Support exec/attach/portforward in kubectl proxy
#49534
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
@kubernetes/sig-cli-pr-reviews @ncdc |
k8s-ci-robot
added
the
sig/cli
smarterclayton
force-pushed
the
separate_proxy
branch
from
fb1c155 to
1f4f1e7
Compare
k8s-github-robot
added
approved
smarterclayton
force-pushed
the
separate_proxy
branch
5 times, most recently
from
acde645 to
5ec02e0
Compare
|
@kubernetes/sig-testing-misc I don't know how to fix bazel here - that's the result of a clean hack/update-bazel on my end, and it looks correct, but can't figure out why it's broken. |
k8s-ci-robot
added
the
sig/testing
|
Yeah, that's odd. It's passing |
|
cc @monopole
You'll need to add the new package you're adding ( More details on the visibility rules and motivation in the |
|
Ah. |
smarterclayton
force-pushed
the
separate_proxy
branch
from
5ec02e0 to
92296aa
Compare
|
/retest |
pkg/kubectl/proxy/proxy_server.go
Outdated
| } | ||
|
|
||
| // NewServer creates and installs a new Server. | ||
| // It automatically registers the created Server to http.DefaultServeMux. |
There was a problem hiding this comment.
I don't think the bit about DefaultServeMux is still accurate?
There was a problem hiding this comment.
Correct, will remove
test/e2e/kubectl/kubectl.go
Outdated
| @@ -473,6 +473,43 @@ var _ = SIGDescribe("Kubectl client", func() { | |||
| } | |||
| }) | |||
|
|
|||
| It("should support exec through kubectl proxy", func() { | |||
| // Note: We are skipping local since we want to verify an apiserver with HTTPS. | |||
| // At this time local only supports plain HTTP. | |||
There was a problem hiding this comment.
I have no idea :)
|
/test pull-kubernetes-e2e-gce-etcd3 |
smarterclayton
force-pushed
the
separate_proxy
branch
from
92296aa to
29db109
Compare
|
/retest |
|
@ncdc other comments or need another reviewer? |
test/e2e/kubectl/kubectl.go
Outdated
| framework.Failf("Unexpected kubectl exec output. Wanted %q, got %q", expectedExecOutput, output) | ||
| } | ||
|
|
||
| // // Verify the proxy server logs saw the connection |
There was a problem hiding this comment.
@smarterclayton do we want to merge with this commented out?
There was a problem hiding this comment.
I need to remove this
|
@smarterclayton no other comments besides what @dims asked. I think @liggitt/@sttts should review too |
|
Applying label as noted |
smarterclayton
added
lgtm
|
/retest |
1 similar comment
|
/retest |
|
This broke sometime since my last rebase in master due to an unrelated change (pre-rebase it passes, post it fails). Looking. |
|
Broken by #47353 - my theory is a reused kubectl cache, but needs more investigation. |
|
Looks like a revert is filed! #50254 |
|
/retest |
4 similar comments
|
/retest |
|
/retest |
|
/retest |
|
/retest |
smarterclayton
added
the
lgtm
|
Reapplying label now that the other change was reverted and everything is green |
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
Automatic merge from submit-queue |
|
@smarterclayton Looks like this test has been failing on GKE. Any ideas why? @apelisse is also seeing this test failing on GCE in his new PR to introduce caching for open-api. |
Previously, the transport used by that caching approach appeared to have issues with websocket requests |
GKE is the only CI env I'm aware of that uses a tunneling dialer between the apiserver and the kubelets. It's likely related to that. |
|
@liggitt That is useful thanks. I'll go ask networking. |
|
Moving debugging conversation to #50466 |
|
@smarterclayton I start the proxy like this |
Use the UpgradeAwareProxy shared code in kubectl proxy. Provide a separate transport for those requests that does not have HTTP/2 enabled. Refactor the code to be a bit cleaner in places and to better separate changes.
Fixes #32026