Kubelogin not supported ?

[Raulster24]

Describe the bug Kube config file containing kubelogin commands does not work and throws timeout exception

Kubernetes C# SDK Client Version 11.0.44

Server Kubernetes Version 1.25.5

Dotnet Runtime Version net6

KubeConfig

kind: Config
preferences: {}
users:
- name: clusterUser*****
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
      - get-token
      - --login
      - azurecli
      - --server-id
      - *******
      command: kubelogin
      env: null
      provideClusterInfo: false

Please confirm if it is not supported, if not supported then is there any workaround without using kubectl proxy or generating token

[tg123]

kubelogin is supported may i know the details of exceptions

[Raulster24]

k8s.Exceptions.KubeConfigException HResult=0x80131500 Message=external exec failed due to uncaught exception: k8s.Exceptions.KubeConfigException: external exec failed due to timeout at k8s.KubernetesClientConfiguration.ExecuteExternalCommand(ExternalExecution config) Source=KubernetesClient StackTrace: at k8s.KubernetesClientConfiguration.ExecuteExternalCommand(ExternalExecution config) in k8s\KubernetesClientConfiguration.cs:line 481 at k8s.KubernetesClientConfiguration.SetUserDetails(K8SConfiguration k8SConfig, Context activeContext) in k8s\KubernetesClientConfiguration.cs:line 329 at k8s.KubernetesClientConfiguration.InitializeContext(K8SConfiguration k8SConfig, String currentContext) in k8s\KubernetesClientConfiguration.cs:line 201 at k8s.KubernetesClientConfiguration.GetKubernetesClientConfiguration(String currentContext, String masterUrl, K8SConfiguration k8SConfig) in k8s\KubernetesClientConfiguration.cs:line 175 at k8s.KubernetesClientConfiguration.<BuildConfigFromConfigFileAsync>d__19.MoveNext() in k8s\KubernetesClientConfiguration.cs:line 138 at k8s.KubernetesClientConfiguration.BuildDefaultConfig() in k8s\KubernetesClientConfiguration.cs:line 110 at simple.PodList.<Main>d__1.MoveNext() in C:\Users\rsrivastava\source\repos\KubernetesClient\Program.cs:line 46 at simple.PodList.<Main>(String[] args)

Do let me know in case if anything else is required, below is my code which picks up config file from the env variable

var config = KubernetesClientConfiguration.BuildDefaultConfig(); IKubernetes client = new Kubernetes(config); Console.WriteLine("Starting Request!");

[tg123]

likely kubelogin stuck for some reason, could you please check if it is waiting for stdin?

[lknite]

wanted to note that in my personal experience kubelogin can block if a web browser isn't closed right, you might want to look into pinniped

[Raulster24]

@tg123 I will check again but i don't think. @lknite Sure I will have a look For now I am using a workaround to use a config file without the kubelogin and was able to connect. Just a question, if kubectl can work with the same config file and it doesn't ask for any input then shouldn't this be same for the client too ?

[ebisso]

I also reproduced the problem and think the issue is related to the redirected StandardOutput. Because the current implementation calls WaitForExit() before StandardOutput.ReadToEnd(), I think what is happening under some circumstances is that the buffer gets full and this blocks the child process from being able to continue writing to the stream.

This would be in line with the remark mentioned in documentation for ProcessStartInfo.RedirectStandardOutput

A deadlock condition can result if the parent process calls p.WaitForExit before p.StandardOutput.ReadToEnd and the child process writes enough text to fill the redirected stream. The parent process would wait indefinitely for the child process to exit. The child process would wait indefinitely for the parent to read from the full StandardOutput stream.

[fa15073]

cannot get device code with kubelogin as well i.e. it hangs there with nothing in stdout

but kubectl works with the same config e.g.

kubectl get pods To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code

could this be the same root cause?

[fa15073]

likely kubelogin stuck for some reason, could you please check if it is waiting for stdin?

for devicelogin flow it's not waiting for stdin but the login flow the problem is it doesn't show anything in the console including the code required to complete the login flow hence the user cannot complete the login flow and it's stuck forever

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[avin3sh]

I believe my PR in https://github.com/kubernetes-client/csharp/pull/1457 should solve this issue. I was facing a different kind of problem but during the process I realized the issue listed may have got addressed as part of same fix. Since the PR is merged, would someone try it with client from main branch ?

[hdweiss]

@avin3sh the main branch fixes this issue for me.

Will 13.0.23 be release to nuget.org? Currently, the newest version is 13.0.11

[avin3sh]

I am not sure about the process of new releases flowing to nuget, may be this is something @tg123 could comment on.

[tg123]

let me push latest again, last pipeline failed

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue with /reopen
• Mark this issue as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue with /reopen
• Mark this issue as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.