Kubernetes API proxy doesn't work with kubectl 1.30 for SPDY / websocket based commands (`exec`, `attach`, ...
The Kubernetes API proxy doesn't seem to work with kubectl starting with version 1.30.
It runs into a timeout. Example logs:
I0426 11:32:52.518344 47138 round_trippers.go:466] curl -v -XGET -H "User-Agent: kubectl/v1.30.0 (darwin/arm64) kubernetes/7c48c2b" -H "Accept: application/json, */*" 'https://kas.gitlab.com/k8s-proxy/api/v1/namespaces/default/pods/my-nginx'
I0426 11:32:52.869240 47138 round_trippers.go:495] HTTP Trace: DNS Lookup for kas.gitlab.com resolved to [{172.65.247.105 } {2606:4700:90:0:16ea:650c:2f4d:2c80 }]
I0426 11:32:52.874669 47138 round_trippers.go:510] HTTP Trace: Dial to tcp:172.65.247.105:443 succeed
I0426 11:32:53.396586 47138 round_trippers.go:553] GET https://kas.gitlab.com/k8s-proxy/api/v1/namespaces/default/pods/my-nginx 200 OK in 878 milliseconds
I0426 11:32:53.396614 47138 round_trippers.go:570] HTTP Statistics: DNSLookup 2 ms Dial 5 ms TLSHandshake 226 ms ServerProcessing 294 ms Duration 878 ms
I0426 11:32:53.396618 47138 round_trippers.go:577] Response Headers:
I0426 11:32:53.396622 47138 round_trippers.go:580] Cache-Control: no-cache, private
I0426 11:32:53.396625 47138 round_trippers.go:580] Content-Length: 4096
I0426 11:32:53.396626 47138 round_trippers.go:580] Gitlab-Lb: haproxy-main-40-lb-gprd
I0426 11:32:53.396628 47138 round_trippers.go:580] Gitlab-Sv: kas-gke
I0426 11:32:53.396629 47138 round_trippers.go:580] X-Kubernetes-Pf-Flowschema-Uid: 4850f2d8-0e2b-4c96-95b7-42e5de6f7269
I0426 11:32:53.396631 47138 round_trippers.go:580] X-Kubernetes-Pf-Prioritylevel-Uid: a3ee598a-6b1e-4033-8010-b387fbdfac82
I0426 11:32:53.396633 47138 round_trippers.go:580] Audit-Id: a52f5c95-c6fc-4517-90b2-11b62b8f4835
I0426 11:32:53.396652 47138 round_trippers.go:580] Content-Type: application/json
I0426 11:32:53.396656 47138 round_trippers.go:580] Date: Fri, 26 Apr 2024 09:32:53 GMT
I0426 11:32:53.396657 47138 round_trippers.go:580] Via: 2.0 gitlab-agent/v17.0.0-rc1/17a930de
I0426 11:32:53.396659 47138 round_trippers.go:580] Via: gRPC/1.0 gitlab-kas/v17.0.0-rc1/v17.0.0-rc1
I0426 11:32:53.396735 47138 request.go:1212] Response Body: {"kind":"Pod","apiVersion":"v1","metadata":{"name":"my-nginx","namespace":"default","uid":"1104d156-48fc-4b08-a49a-72ac00862291","resourceVersion":"1291503","creationTimestamp":"2024-04-26T08:13:41Z","labels":{"run":"my-nginx"},"managedFields":[{"manager":"kubectl-run","operation":"Update","apiVersion":"v1","time":"2024-04-26T08:13:41Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:labels":{".":{},"f:run":{}}},"f:spec":{"f:containers":{"k:{\"name\":\"my-nginx\"}":{".":{},"f:image":{},"f:imagePullPolicy":{},"f:name":{},"f:ports":{".":{},"k:{\"containerPort\":80,\"protocol\":\"TCP\"}":{".":{},"f:containerPort":{},"f:protocol":{}}},"f:resources":{},"f:terminationMessagePath":{},"f:terminationMessagePolicy":{}}},"f:dnsPolicy":{},"f:enableServiceLinks":{},"f:restartPolicy":{},"f:schedulerName":{},"f:securityContext":{},"f:terminationGracePeriodSeconds":{}}}},{"manager":"kubelet","operation":"Update","apiVersion":"v1","time":"2024-04-26T08:13:49Z","fieldsType":"FieldsV1","fieldsV1":{"f:status":{"f:conditions":{"k:{\"type\":\"ContainersReady\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Initialized\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:status":{},"f:type":{}},"k:{\"type\":\"PodReadyToStartContainers\