kubectl proxy when you request an api that requires http Authorization header authentication, it will not process the response correctly

[lingbohome]

kube-apiServer handles authentication using Authorization headers,whether there is a conflict with my service's use of Authorization headers to handle authentication? The following is the request message： GET /api/v1/namespaces/default/services/ddr-api:http-port/proxy/api/v1/group HTTP/1.1

Host: localhost:8001 Accept-Encoding: deflate, gzip, br, zstd Accept: application/json, text/plain, / Accept-Language: zh-CN,zh-HK;q=0.9,zh;q=0.8,en;q=0.7,en-US;q=0.6 Authorization: Basic YWRtaW46YWRtaW4= Cache-Control: no-cache Connection: keep-alive Content-Type: application/json Cookie: curpage=1; hasplmlang=int; Synyi.AuditLog.TraceId=4b4a77825a214192b2e076c20261ab7e DNT: 1 Pragma: no-cache Referer: http://localhost:8001/api/v1/namespaces/default/services/ddr-api:http-port/proxy/logs Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108", "Google Chrome";v="108" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows"

• Mark bundle as not supporting multiuse < HTTP/1.1 401 Unauthorized < Cache-Control: no-cache, private < Content-Length: 21 < Content-Type: text/plain; charset=utf-8 < Date: Tue, 10 Jan 2023 10:44:22 GMT < Server: nginx < { [21 bytes data] 100 21 100 21 0 0 564 0 --:--:-- --:--:-- --:--:-- 677HTTP/1.1 401 Unauthorized Cache-Control: no-cache, private Content-Length: 21 Content-Type: text/plain; charset=utf-8 Date: Tue, 10 Jan 2023 10:44:22 GMT Server: nginx

[k8s-ci-robot]

@lingbohome: This issue is currently awaiting triage.

SIG CLI takes a lead on issue triage for this repo, but any Kubernetes member can accept issues by applying the triage/accepted label.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[mpuckett159]

Can you provide the service that this is being caused by so we can investigate this further? /remove lifecycle/rotten

[brianpursley]

/triage needs-information

[lingbohome]

Can you provide the service that this is being caused by so we can investigate this further? /remove lifecycle/rotten @mpuckett159 So, the situation is that I am using kubectl proxy to proxy access a service within the cluster. This service requires authentication, and the authentication credentials are passed through the HTTP Authorization header. However, it seems that the credentials specified in the Authorization header are not correctly forwarded to the service. I suspect that this might be related to the authentication mechanism between kubectl proxy and the kube-apiserver, which prevents the user's authentication credentials specified in the Authorization header from being properly passed along to the service.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten