We use kubelogin to authenticate to our kubernetes clusters. However when I run a simple kubecl command (e.g. kubectl get config maps) from inside a VSCode devcontainer (i.e. inside a docker container) kubelogin tries to do its thing and fails with
Error: failed to authenticate: InteractiveBrowserCredential: exec: "xdg-open,x-www-browser,www-browser": executable file not found in $PATH E0516 09:56:47.195120 1838 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get "https://redacted/api?timeout=32s": getting credentials: exec: executable kubelogin failed with exit code 1"
It seems from the error message that its looking for a browser, which obviously does not exist inside a container.
VSCode devcontainers usually handles situations like this by launching a browser on the host and opening a port so that after authentication the response is redirected back to the executable inside the container. This doesn't seem to be happening with kubelogin though.
Can anyone advise how to fix this? Does kubelogin have a flow which doesn't involve a browser?
I figured this out. Interactive mode (I.e. using a browser) can be disabled by setting environment variable AAD_LOGIN_METHOD=device_code
This will instead use a flow that invites the user to open the URL, and thus works from a devcontainer.
Add
"AAD_LOGIN_METHOD": "device_code"’
To the containerEnv section of your devcontainer.json