kubelogin icon indicating copy to clipboard operation
kubelogin copied to clipboard

Published 20 hours ago verified publisher icon int128

For user who does not have GUI

Open pbs-jyu opened this issue 9 months ago • 1 comments

Describe the question

From the demo, after we run "kubectl get " it will automatically open a browser and asking for authentication.

To reproduce

I use a Ubuntu server without GUI. Not sure how this get proceed. obviously we need to pick a OIDC provider authentication. I'm planning use Dex with Azure AD.

Your environment

  • OS: e.g. Ubuntu Server, no GUI

  • kubelogin --version kubelogin version git hash: v0.1.0/0fcd072d45250a50cde855cf50204ad2dc784095 Go version: go1.21.5 Build time: 2023-12-28T19:01:42Z Platform: linux/amd64

  • kubectl version: e.g. v1.29.13

  • OpenID Connect provider: Azure AD

pbs-jyu avatar Feb 27 '25 22:02 pbs-jyu

You want to use the paramter --grant-type device-code, which will allow the usage with headless/browserless devices. Instead you'll get a URL from your identity provider that you can copy to your webbrowser, even on a different device and authorize the access from there.

This is part of the OIDC standard. https://www.oauth.com/oauth2-servers/device-flow/ Keep in mind, this is not intended for Machine-to-Machine authentication.

SISheogorath avatar Apr 18 '25 22:04 SISheogorath

kubelogin --help

--grant-type string -> Athorization grant type to use. One of (auto|authcode|authcode-keyboard|password|device-code|client-credentials) (default "auto")

i use, --grant-type password. and it works for me.

selcuksan avatar Jul 01 '25 08:07 selcuksan