WIP Undici migration p2

[davidgamero]

node-fetch removals

• rips out node-fetch and @types/node-fetch, uses native fetch (undici) everywhere
• drops nock, migrates all test mocking to undici MockAgent
• rewrite health, log, watch to use fetch() + Readable.fromWeb() for streaming
• rename integration_test.ts → fullrequest_test.ts since it's a unit test

auth

• removes applyToFetchOptions from kubeconfig (dead after migration)
• cleans up dead tls config in applySecurityAuthentication (was set then immediately overwritten)

watch

• treat watch TimeoutError as reconnectable in informer, add exponential backoff on reconnect
• normalize timeout errors in watch.ts (fixes Node 23 mid-stream AbortError vs TimeoutError inconsistency)
• add integration test for watch

informer

• add informer reconnect integration test

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: davidgamero

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [davidgamero]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[cjihrig]

This is really great progress on modernizing the project. Thanks for working on it.

[davidgamero]

This is really great progress on modernizing the project. Thanks for working on it.

thanks! i was trying to remove nock so we can consolidate testing into undici mockagent and it snowballed

[brendandburns]

Should we be deleting this?

[davidgamero]

my reasoning is that the applyOptions call above invokes applyHTTPSOptions, which sets httpsOptions.rejectUnauthorized

this is mirrored into agentOptions below by agentOptions.rejectUnauthorized = httpsOptions.rejectUnauthorized;

servername is similarly applied in applyOptions > applyHTTPSOptions, but was missing the httpsOptions -> agentOptions conversion in this function which i've now added below along with a test calling the whole chain to assert the TLS propagation

happy to reasses my interpretation or refactor to improve readability

[brendandburns]

Does this test no longer apply?

[davidgamero]

it appears undici default keepalive is 60s which could still cause a race condition on some load balancers.

reintroduced updated test in config to keep 30s keepalive

[brendandburns]

Generally looks good, some comments on sleep() usage in one of the tests and a couple of things that I'm not sure why they were removed.

[k8s-ci-robot]

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.