unable to configure https_proxy

[Masber]

Current and expected behavior

expected behaviour:
according to changelog 0.72.0:

Support lowercase http_proxy & https_proxy evars by @DevineLiu in #892

I would expect to be able to access my kubeapi through a socks5 proxy like this https_proxy=socks5h://localhost:1080 cargo run

current behaviour:
I don't see any log trace using the http proxy and the client times out trying to reach the server

Possible solution

No response

Additional context

dependencies

kube = { version = "0.74.0", features = ["runtime", "derive"] }
k8s-openapi = { version = "0.15.0", features = ["v1_24"] }

example code

use k8s_openapi::api::batch::v1::Job;
use kube::{
    api::{Api, DeleteParams, PostParams},
    runtime::wait::{await_condition, conditions},
    Client,
};

#[tokio::main]
async fn main() -> core::result::Result<(), Box<dyn std::error::Error>> {

    env_logger::init();

    let client = Client::try_default().await?;
    let jobs: Api<Job> = Api::default_namespaced(client);

    let params = kube::api::ListParams::default();
    jobs.list(&params).await?;

    Ok(())
}

run the app:

https_proxy=socks5h://localhost:1080 cargo run

logs

[2022-09-19T19:06:47Z DEBUG kube_client::client::builder] HTTP; http.method=GET http.url=https://10.252.1.12:6442/apis/batch/v1/namespaces/default/jobs? otel.name="list" otel.kind="client"
[2022-09-19T19:06:47Z TRACE tracing::span::active] -> HTTP;
[2022-09-19T19:06:47Z DEBUG kube_client::client::builder] requesting
[2022-09-19T19:06:47Z TRACE tracing::span::active] <- HTTP;
[2022-09-19T19:06:47Z TRACE tower::buffer::worker] returning response future
[2022-09-19T19:06:47Z TRACE tower::buffer::worker] worker polling for next message
[2022-09-19T19:06:47Z TRACE tracing::span::active] -> HTTP;
[2022-09-19T19:06:47Z TRACE hyper::client::pool] checkout waiting for idle connection: ("https", 10.252.1.12:6442)
[2022-09-19T19:06:47Z TRACE hyper::client::connect::http] Http::connect; scheme=Some("https"), host=Some("10.252.1.12"), port=Some(Port(6442))
[2022-09-19T19:06:47Z DEBUG hyper::client::connect::http] connecting to 10.252.1.12:6442
[2022-09-19T19:06:47Z TRACE mio::poll] registering event source with poller: token=Token(50331649), interests=READABLE | WRITABLE
[2022-09-19T19:06:47Z TRACE tracing::span::active] <- HTTP;
[2022-09-19T19:08:57Z TRACE tracing::span::active] -> HTTP;
[2022-09-19T19:08:57Z TRACE mio::poll] deregistering event source from poller
[2022-09-19T19:08:57Z TRACE hyper::client::connect::http] connect error for 10.252.1.12:6442: ConnectError("tcp connect error", Os { code: 110, kind: TimedOut, message: "Connection timed out" })
[2022-09-19T19:08:57Z TRACE hyper::client::pool] checkout dropped for ("https", 10.252.1.12:6442)
[2022-09-19T19:08:57Z DEBUG kube_client::client::builder] HTTP; otel.status_code="ERROR"
[2022-09-19T19:08:57Z ERROR kube_client::client::builder] failed with error error trying to connect: tcp connect error: Connection timed out (os error 110)
[2022-09-19T19:08:57Z TRACE tracing::span::active] <- HTTP;
[2022-09-19T19:08:57Z TRACE tracing::span] -- HTTP;
[2022-09-19T19:08:57Z TRACE tower::buffer::worker] worker polling for next message
[2022-09-19T19:08:57Z TRACE tower::buffer::worker] buffer already closed
[2022-09-19T19:08:57Z TRACE mio::poll] deregistering event source from poller
Error: HyperError(hyper::Error(Connect, ConnectError("tcp connect error", Os { code: 110, kind: TimedOut, message: "Connection timed out" })))

I can reach the kubeapi through the proxy using curl

curl -k -x socks5h://localhost:1080 https://10.252.1.12:6442/apis/batch/v1/namespaces/default/jobs
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
    
  },
  "status": "Failure",
  "message": "jobs.batch is forbidden: User \"system:anonymous\" cannot list resource \"jobs\" in API group \"batch\" in the namespace \"default\"",
  "reason": "Forbidden",
  "details": {
    "group": "batch",
    "kind": "jobs"
  },
  "code": 403

Environment

kubectl version --short
Client Version: v1.22.1
Server Version: v1.22.5

cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.4 LTS"
NAME="Ubuntu"
VERSION="20.04.4 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.4 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

Configuration and features

kube = { version = "0.74.0", features = ["runtime", "derive"] }
k8s-openapi = { version = "0.15.0", features = ["v1_24"] }

Affected crates

kube-client

Would you like to work on fixing this bug?

No response

[Masber]

working example:

let client = if std::env::var("SOCKS5").is_ok() {
        log::debug!("SOCKS5 enabled");
        let connector = {
            let mut http = hyper::client::HttpConnector::new();
            http.enforce_http(false);
            let proxy = hyper_socks2::SocksConnector {
                proxy_addr: std::env::var("SOCKS5").unwrap().parse::<Uri>().unwrap(),
                auth: None,
                connector: http,
            };
            let mut native_tls_builder = native_tls::TlsConnector::builder();
            native_tls_builder.danger_accept_invalid_certs(true);
            native_tls_builder.danger_accept_invalid_hostnames(true);
            native_tls_builder.use_sni(false);

            let tls = tokio_native_tls::TlsConnector::from(config.native_tls_connector()?);
            hyper_tls::HttpsConnector::from((proxy, tls))
        };

        let service = tower::ServiceBuilder::new()
            .layer(config.base_uri_layer())
            .option_layer(config.auth_layer()?)
            .service(hyper::Client::builder().build(connector));

        kube::Client::new(service, config.default_namespace)
    } else {
        let https = config.openssl_https_connector()?;
        let service = tower::ServiceBuilder::new()
            .layer(config.base_uri_layer())
            .service(hyper::Client::builder().build(https));
        Client::new(service, config.default_namespace)
    }; 

[deepu105]

@clux is proxy env vars automatically picked up or is the recommendation to use a custom service as above?

[clux]

@deepu105 it's not handled automatically yet.

there's an issue in #1270 for it. @aviramha was looking into getting it handled in the client-builder (because our handling is limited to propagating the var to Config) but i'm not sure if he got anywhere with it.

[deepu105]

@clux appreciate the super quick response as always. I'll keep an eye on the ticket 🙏

[aviramha]

It's still in our team todo list, still haven't got there. Will update the original issue.