snap installed kubelogin fails to resolve DNS names

[mgedmin]

I'm on Ubuntu 22.10. I installed both kubectl and kubelogin via snap install. I'm trying to connect to an Azure Kubernetes cluster. az aks get-credentials updated my ~/.kube/config to use kubelogin, but whenever I try to kubectl get pods, I get this error:

Error: failed to get token: initialing the device code authentication: autorest/adal/devicetoken: Error occurred while sending request for Device Authorization Code: Post "https://login.microsoftonline.com/9af535c0-cda2-481b-941c-43821cda329c/oauth2/devicecode": dial tcp: lookup login.microsoftonline.com on [::1]:53: dial udp [::1]:53: socket: permission denied
Error: failed to get token: initialing the device code authentication: autorest/adal/devicetoken: Error occurred while sending request for Device Authorization Code: Post "https://login.microsoftonline.com/9af535c0-cda2-481b-941c-43821cda329c/oauth2/devicecode": dial tcp: lookup login.microsoftonline.com on [::1]:53: dial udp [::1]:53: socket: permission denied
Error: failed to get token: initialing the device code authentication: autorest/adal/devicetoken: Error occurred while sending request for Device Authorization Code: Post "https://login.microsoftonline.com/9af535c0-cda2-481b-941c-43821cda329c/oauth2/devicecode": dial tcp: lookup login.microsoftonline.com on [::1]:53: dial udp [::1]:53: socket: permission denied
Error: failed to get token: initialing the device code authentication: autorest/adal/devicetoken: Error occurred while sending request for Device Authorization Code: Post "https://login.microsoftonline.com/9af535c0-cda2-481b-941c-43821cda329c/oauth2/devicecode": dial tcp: lookup login.microsoftonline.com on [::1]:53: dial udp [::1]:53: socket: permission denied
Error: failed to get token: initialing the device code authentication: autorest/adal/devicetoken: Error occurred while sending request for Device Authorization Code: Post "https://login.microsoftonline.com/9af535c0-cda2-481b-941c-43821cda329c/oauth2/devicecode": dial tcp: lookup login.microsoftonline.com on [::1]:53: dial udp [::1]:53: socket: permission denied
Unable to connect to the server: getting credentials: exec: exit status 1

Why is it trying to use [::1]? My /etc/resolv.conf has nameserver 8.8.8.8 and nameserver 1.1.1.1. I don't have anything listening on [::1]:53. I have systemd-resolved listening on 127.0.0.53:53.

(For the record, kubelogin v0.0.28 extracted from kubelogin-linux-amd64.zip and placed into ~/.local/bin/ works fine. Well. Doesn't exhibit DNS problems. It gets stuck after telling me to open a web page, but that's a different problem.)

[weinong]

the snap version runs in a sandbox environment and doesn't have access to your home directory and potentially networking. I tried to submit the change to enable home directory access but got rejected. So I'd say snap install is not fully supported

[bswabey-devops]

I'm experiencing the same problem via Snap.

Does anyone have a workaround that doesn't involve installation via homebrew (Ubuntu Server 22.04.2 LTS)?

[bswabey-devops]

I'm experiencing the same problem via Snap.

Does anyone have a workaround that doesn't involve installation via homebrew (Ubuntu Server 22.04.2 LTS)?

Should it help anyone, I removed kubelogin via Snap and my existing kubectl installation and then installed both components via:

sudo az aks install-cli

[slzmruepp]

We have the exact same issue in Azure DevOps Pipelines using service principals. We installed the snap version, first we just did a wget specific version but then we moved to a snap install in cloud-init of our private agents. All pipeline authentication blown. Snap install is certainly not recommended if you use Azure DevOps Pipelines!

[rwthompsonii]

I don't even understand why this snap is available. Is there a way to mark it as broken and not available so that innocent people don't download it thinking it works and waste hours?

[Darius-Lantern]

Would following install method not solve the issue mentioned in this issue?

snap install kubectl --classic