jakolehm
commented
3 months ago @KarstenB thanks for the detailed report! Did you test this just with lens-k8s-proxy or was the whole Lens Desktop application involved?
Open KarstenB opened 4 months ago
jakolehm
commented
3 months ago @KarstenB thanks for the detailed report! Did you test this just with lens-k8s-proxy or was the whole Lens Desktop application involved?
KarstenB
commented
3 months ago I tried it with the whole lens desktop.
We have an nginx reverse proxy in front of our k8s clusters that is directing the tcp stream to the proper k8s api server based on the SNI. This works fine when interacting with the cluster.
However kubectl exec and port-forward doesn't work with the lens proxy. I took some time to investigate, and it turns out that the CLIENT HELLO packet of the TLS stream is missing the server_name Extension. Obviously our nginx doesn't know to which server to relay the request to if the SNI is missing. I am not quite sure why it is missing for this scenario though.
To reproduce: