kubectl icon indicating copy to clipboard operation
kubectl copied to clipboard
verified publisher icon kubernetes

Add `proxy-url` command line option

Open kriswuollett opened this issue 1 year ago • 12 comments

What would you like to be added:

Add proxy-url command line option to override cluster setting in selected context config.

Why is this needed:

Golang doesn't support HTTPS_PROXY for localhost addresses as noted in #1653. Avoids the need to statically set proxy urls for each of the clusters defined in a config file.

kriswuollett avatar Sep 13 '24 07:09 kriswuollett

/assign

xyz-li avatar Sep 13 '24 09:09 xyz-li

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Dec 17 '24 02:12 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle rotten
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Jan 16 '25 02:01 k8s-triage-robot

I think you can use kubectl proxy command for this case or modify your host file from localhost to something else. Because Go probably checks the equality of localhost and using something different will enable HTTPS_PROXY env var.

I think, we'd not prefer adding flag for this;

/close

ardaguclu avatar Jan 30 '25 04:01 ardaguclu

@ardaguclu: Closing this issue.

In response to this:

I think you can use kubectl proxy command for this case or modify your host file from localhost to something else. Because Go probably checks the equality of localhost and using something different will enable HTTPS_PROXY env var.

I think, we'd not prefer adding flag for this;

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

k8s-ci-robot avatar Jan 30 '25 04:01 k8s-ci-robot

I think you can use kubectl proxy command for this case or modify your host file from localhost to something else. Because Go probably checks the equality of localhost and using something different will enable HTTPS_PROXY env var.

editing /etc/hosts is not portable / generally painful

go specifically checks for localhost hostname or loopback IP addresses previously reported in https://github.com/kubernetes/kubectl/issues/743 https://cs.opensource.google/go/x/net/+/refs/tags/v0.39.0:http/httpproxy/proxy.go;l=178-185

this only happens if you use FromEnvironment() proxy config, which we don't use in the code path where proxy-url is set in kubeconfig

if you set proxy-url in your kubeconfig, then we bypass the go stdlib behavior to ignore proxy for localhost (https://github.com/kubernetes-sigs/kind/issues/3900#issuecomment-2757706919)

it makes sense that the env would continue to use FromEnvironment, but a flag could be treated like setting it in the kubeconfig

this turns out to be annoying for testing kubectl, because kind clusters are on localhost ... https://github.com/kubernetes-sigs/kind/issues/3900

(especially because when testing there may not be a kubeconfig, there may only be --server and related flags, but there is no equivalent for the proxy-url config option)

cc @kubernetes/sig-cli-leads can we reconsider allowing --proxy-url to behave like proxy-url in config in the way that --server does?

I think this is a recurring problem for testing with proxies, some examples:

https://github.com/kubernetes/kubectl/issues/1653 https://github.com/kubernetes/kubectl/issues/743 https://github.com/kubernetes-sigs/kind/issues/3900

BenTheElder avatar Apr 25 '25 05:04 BenTheElder

Makes sense. Let's reopen this and continue discussions /reopen

ardaguclu avatar Apr 25 '25 05:04 ardaguclu

@ardaguclu: Reopened this issue.

In response to this:

Makes sense. Let's reopen this and continue discussions /reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

k8s-ci-robot avatar Apr 25 '25 05:04 k8s-ci-robot

cc @kubernetes/sig-cli-leads can we reconsider allowing --proxy-url to behave like proxy-url in config in the way that --server does?

We don't have a --proxy-url flag exposed anywhere, but it seems like a reasonable addition.

soltysh avatar May 15 '25 11:05 soltysh

/triage accepted

mpuckett159 avatar Jun 18 '25 16:06 mpuckett159

I'd like to take a crack at this

DevanOBoyle avatar Jun 25 '25 17:06 DevanOBoyle

Hi @DevanOBoyle, Are you still working on this?

I've implemented the --proxy-url flag discussed here. The implementation adds the flag to ConfigFlags and treats it like setting proxy-url in kubeconfig, which bypasses Go's FromEnvironment() limitation for localhost addresses.

@ardaguclu @soltysh @mpuckett159 Here's the small PR for review and further discussions: https://github.com/kubernetes/kubernetes/pull/133069 /assign

rushmash91 avatar Jul 19 '25 01:07 rushmash91