[bug] Pod exec/attach fails silently in case of errors

Question

[bug] Pod exec/attach fails silently in case of errors

Martin-4Spaces opened this issue 3 years ago · 8 comments

When calling pod exec https://php-k8s.renoki.org/resources/workloads/pod#pod-exec with KubernetesCluster::fromKubeConfigYamlFile it works fine.
But when authenticating with KubernetesCluster::inClusterConfiguration() it does not work. No errors. Just no connection established and therefore no messages returned.
All other api endpoints works fine with in-cluster authentication.

The pod service account has the following Cluster Role rules:

rules:
  - apiGroups: ["", "batch", "cert-manager.io", "extensions", "apps", "networking.k8s.io"]
    resources:
      - pods
      - jobs
      - pods/log
      - pods/exec
      - pods/attach
      - certificates
      - cronjobs
      - persistentvolumes
      - persistentvolumeclaims
      - deployments
      - services
      - ingresses
      - namespaces
    verbs:
      - get
      - list
      - create
      - delete
      - patch

As far as I understand the pods/exec and get verb should be sufficient.
I hope anyone can help me figure this one out.. Thank you. Can anyone else establish a web socket connection when using in-cluster authentication?

Answer 1 · 2022-01-03T15:12:03.000Z

I got it to work by using the remote cluster url
KubernetesCluster::inClusterConfiguration('https://<CLUSTER_URL>:6443');
Still, I want to point out that all other api endpoints that I've tried, worked with default url. Only web sockets doesn't work.

Answer 2 · 2022-01-03T15:19:30.000Z

I must have configured something wrong. Let me investigate.

Answer 3 · 2022-02-08T11:08:52.000Z

This issue has been automatically closed because it has not had any recent activity. 😨

Answer 4 · 2022-02-08T18:25:26.000Z

A big shift in priorities and forgot about it. I'm keeping it as a priority in my notifications to investigate on it asap. I apologize for the delay. 😨

Answer 5 · 2022-03-16T03:37:58.000Z

This issue has been automatically closed because it has not had any recent activity. 😨

Answer 6 · 2022-05-13T09:29:23.000Z

@rennokki Is it possible to reopen this issue?

Answer 7 · 2022-05-31T17:29:08.000Z

First, @rennokki, thanks for a great library.

Second, this would be good to reopen - I've had this exact issue and spent a little time digging into it.

If I'm reading this right, I think the only issue that we're seeing with php-k8s is the fact that it's failing silently - the real problem seems to be upstream with DNS resolution in https://github.com/reactphp/dns - basically (as @Martin-4Spaces's messages suggest) there's something about in cluster name resolution of kubernetes.default.svc for AAAA records that's breaking.

My own solution was to new up the cluster object like so: KubernetesCluster::inClusterConfiguration("https://kubernetes.default.svc.cluster.local"), the DNS entry of which actually does resolve.

So, yeah, it might be an issue with Reactphp/dns - but it would be good for this library not to fail silently.

Answer 8 · 2022-12-23T20:47:07.000Z

This issue has been automatically closed because it has not had any recent activity. 😨