Header Connection: close causes kubectl to fail exec#33050
Conversation
The header `Connection: close` causes failure in kubetl when it upgrades the connection to SPDY. The `ReadTimeout` and `WriteTimeout` are known to cause problems to Kubernetes watch streams. Fixes #33020 Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
github-actions
Bot
added
size/md
tsh
jakule
left a comment
jakule
left a comment
There was a problem hiding this comment.
Please add a test to prevent regression.
I added a test in tsh package that tests kubectl exec flow to prevent regressions |
| // runKubectlExec runs a kubectl exec command in a dummy pod. | ||
| // The mock Kubernetes API server will return the pod name and the stdin data | ||
| // written to the pod. | ||
| func runKubectlExec(t *testing.T, config *rest.Config) { |
There was a problem hiding this comment.
Is there a cheap way to replace mustGetKubePod in integration tests with doing kubectl exec? Or maybe the integration tests should do both?
There was a problem hiding this comment.
You mean downloading kubectl instead of running all this weird logic?
There was a problem hiding this comment.
No, I meant replicating what you did in tsh tests in this PR in integration tests for kube proxy. If integration tests also did exec into a container then maybe we'd have caught that sooner.
I typically also did just kubectl get po -A to verify that kube access in Connect works as expected, but I'm going to update the test plan to explicitly mention execing into a container.
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
6 participants
The header
Connection: closecauses failure in kubectl when it upgrades the connection to SPDY.The
ReadTimeoutandWriteTimeoutare known to cause problems with Kubernetes watch streams.Fixes #33020