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Ready\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:status":{},"f:type":{}}},"f:containerStatuses":{},"f:hostIP":{},"f:hostIPs":{},"f:phase":{},"f:podIP":{},"f:podIPs":{".":{},"k:{\"ip\":\"10.244.0.13\"}":{".":{},"f:ip":{}}},"f:startTime":{}}},"subresource":"status"}]},"spec":{"volumes":[{"name":"kube-api-access-dqjtj","projected":{"sources":[{"serviceAccountToken":{"expirationSeconds":3607,"path":"token"}},{"configMap":{"name":"kube-root-ca.crt","items":[{"key":"ca.crt","path":"ca.crt"}]}},{"downwardAPI":{"items":[{"path":"namespace","fieldRef":{"apiVersion":"v1","fieldPath":"metadata.namespace"}}]}}],"defaultMode":420}}],"containers":[{"name":"my-nginx","image":"nginx","ports":[{"containerPort":80,"protocol":"TCP"}],"resources":{},"volumeMounts":[{"name":"kube-api-access-dqjtj","readOnly":true,"mountPath":"/var/run/secrets/kubernetes.io/serviceaccount"}],"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","imagePullPolicy":"Always"}],"restartPolicy":"Always","terminationGracePeriodSeconds":30,"dnsPolicy":"ClusterFirst","serviceAccountName":"default","serviceAccount":"default","nodeName":"gitlab-agent-dev-control-plane","securityContext":{},"schedulerName":"default-scheduler","tolerations":[{"key":"node.kubernetes.io/not-ready","operator":"Exists","effect":"NoExecute","tolerationSeconds":300},{"key":"node.kubernetes.io/unreachable","operator":"Exists","effect":"NoExecute","tolerationSeconds":300}],"priority":0,"enableServiceLinks":true,"preemptionPolicy":"PreemptLowerPriority"},"status":{"phase":"Running","conditions":[{"type":"PodReadyToStartContainers","status":"True","lastProbeTime":null,"lastTransitionTime":"2024-04-26T08:13:49Z"},{"type":"Initialized","status":"True","lastProbeTime":null,"lastTransitionTime":"2024-04-26T08:13:41Z"},{"type":"Ready","status":"True","lastProbeTime":null,"lastTransitionTime":"2024-04-26T08:13:49Z"},{"type":"ContainersReady","status":"True","lastProbeTime":null,"lastTransitionTime":"2024-04-26T08:13:49Z"},{"type":"PodScheduled","status":"True","lastProbeTime":null,"lastTransitionTime":"2024-04-26T08:13:41Z"}],"hostIP":"172.18.0.2","hostIPs":[{"ip":"172.18.0.2"}],"podIP":"10.244.0.13","podIPs":[{"ip":"10.244.0.13"}],"startTime":"2024-04-26T08:13:41Z","containerStatuses":[{"name":"my-nginx","state":{"running":{"startedAt":"2024-04-26T08:13:48Z"}},"lastState":{},"ready":true,"restartCount":0,"image":"docker.io/library/nginx:latest","imageID":"docker.io/library/nginx@sha256:ed6d2c43c8fbcd3eaa44c9dab6d94cb346234476230dc1681227aa72d07181ee","containerID":"containerd://da76c734030ed193b6c5564262e1d0d6cf9c8336000f92f34f9cafb65f4999cf","started":true}],"qosClass":"BestEffort"}}
I0426 11:32:53.398208 47138 podcmd.go:88] Defaulting container name to my-nginx
I0426 11:32:53.398295 47138 round_trippers.go:466] curl -v -XGET -H "Sec-Websocket-Protocol: v5.channel.k8s.io" -H "User-Agent: kubectl/v1.30.0 (darwin/arm64) kubernetes/7c48c2b" 'https://kas.gitlab.com/k8s-proxy/api/v1/namespaces/default/pods/my-nginx/exec?command=ls&command=%2F&container=my-nginx&stderr=true&stdout=true'
I0426 11:32:53.400340 47138 round_trippers.go:495] HTTP Trace: DNS Lookup for kas.gitlab.com resolved to [{172.65.247.105 } {2606:4700:90:0:16ea:650c:2f4d:2c80 }]
I0426 11:32:53.405233 47138 round_trippers.go:510] HTTP Trace: Dial to tcp:172.65.247.105:443 succeedThis log output is from: kubectl -v11 exec my-nginx -- ls /.