Description
What happened:
Sourcing kubectl completion into shell try to login to configured kubernetes cluster.
What you expected to happen:
Loading completion commands into shells should only enable the completion feature without contacting the clusters nor parsing kubeconfig because it is not required or needed
How to reproduce it (as minimally and precisely as possible):
Scenario:
- bashrc is configured to complete kubectl commands.
hash kubectl && source <(kubectl completion bash) - Current context in kubectl is configured to login via OIDC (see example configuration below)
- You login into your Linux box and the current OIDC token has expired
In the above scenario just after logging into my desktop session a browser pop up asking me to authorize the OIDC login into kubernetes. Session does not start until the login is authorized or cancelled. Same behaviour happen if I login via a console (tty), the shell does not start waiting for OIDC session to establish.
Workaround:
Sourcing completion commands with a null configuration allow logging into desktop session without any issues. Example:
kubectl --kubeconfig /dev/null completion bash
Anything else we need to know?:
Example configuration
$ kubectl config view --minify
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://[REDACTED].eks.amazonaws.com
name: arn:aws:eks:[REDACTED]:[REDACTED]:cluster/[REDACTED]
contexts:
- context:
cluster: arn:aws:eks:[REDACTED]:[REDACTED]:cluster/[REDACTED]
namespace: [REDACTED]
user: my_user
name: my_context_name
current-context: my_context_name
kind: Config
preferences: {}
users:
- name: my_user
user:
exec:
apiVersion: client.authentication.k8s.io/v1beta1
args:
- oidc-login
- get-token
- --oidc-issuer-url=https://[REDACTED]
- --oidc-client-id=[REDACTED]
- --oidc-client-secret=[REDACTED]
- --oidc-extra-scope=openid,email,profile,groups,offline_access
command: kubectl
env: null
interactiveMode: IfAvailable
provideClusterInfo: false
Environment:
- Kubernetes client and server versions (use
kubectl version): Client Version:v1.30.9-dispatcher
$ dnf info kubectl --installed
Installed packages
Name : kubectl
Epoch : 0
Version : 509.0.0
Release : 1
Architecture : x86_64
Installed size : 348.6 MiB
Source : kubectl-509.0.0-1.src.rpm
From repository : google-cloud-cli
Summary : Command-line utility for interacting with a Kubernetes cluster
URL : https://kubernetes.io
License : Apache Software License 2.0
Description : Kubectl
Vendor : <NULL>
- OS:
$ lsb_release -a
LSB Version: :core-5.0-amd64:core-5.0-noarch
Distributor ID: Fedora
Description: Fedora release 41 (Forty One)
Release: 41
Codename: FortyOne