From 90040bdf3b8d93e1ce0543e7cb42b6b5a27c6cab Mon Sep 17 00:00:00 2001
From: clux <sszynrae@gmail.com>
Date: Fri, 8 Sep 2023 00:25:51 +0100
Subject: [PATCH] also force TlsRequired when cluster_url is https scheme

Signed-off-by: clux <sszynrae@gmail.com>
---
 kube-client/src/client/builder.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kube-client/src/client/builder.rs b/kube-client/src/client/builder.rs
index 4dfd59255..bfaa945c5 100644
--- a/kube-client/src/client/builder.rs
+++ b/kube-client/src/client/builder.rs
@@ -88,8 +88,8 @@ impl TryFrom<Config> for ClientBuilder<BoxService<Request<hyper::Body>, Response
             #[cfg(all(not(feature = "rustls-tls"), feature = "openssl-tls"))]
             let connector = config.openssl_https_connector_with_connector(connector)?;
             #[cfg(all(not(feature = "rustls-tls"), not(feature = "openssl-tls")))]
-            if auth_layer.is_none() {
-                // no tls stack situation only works on anonymous auth
+            if auth_layer.is_none() || config.cluster_url.scheme() == Some(&http::uri::Scheme::HTTPS) {
+                // no tls stack situation only works on anonymous auth with http scheme
                 return Err(Error::TlsRequired);
             }