ERR_TLS_CERT_ALTNAME_INVALID for socks-proxy-agent

[warjiang]

Background

I found that the client-node sdk(you can treat the sdk as another client-go sdk implementation for node), if there is a proxy-url in the kubeconfig file, client-node sdk will create agent for proxy request to kubernetes apiserver.

Problems

The feature seems not work for me, code snippet as following:

import * as k8s from '@kubernetes/client-node';


const kc = new k8s.KubeConfig();
kc.loadFromFile('path/to/local/kubeconfig')
const k8sApi = kc.makeApiClient(k8s.CoreV1Api);
k8sApi.listNamespacedPod({ namespace: "default" }).then((res) => {
  console.log(res);
});

error occured:

the root cause for the error is that, when invoke the tls.connect, the proxy-agents sdk will ignore the host information:

proxy-agents/packages/socks-proxy-agent/src/index.ts

Lines 191 to 199 in 536aaa5

	const tlsSocket = tls.connect({
	...omit(
	setServernameFromNonIpHost(opts),
	'host',
	'path',
	'port'
	),
	socket,
	});

And I try to add host field by removing the host field from omit list, like following:

It seems it works, so any explantation about omitting host field, and should we avoidding omit host field? @TooTallNate

[warjiang]

I think it's the problem of omitting host fileld, for duo tls verification, proxy-agents should not ignore the host field. If ignoring the host field, node.js seems to add host=localhost internally, which equals to setting wrong host field