时间戳

首页 > 解决方案 > k8s api 服务器前面的 Golang 代理挂在 kubectl delete pod 上并带有“WINDOW_UPDATE”

go - k8s api 服务器前面的 Golang 代理挂在 kubectl delete pod 上并带有“WINDOW_UPDATE”

问题描述

我正在编写一个位于 k8s api 服务器前面的基于 Golang 的 L7 代理。像这样的东西,

kubectl <----> 网关/代理 <----> AWS EKS API 服务器

在此处输入图像描述

, , ,等常用kubectl命令可以正常工作。但是,对于,卡住/挂起。get podsexecrunapplycreatekubectl delete pod <name>kubectl

通常,这些是kubectl添加watch=true标志的情况。在这种情况下,k8s 服务器不发送END_STREAM,所以我的代理卡在“读帧 WINDOW_UPDATE”中

有人见过这个吗?我正在查看client-gokubernetesrepo 以查看设置时如何kubectl处理响应watch=true。将不胜感激任何指针。

下面是我的调试日志——

2019/10/11 00:50:19 http2: decoded hpack field header field ":authority" = "myproxy.dev.net:8443"
2019/10/11 00:50:19 http2: decoded hpack field header field ":method" = "GET"
2019/10/11 00:50:19 http2: decoded hpack field header field ":path" = "/api/v1/namespaces/guestbook/pods?fieldSelector=metadata.name%3Dshell-test&resourceVersion=1313006&watch=true"
2019/10/11 00:50:19 http2: decoded hpack field header field ":scheme" = "https"
2019/10/11 00:50:19 http2: decoded hpack field header field "accept" = "application/json"
2019/10/11 00:50:19 http2: decoded hpack field header field "user-agent" = "kubectl/v1.15.2 (darwin/amd64) kubernetes/f627830"
2019/10/11 00:50:19 http2: decoded hpack field header field "authorization" = "Bearer LS<REDACTED>
2019/10/11 00:50:19 http2: decoded hpack field header field "accept-encoding" = "gzip"
2019/10/11 00:50:19 http2: server read frame HEADERS flags=END_STREAM|END_HEADERS stream=5 len=86
2019/10/11 00:50:51 http2: server encoding header ":status" = "200"
2019/10/11 00:50:51 http2: server encoding header "audit-id" = "aaa-9682-d7b95a6daa0e"
2019/10/11 00:50:51 http2: server encoding header "content-type" = "application/json"
2019/10/11 00:50:51 http2: server encoding header "date" = "Fri, 11 Oct 2019 00:50:19 GMT"
2019/10/11 00:50:51 http2: Framer 0xc0004beee0: wrote HEADERS flags=END_HEADERS stream=5 len=32
2019/10/11 00:50:51 http2: Framer 0xc0004beee0: wrote DATA stream=5 len=4096 data="{\"type\":\"MODIFIED\",\"object\":{\"kind\":\"Pod\",\"apiVersion\":\"v1\",\"metadata\":{\"name\":\"shell-test\",\"namespace\":\"guestbook\",\"selfLink\":\"/api/v1/namespaces/guestbook/pods/shell-test\",\"uid\":\"d2baa702-ebc0-11e9-06652f016772\",\"resourceVersion\":\"1313054\",\"creation" (3840 bytes omitted)
2019/10/11 00:50:51 http2: Framer 0xc0004beee0: wrote DATA stream=5 len=4096 data="0}],\"priority\":0,\"enableServiceLinks\":true},\"status\":{\"phase\":\"Running\",\"conditions\":[{\"type\":\"Initialized\",\"status\":\"True\",\"lastProbeTime\":null,\"lastTransitionTime\":\"2019-10-11T00:48:21Z\"},{\"type\":\"Ready\",\"status\":\"False\",\"lastProbeTime\":null,\"lastTransit" (3840 bytes omitted)
2019/10/11 00:50:51 http2: Framer 0xc0004beee0: read WINDOW_UPDATE stream=5 len=4 incr=6291
2019/10/11 00:50:51 http2: server read frame WINDOW_UPDATE stream=5 len=4 incr=6291

代理代码使用 Golang 编写NewSingleHostReverseProxy,它终止 TLS,修补与 k8s api 服务器的新连接。

标签: gokubernetesproxyamazon-ekskubernetes-apiserver

解决方案

推荐阅读