import { tunnelBeta } from "https://deno.land/x/kubernetes_apis@v0.5.3/deps.ts";
const { WebsocketRestClient } = tunnelBeta;
Extension of KubeConfigRestClient, adding tunnel support via WebSocketStream. WebSockets have various limits within the Kubernetes and Deno ecosystem, but they work quite well in several situations and have good backpressure support.
-
Run Deno with
--unstable-net
to enable the required WebSocketStream API. -
For most clusters, you'll need to have Deno trust the cluster CA. Otherwise you'll get an
UnknownIssuer
error. In-cluster, you just need to pass--cert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-
Restricted for out-of-cluster use due to lack of Client Certificates. https://github.com/denoland/deno/issues/11846 Workaround of using
kubectl proxy --reject-paths=/^-$/
-
Restricted for port-forwarding due to lack of dynamic multiplexing. Every new port connection requires a new WebSocket. (TODO: find or create Kubernetes ticket to track this)
-
stdin restricted for exec/attach due to lack of EOF signal. Addressed in Kubernetes v1.29 via new
v5.channel.k8s.io
protocol. Upstream work: https://github.com/kubernetes/kubernetes/pull/119157