						Cluster: clientcmdv1.Cluster{
-							CertificateAuthority: KubeconfigCAPath,
+							CertificateAuthority: kubeconfigCAPath,
 							Server:               resources.GetRootShardBaseURL(rootshard),
 						},
 					},
@@ -63,8 +63,8 @@ func DynamicKubeconfigSecretReconciler(frontproxy *operatorv1alpha1.FrontProxy,
 					{
 						Name: "admin",
 						AuthInfo: clientcmdv1.AuthInfo{
-							ClientCertificate: ClientCertificatePath,
-							ClientKey:         ClientKeyPath,
+							ClientCertificate: clientCertificatePath,
+							ClientKey:         clientKeyPath,
 						},
 					},
 				},