"kubectl exec" does not work through "kubectl proxy" #32026
Comments
bronger
changed the title
|
It's an expected behavior - by default, we don't allow to attach or exec via However, that brings an another bug: @kubernetes/sig-api-machinery do we care about this? |
|
Probably. What's the failure cause? On Tue, Sep 6, 2016 at 11:20 AM, Michal Rostecki notifications@github.com
|
|
Last time I checked, I think the code that backs On Tue, Sep 6, 2016 at 11:50 AM, Clayton Coleman notifications@github.com
|
|
We have an upgrade aware proxy in some places. If proxy isn't upgrade On Sep 6, 2016, at 12:05 PM, Andy Goldstein notifications@github.com Last time I checked, I think the code that backs On Tue, Sep 6, 2016 at 11:50 AM, Clayton Coleman notifications@github.com
— |
|
I didn't have time to debug that properly today, I'll do it tomorrow. But yes, it seems that proxy isn't upgrade aware in |
|
I think that answer is here: ReverseProxy is removing the "Upgrade" header. So, the question is still whether we care about this. If yes, it seems that we have to write our proxy from scratch... because patching Go stdlibs isn't even possible, is it? |
|
We do have our own upgrade aware proxy in-tree. I can point you to it when On Wednesday, September 7, 2016, Michal Rostecki notifications@github.com
|
|
We should already have one - @liggitt, where is that?
|
|
Nm saw Andy's response too late
|
|
We actually seem to have 2: kubernetes/pkg/apiserver/proxy.go Line 209 in b974c09 and kubernetes/pkg/registry/generic/rest/proxy.go Line 128 in b974c09 |
|
@ncdc thanks for the links. Will look at them. |
|
It seems that those two proxies may be potentially merged, but for sure one of them has to be rewritten a little bit - at least I don't see any way how to reuse them for kubectl proxy in the current shape. Looking again.. |
pwittrock
added
the
priority/backlog
|
@nhlfr @pwittrock Is there a potential timeline for this? I'd like to use Kubernetes where I work, but this is a show stopper for us. If it's not soon, could we update the documentation on services to specify that upgrades to websockets aren't supported? I was able to get most things working on kubernetes until I hit this road block. It was a nasty surprise. Thanks for getting to the bottom of this though - it seems like its been a long unsolved issue:
I was a little disheartened until I finally came across this issue where the cause seems to be known. So thank you for figuring this out, even if the solution doesn't come soon. |
|
Well, the unification and needed re-implementation of proxies may be too big change to get it done in 1.5 release. I'm going to work on this soon (in the next week). Let's assume that the worst case will be 1.6 release. |
|
I'm having issues with this developing an exec into pod feature for the UI as well since our local development environment depends on |
Before this change, kubernetes had two proxy server implementations and also used a proxy server from Go stdlib (which is not upgrade-aware). This commit aims to unify them. Fixes kubernetes#32026
|
@nhlfr any update on potential release for a fix for this? |
|
@nhlfr any progress updates on this? |
0xmichalis
added
sig/cli
smarterclayton
added
the
sig/api-machinery
|
Unifying the proxy in #48631 |
|
Fix in #49534, |
Automatic merge from submit-queue Support exec/attach/portforward in `kubectl proxy` Use the UpgradeAwareProxy shared code in kubectl proxy. Provide a separate transport for those requests that does not have HTTP/2 enabled. Refactor the code to be a bit cleaner in places and to better separate changes. Fixes #32026 ```release-note `kubectl proxy` will now correctly handle the `exec`, `attach`, and `portforward` commands. You must pass `--disable-filter` to the command in order to allow these endpoints. ```
|
In which k8s release is this supposed to go? To use 'kubectl exec' via kubectl proxy returns exit status 1. |
|
This is kubectl proxy, not kube-proxy |
|
Updated my comment. Also found the same in 1.8 changelog, "kubectl proxy now correctly handles the exec, attach, and portforward commands. You must pass --disable-filter to the command to allow these commands." Thanks. |
I use kubectl v1.3.5 and v1.2.0 in the k8s cluster. If I proxy to the cluster with
I get the following error when trying to execute a command in a container:
Other commands like
get podswork fine. The server is contacted by the poxy withhttps://kubmaster.****.de:443and a bearer token.The text was updated successfully, but these errors were encountered: