Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubelogin get-token timeout is not configurable #223

Open
Bondza opened this issue Mar 10, 2023 · 3 comments
Open

kubelogin get-token timeout is not configurable #223

Bondza opened this issue Mar 10, 2023 · 3 comments

Comments

@Bondza
Copy link

Bondza commented Mar 10, 2023

Hello,

We have a use case where we use multiple kubeconfig files configured to use kubelogin get-token --login azurecli, and these configuration files are used concurrently.

With this configuration kubelogin will call az account get-access-token. The latest release of kubelogin (v0.0.27) uses github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0, this version of azidentity hardcodes a timeout of 10 seconds when calling az.

We call kubectl concurrently with multiple different kubeconfig files configured to use kubelogin. This results in az occasionally taking longer than 10 seconds to get an access token. When this happens kubelogin fails with the following error message:

Error: failed to get token: expected an empty error but received: AzureCLICredential: signal: killed

If the timeout was configurable through a --timeout option or similar it would allow us to give az more time to retrieve the access token which might help avoiding this issue.
@VF-mbrauer
Copy link

@weinong Can you please check?

@Aricg
Copy link
Contributor

Aricg commented Nov 10, 2023
edited
Loading

Downgrading to 0.0.24 seems to have worked.

as pointed out by @Bondza signal killed source is: azure-sdk-for-go/sdk/azidentity

It looks like the value of ten seconds has been hardcoded since the first commit to azidentity

  Error: Failed to get release mongodb-operator in namespace default: exit status 1: Error: failed to get token: expected an empty error but received: AzureCLICredential: signal: killed
  Error: Kubernetes cluster unreachable: Get "[https://foo:443/version](https://foo/version)": getting credentials: exec: executable kubelogin failed with exit code 1
  Error: plugin "diff" exited with error
err 1: command "/usr/local/bin/helm" exited with non-zero status:

Feature request Azure/azure-sdk-for-go#21985

Its configurable in the python sdk

from azure.identity.aio import AzureCliCredential

# Create an AzureCliCredential with a custom timeout of 30 seconds
credential = AzureCliCredential(process_timeout=30)

https://github.com/Azure/azure-sdk-for-python/blob/ca7bc6c1ab786160c96dad4c1d1b2457001bf91c/sdk/identity/azure-identity/azure/identity/_credentials/default.py#L181

@Aricg Aricg mentioned this issue Nov 15, 2023
Closed
@Aricg
Copy link
Contributor

Aricg commented Nov 16, 2023

#362

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Aricg @Bondza @VF-mbrauer