fix: removes fence code on nil default transport and avoids proxy

Signed-off-by: Billy Zha <[email protected]>

Author: qweeah

pkg/credentialprovider/identity_bindings_credentials.go

@@ -65,17 +65,9 @@ type tokenResponse struct {
 // createTransport creates an HTTP transport with custom CA
 // The transport uses a custom dialer that resolves the SNI name to the configured API server IP
 func createTransport(sniName string, apiServerIP string, caPool *x509.CertPool) *http.Transport {
-	var transport *http.Transport
-	if tr, ok := http.DefaultTransport.(*http.Transport); ok {
-		transport = tr.Clone()
-	} else {
-		transport = &http.Transport{
-			ForceAttemptHTTP2:   true,
-			MaxIdleConns:        100,
-			IdleConnTimeout:     90 * time.Second,
-			TLSHandshakeTimeout: 10 * time.Second,
-		}
-	}
+	transport := http.DefaultTransport.(*http.Transport).Clone()
+	// reset Proxy to avoid using environment proxy settings
+	transport.Proxy = nil
 
 	// Custom dialer that resolves the SNI hostname to the fixed API server IP
 	transport.DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) {