Skip to content

fix(utils): close SSH client in GetKubeConfig#640

Merged
ArangoGutierrez merged 1 commit intoNVIDIA:mainfrom
ArangoGutierrez:fix/kubeconfig-ssh-leak
Feb 13, 2026
Merged

fix(utils): close SSH client in GetKubeConfig#640
ArangoGutierrez merged 1 commit intoNVIDIA:mainfrom
ArangoGutierrez:fix/kubeconfig-ssh-leak

Conversation

@ArangoGutierrez
Copy link
Collaborator

@ArangoGutierrez ArangoGutierrez commented Feb 12, 2026

Summary

  • Add defer func() { _ = p.Client.Close() }() after provisioner.New() in pkg/utils/kubeconfig.go
  • Fixes SSH connection leak: provisioner.New() opens an SSH connection that was never closed, leaking a TCP socket and SSH multiplexer goroutines on every call to GetKubeConfig

Audit Finding

Test plan

  • gofmt — no formatting issues
  • golangci-lint run ./... — 0 issues
  • go test -coverprofile=coverage.out ./pkg/... — all PASS
  • go build -o bin/holodeck cmd/cli/main.go — compiles
  • go mod tidy && go mod verify — no changes, all modules verified

Copilot AI review requested due to automatic review settings February 12, 2026 18:56
Copilot AI reviewed Feb 12, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes an SSH connection leak in GetKubeConfig (a utility used to fetch kubeconfig from a provisioned host) by ensuring the SSH client created by provisioner.New() is closed when the function returns.

Changes:

  • Add a defer to close p.Client after successful provisioner.New() in GetKubeConfig.

@coveralls
Copy link

coveralls commented Feb 12, 2026
edited
Loading

Pull Request Test Coverage Report for Build 21960949084

Details

  • 0 of 1 (0.0%) changed or added relevant line in 1 file are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-0.009%) to 47.492%
Changes Missing Coverage Covered Lines Changed/Added Lines %
pkg/utils/kubeconfig.go 0 1 0.0%
Totals Coverage Status
Change from base Build 21955389842: -0.009%
Covered Lines: 2500
Relevant Lines: 5264
💛 - Coveralls

@ArangoGutierrez
fix(utils): close SSH client in GetKubeConfig
26a335c 
provisioner.New() opens an SSH connection that was never closed,
leaking a TCP socket and SSH multiplexer goroutines on every call.

Audit finding NVIDIA#4 (HIGH).

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
@ArangoGutierrez ArangoGutierrez merged commit e656385 into NVIDIA:main Feb 13, 2026
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ArangoGutierrez @coveralls