Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v15] fix k8s moderated sessions bypass with ephemeral containers #40906

Merged
merged 2 commits into from Apr 26, 2024
Merged

[v15] fix k8s moderated sessions bypass with ephemeral containers #40906

merged 2 commits into from Apr 26, 2024

Conversation

capnspacehook
Copy link
Contributor

Backports of #40792 and #40871.

changelog: properly enforce session moderation requirements when starting Kubernetes ephemeral containers

capnspacehook and others added 2 commits April 25, 2024 11:56
@capnspacehook @tigrato
fix k8s moderated sessions bypass with ephemeral containers
a3c0408 
* rebase with master

* only retrieve logs on a specific error

* fix cache test again and a linter issue

* only look for ephemeral container name when waiting for the container to start

* address feedback

* add support for other merge strategies

* handle case

* reorganize gomod

* address feedback

* fix missing patchtype

* propagate errors

* Update lib/kube/proxy/sess.go

Co-authored-by: Tiago Silva <tiago.silva@goteleport.com>

* add hint of exec process into session tracker

* address feedback

* optionally filter listed waiting conts server-side

* add TODO to test against tsh kubectl

* Revert "optionally filter listed waiting conts server-side"

This reverts commit 9a33868363e427f52bba8d95ead2bfc0d939e6e7.

* fix failing integration test, undo accidental dep update

---------

Co-authored-by: Tiago Silva <tiago.silva@goteleport.com>
@capnspacehook
fix kube ephemeral container test flakiness
164c974
@capnspacehook capnspacehook force-pushed the capnspacehook/backport/v15/40792 branch from d729afc to 164c974 Compare April 25, 2024 15:56
r0mant
r0mant approved these changes Apr 25, 2024
View reviewed changes
Copy link
Collaborator

@r0mant r0mant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@capnspacehook Let's please make sure to verify the backport (even if it was a clean one).

@capnspacehook
Copy link
Contributor Author

Manually tested and everything works correctly.

@capnspacehook capnspacehook added this pull request to the merge queue Apr 26, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Apr 26, 2024
@capnspacehook capnspacehook added this pull request to the merge queue Apr 26, 2024
Merged via the queue into branch/v15 with commit 4ba4e3f Apr 26, 2024
35 checks passed
@capnspacehook capnspacehook deleted the capnspacehook/backport/v15/40792 branch April 26, 2024 20:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@r0mant r0mant r0mant approved these changes

@tigrato tigrato tigrato approved these changes

Assignees
No one assigned
Labels
backport kubernetes-access size/lg
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@capnspacehook @r0mant @tigrato