Does not work with kubelogin

[jordanrinke]

Attempting to use kuberlr with a cluster that is configured for OIDC login with kubelogin produces non stop errors W0705 17:53:09.023969 65547 transport.go:243] Unable to cancel request for *exec.roundTripper

[jordanrinke]

Similar mentions here rancher-sandbox/rancher-desktop#1308 and here int128/kubelogin#831

[hanlaur]

In my case, I observed thousands of kubectl oidc-login processes being spawned, freezing the terminal.

If I interpret what I am seeing right, kuberlr causes "infinite recursion" when oidc-login is used. kuberlr tries to determine target cluster version first to decide on right kubectl version. To do that, it authenticates with k8s API. The authentication obeys settings from $HOME/.kube/config. In case of oidc-login, authentication causes invocation of kubectl oidc-login, and the recursion is ready.

Example of $HOME/.kube/config:

users:
- name: oidcuser
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
      - oidc-login
      - get-token
      - --oidc-issuer-url=https://xxxx
      - --oidc-client-id=xxx
      - --oidc-extra-scope=email
      command: kubectl
      env: null
      interactiveMode: IfAvailable
      provideClusterInfo: false

It seems possible to workaround the issue by modifying the config to invoke kubectl-oidc_login directly, instead of kubectl oidc-login, OR by changing the command: to have explicit path pointing to a "real" kubectl.

But it would be great if kuberlr was enhanced to detect and avoid the recursion.

[aimarjs]

I'm having the same issue. I'm trying to set up ODI with AWS and Keycloak. Trying to connect with kids will create a bunch of Kuberlr processes until the terminal crashes. Is there a fix for it?

[farcop]

The same!
Unable to use kuberlr because of this issue.