NotificationsYou must be signed in to change notification settings
Fork3.4k
Star7.4k

fix stream bug when use ssl#2422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Jump to bottom

Open

Novelfor wants to merge1 commit intokubernetes-client:master

base:master

Choose a base branch

fromNovelfor:dev_fix_stream_bug

Open

fix stream bug when use ssl#2422

Novelfor wants to merge1 commit intokubernetes-client:masterfromNovelfor:dev_fix_stream_bug

+5 −1

Conversation

Copy link

Novelfor commentedJul 22, 2025•
edited
Loading

What type of PR is this?

/kind bug

What this PR does / why we need it:

Stream api will block data when use ssl socket.

Which issue(s) this PR fixes:

Fixes#2414

Special notes for your reviewer:

According to this documenthttps://docs.python.org/3/library/ssl.html#ssl-nonblocking, select() may lose some data, it only happen when use ssl socket

I test the code in my self-host kubernetes server

Does this PR introduce a user-facing change?

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

k8s-ci-robot added release-note-none

Denotes a PR that doesn't merit a release note.

kind/bugCategorizes issue or PR as related to a bug. labels

Jul 22, 2025

Copy link

Contributor

k8s-ci-robot commentedJul 22, 2025

[APPROVALNOTIFIER] This PR isNOT APPROVED

This pull-request has been approved by:Novelfor
Once this PR has been reviewed and has the lgtm label, please assignroycaihw for approval. For more information seethe Code Review Process.

The full list of commands accepted by this bot can be foundhere.

Needs approval from an approver in each of these files:

kubernetes/base/OWNERS

Approvers can indicate their approval by writing/approve in a comment
Approvers can cancel approval by writing/approve cancel in a comment

k8s-ci-robot requested review fromfabianvf andyliaog

July 22, 2025 12:42

Copy link

linux-foundation-easyclabot commentedJul 22, 2025•
edited
Loading

✅login: Novelfor / (764cc34)

The committers listed above are authorized under a signed CLA.

k8s-ci-robot added the cncf-cla: noIndicates the PR's author has not signed the CNCF CLA. label

Jul 22, 2025

Copy link

Contributor

k8s-ci-robot commentedJul 22, 2025

Welcome@Novelfor!

It looks like this is your first PR tokubernetes-client/python 🎉. Please refer to ourpull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment.Here is the bot commands documentation.

You can also check if kubernetes-client/python hasits own contribution guidelines.

You may want to refer to ourtesting guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow therecommended escalation practices. Also, for tips and tricks in the contribution process you may want to read theKubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

k8s-ci-robot added the size/XSDenotes a PR that changes 0-9 lines, ignoring generated files. label

Jul 22, 2025

fix stream bug when use ssl

764cc34

Novelfor force-pushed thedev_fix_stream_bug branch from598c0fc to764cc34Compare

July 23, 2025 06:01

k8s-ci-robot added cncf-cla: yesIndicates the PR's author has signed the CNCF CLA. and removed cncf-cla: noIndicates the PR's author has not signed the CNCF CLA. labels

Jul 23, 2025

Copy link

ivaradi commentedJul 30, 2025

I think this could be improved by calling poll/select only when ssl_pending is 0.

Copy link

Member

roycaihw commentedJul 30, 2025

/assign

k8s-ci-robot assignedroycaihw

Jul 30, 2025

roycaihw reviewed

Jul 30, 2025

View reviewed changes

kubernetes/base/stream/ws_client.py

		(self.sock.sock, ), (), (),timeout)

		ifr:
		ifrorssl_pending>0:

Copy link

Member

roycaihwJul 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Could you add a test?

Copy link

Author

NovelforJul 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Current e2e test has stream exec test. but i think it's not easy to find ssl blocking by current test code.

The blocking is not clearly observable in the program (if the data is sent continuously, once the next chunk is sent, it will also carry over any previously blocked data).
Setting up SSL in minikube requires additional work.
I can think about designing a reliable testing approach later, it's not easy to write a work test (current e2e casehttps://github.com/kubernetes-client/python/blob/master/kubernetes/e2e_test/test_client.py#L130 contain stream exec test, but it hard to reflect blocking). But I hope we can merge this first so that I don't have to keep using my own forked version on my cluster.

Copy link

k8s-triage-robot commentedOct 29, 2025

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

After 90d of inactivity,lifecycle/stale is applied
After 30d of inactivity sincelifecycle/stale was applied,lifecycle/rotten is applied
After 30d of inactivity sincelifecycle/rotten was applied, the PR is closed

You can: