Skip to content

WebSocket connections make use of environment vars for PROXY #2321

New issue
New issue
Open
#2390
Open
WebSocket connections make use of environment vars for PROXY#2321
#2390
Assignees
p172913
Labels
help wantedDenotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.kind/bugCategorizes issue or PR as related to a bug.
@StevenBarre

Description

@StevenBarre
StevenBarre
opened on Jan 15, 2025

What happened (please include outputs or screenshots):
The regular k8s client call does not make use of the environment vars for proxies, instead expecting you to pass it explicitly to the config. However, the websocket client will make use of those, which can be confusing.

What you expected to happen:
The regular and websocket clients should behave the same.

How to reproduce it (as minimally and precisely as possible):

# Get the example pod_exec script
wget https://raw.githubusercontent.com/kubernetes-client/python/refs/heads/release-31.0/examples/pod_exec.py
# Get your kubeconfig file
cp $KUBECONFIG .
# Create a requirements file
echo "kubernetes==31.0.0" > reqirements.txt
# Fire up a python 3.12 container
podman run -it --rm --name python -v="$(pwd):/app" docker.io/python:3.12.8-bookworm bash
# in the container, copy the kube-config
mkdir /root/.kube; cp /app/config /root/.kube/
# in the container, install the requirements
pip install -r /app/reqirements.txt
# Set a invalid proxy env var
export HTTPS_PROXY=https://example.com
# Run the example script
python3 /app/pod_exec.py

The script is able to ignore the HTTPS_PROXY and check for the existence of the busybox pod, then create it. But the part that uses a websocket/stream to do the exec fails as it can't connect to the dummy proxy.

Pod busybox-test does not exist. Creating it...
Done.
Traceback (most recent call last):
  File "/usr/local/lib/python3.12/site-packages/kubernetes/stream/ws_client.py", line 528, in websocket_call
    client = WSClient(configuration, url, headers, capture_all, binary=binary)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/kubernetes/stream/ws_client.py", line 68, in __init__
    self.sock = create_websocket(configuration, url, headers)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/kubernetes/stream/ws_client.py", line 494, in create_websocket
    websocket.connect(url, **connect_opt)
  File "/usr/local/lib/python3.12/site-packages/websocket/_core.py", line 256, in connect
    self.sock, addrs = connect(
                       ^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/websocket/_http.py", line 147, in connect
    sock = _tunnel(sock, hostname, port_from_url, auth)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/websocket/_http.py", line 339, in _tunnel
    raise WebSocketProxyException(f"failed CONNECT via proxy status: {status}")
websocket._exceptions.WebSocketProxyException: failed CONNECT via proxy status: 400

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/app/pod_exec.py", line 134, in <module>
    main()
  File "/app/pod_exec.py", line 130, in main
    exec_commands(core_v1)
  File "/app/pod_exec.py", line 76, in exec_commands
    resp = stream(api_instance.connect_get_namespaced_pod_exec,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/kubernetes/stream/stream.py", line 36, in _websocket_request
    out = api_method(*args, **kwargs)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/kubernetes/client/api/core_v1_api.py", line 994, in connect_get_namespaced_pod_exec
    return self.connect_get_namespaced_pod_exec_with_http_info(name, namespace, **kwargs)  # noqa: E501
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/kubernetes/client/api/core_v1_api.py", line 1101, in connect_get_namespaced_pod_exec_with_http_info
    return self.api_client.call_api(
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/kubernetes/client/api_client.py", line 348, in call_api
    return self.__call_api(resource_path, method,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/kubernetes/client/api_client.py", line 180, in __call_api
    response_data = self.request(
                    ^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/kubernetes/stream/ws_client.py", line 538, in websocket_call
    raise ApiException(status=0, reason=str(e))
kubernetes.client.exceptions.ApiException: (0)
Reason: failed CONNECT via proxy status: 400

Anything else we need to know?:

Environment:

  • Kubernetes version (kubectl version): v1.27.16+03a907c
  • OS (e.g., MacOS 10.13.6): Debian 12
  • Python version (python --version) 3.12.8
  • Python client version (pip list | grep kubernetes) 31.0.0

Metadata

Metadata

Assignees

Labels

help wantedDenotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.kind/bugCategorizes issue or PR as related to a bug.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions