kubeclient is vulnerable to man-in-the-middle attacks. The attacker is able to steal user credentials to the cluster via a crafted certificate because the context
function in Config
returns hard-coded VERIFY_NONE
when the custom CA is not defined.