sourcing kubectl completion into shell inhibit login to desktop sessions

[gianluca-mascolo]

What happened:
Sourcing kubectl completion into shell try to login to configured kubernetes cluster.

What you expected to happen:
Loading completion commands into shells should only enable the completion feature without contacting the clusters nor parsing kubeconfig because it is not required or needed

How to reproduce it (as minimally and precisely as possible):
Scenario:

• bashrc is configured to complete kubectl commands. hash kubectl && source <(kubectl completion bash)
• Current context in kubectl is configured to login via OIDC (see example configuration below)
• You login into your Linux box and the current OIDC token has expired

In the above scenario just after logging into my desktop session a browser pop up asking me to authorize the OIDC login into kubernetes. Session does not start until the login is authorized or cancelled. Same behaviour happen if I login via a console (tty), the shell does not start waiting for OIDC session to establish.

Workaround:
Sourcing completion commands with a null configuration allow logging into desktop session without any issues. Example:
kubectl --kubeconfig /dev/null completion bash

Anything else we need to know?:
Example configuration

$ kubectl config view --minify 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://[REDACTED].eks.amazonaws.com
  name: arn:aws:eks:[REDACTED]:[REDACTED]:cluster/[REDACTED]
contexts:
- context:
    cluster: arn:aws:eks:[REDACTED]:[REDACTED]:cluster/[REDACTED]
    namespace: [REDACTED]
    user: my_user
  name: my_context_name
current-context: my_context_name
kind: Config
preferences: {}
users:
- name: my_user
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
      - oidc-login
      - get-token
      - --oidc-issuer-url=https://[REDACTED]
      - --oidc-client-id=[REDACTED]
      - --oidc-client-secret=[REDACTED]
      - --oidc-extra-scope=openid,email,profile,groups,offline_access
      command: kubectl
      env: null
      interactiveMode: IfAvailable
      provideClusterInfo: false

Environment:

• Kubernetes client and server versions (use kubectl version): Client Version: v1.30.9-dispatcher

$ dnf info kubectl --installed
Installed packages
Name            : kubectl
Epoch           : 0
Version         : 509.0.0
Release         : 1
Architecture    : x86_64
Installed size  : 348.6 MiB
Source          : kubectl-509.0.0-1.src.rpm
From repository : google-cloud-cli
Summary         : Command-line utility for interacting with a Kubernetes cluster
URL             : https://kubernetes.io
License         : Apache Software License 2.0
Description     : Kubectl
Vendor          : <NULL>

• OS:

$ lsb_release -a
LSB Version:	:core-5.0-amd64:core-5.0-noarch
Distributor ID:	Fedora
Description:	Fedora release 41 (Forty One)
Release:	41
Codename:	FortyOne

[k8s-ci-robot]

This issue is currently awaiting triage.

SIG CLI takes a lead on issue triage for this repo, but any Kubernetes member can accept issues by applying the triage/accepted label.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[mpuckett159]

/close
Duplicate, please see this other issue.
#1546 (comment)

[k8s-ci-robot]

@mpuckett159: Closing this issue.

In response to this:

/close
Duplicate, please see this other issue.
#1546 (comment)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.