Kubernetes no Auth Provider found for name "oidc" #1857
Description
What happened?
I'm trying to create a workspace in an on-prem Kubernetes cluster and I get these logs:
[09:54:49] debug No pro instance available, skipping provider upgrade check
[09:54:49] debug Acquire workspace lock...
[09:54:49] debug Acquired workspace lock...
[09:54:49] info Creating devcontainer...
[09:54:49] debug Adding ssh keys to agent, disable via 'devpod context set-options -o SSH_ADD_PRIVATE_KEYS=false'
[09:54:49] debug Inject and run command: '/Applications/DevPod.app/Contents/MacOS/devpod-cli' helper ssh-server --stdio --debug
[09:54:49] debug Execute command locally
[09:54:49] debug Attempting to create SSH client
[09:54:49] debug SSH client created
[09:54:49] debug SSH session created
[09:54:49] debug Forwarding ssh-agent using /private/tmp/com.apple.launchd.mqxDTxMKf1/Listeners
[09:54:49] info Execute SSH server command: /bin/zsh -c '/Applications/DevPod.app/Contents/MacOS/devpod-cli' agent workspace up --workspace-info '<hidden-by-me>' --debug
[09:54:50] info Use /Users/erugfra/.devpod/agent/contexts/default/workspaces/my-workspace as workspace dir
[09:54:50] debug Created logger
[09:54:50] debug Received ping from agent
[09:54:50] debug Credentials server started on port 14274...
[09:54:51] debug Incoming client connection at /
[09:54:51] debug Credentials server started...
[09:54:51] debug Create content folder /Users/erugfra/.devpod/agent/contexts/default/workspaces/my-workspace/content
[09:54:51] info Clone repository
[09:54:51] info URL: https://github.com/microsoft/vscode-remote-try-python
[09:54:51] debug Cloning into '/Users/erugfra/.devpod/agent/contexts/default/workspaces/my-workspace/content'...
[09:54:51] info Successfully cloned repository
[09:54:51] debug remote: Enumerating objects: 333, done.
remote: Total 333 (delta 0), reused 0 (delta 0), pack-reused 333 (from 1)
[09:54:51] debug Skipping configuring daemon
Receiving objects: 100% (333/333), 76.82 KiB | 15.36 MiB/s, done.
[09:54:51] debug Use Kubernetes Namespace 'xrl'
Resolving deltas: 100% (165/165), done. (0/165)
[09:54:51] debug Use Kubernetes Config '/Users/erugfra/.kube/config'
[09:54:51] debug Use Kubernetes Context 'erugfra-at-erc-k8s'
[09:54:51] info failed to create kubernetes client: no Auth Provider found for name "oidc"
[09:54:51] info devcontainer up
[09:54:51] info github.com/loft-sh/devpod/cmd/agent/workspace.(*UpCmd).Run
[09:54:51] info /Users/runner/work/devpod/devpod/cmd/agent/workspace/up.go:96
[09:54:51] info github.com/loft-sh/devpod/cmd/agent/workspace.NewUpCmd.func1
[09:54:51] info /Users/runner/work/devpod/devpod/cmd/agent/workspace/up.go:52
[09:54:51] info github.com/spf13/cobra.(*Command).execute
[09:54:51] info /Users/runner/work/devpod/devpod/vendor/github.com/spf13/cobra/command.go:985
[09:54:51] info github.com/spf13/cobra.(*Command).ExecuteC
[09:54:51] info /Users/runner/work/devpod/devpod/vendor/github.com/spf13/cobra/command.go:1117
[09:54:51] info github.com/spf13/cobra.(*Command).Execute
[09:54:51] info /Users/runner/work/devpod/devpod/vendor/github.com/spf13/cobra/command.go:1041
[09:54:51] info github.com/loft-sh/devpod/cmd.Execute
[09:54:51] info /Users/runner/work/devpod/devpod/cmd/root.go:81
[09:54:51] info main.main
[09:54:51] info /Users/runner/work/devpod/devpod/main.go:6
[09:54:51] info runtime.main
[09:54:51] info /Users/runner/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.22.6.darwin-arm64/src/runtime/proc.go:271
[09:54:51] info runtime.goexit
[09:54:51] info /Users/runner/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.22.6.darwin-arm64/src/runtime/asm_arm64.s:1222
[09:54:51] debug Connection to SSH Server closed
[09:54:51] debug Done creating devcontainer
[09:54:51] debug Done executing ssh server helper command
[09:54:52] fatal Process exited with status 1
run agent command
github.com/loft-sh/devpod/pkg/devcontainer/sshtunnel.ExecuteCommand.func2
/Users/runner/work/devpod/devpod/pkg/devcontainer/sshtunnel/sshtunnel.go:129
runtime.goexit
/Users/runner/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.22.6.darwin-arm64/src/runtime/asm_arm64.s:1222I guess the problem is the line:
[09:54:51] info failed to create kubernetes client: no Auth Provider found for name "oidc"What did you expect to happen instead?
I expected the workspace to be created, but it failed.
How can we reproduce the bug? (as minimally and precisely as possible)
My workspace.json:
{"id":"my-workspace","uid":"default-my-51bf3","provider":{"name":"kubernetes","options":{"ARCHITECTURE":{"userProvided":true},"INACTIVITY_TIMEOUT":{"userProvided":true},"KUBERNETES_CONFIG":{"value":"/Users/erugfra/.kube/config","userProvided":true},"KUBERNETES_CONTEXT":{"value":"erugfra-at-erc-k8s","userProvided":true},"KUBERNETES_NAMESPACE":{"value":"xrl","userProvided":true},"POD_TIMEOUT":{"value":"10m","userProvided":true},"STRICT_SECURITY":{"value":"false","userProvided":true},"WORKSPACE_VOLUME_MOUNT":{"userProvided":true}}},"machine":{},"ide":{"name":"none"},"source":{"gitRepository":"https://github.com/microsoft/vscode-remote-try-python"},"creationTimestamp":"2025-04-30T07:54:49Z","lastUsed":"2025-04-30T07:54:49Z","context":"default"}My provider.json:
{"name":"kubernetes","version":"v0.0.1","icon":"https://devpod.sh/assets/kubernetes.svg","home":"https://github.com/loft-sh/devpod","source":{"internal":true,"raw":"kubernetes"},"description":"DevPod on Kubernetes","optionGroups":[{"name":"Options","options":["KUBERNETES_NAMESPACE","DISK_SIZE"],"defaultVisible":true},{"name":"Kubernetes Config","options":["KUBERNETES_CONTEXT","KUBERNETES_CONFIG"]},{"name":"Advanced Options","options":["CLUSTER_ROLE","SERVICE_ACCOUNT","CREATE_NAMESPACE","INACTIVITY_TIMEOUT","STORAGE_CLASS","PVC_ACCESS_MODE","PVC_ANNOTATIONS","RESOURCES","POD_MANIFEST_TEMPLATE","NODE_SELECTOR","LABELS","DOCKERLESS_DISABLED","DOCKERLESS_IMAGE"]}],"options":{"ARCHITECTURE":{"description":"The cpu architecture to use for the workspace pod. E.g. amd64, arm64, etc.","type":"string"},"CLUSTER_ROLE":{"description":"If defined, DevPod will create a role binding for the given cluster role.","global":true},"CREATE_NAMESPACE":{"description":"If true, DevPod will try to create the namespace.","type":"boolean","global":true,"default":"true"},"DISK_SIZE":{"description":"The default size for the persistent volume to use.","global":true,"default":"10Gi"},"DOCKERLESS_DISABLED":{"description":"If dockerless should be disabled. Dockerless is the way DevPod uses to build images directly within Kubernetes. If dockerless is disabled and no image is specified, DevPod will fail instead.","global":true,"default":"false"},"DOCKERLESS_IMAGE":{"description":"The dockerless image to use.","global":true},"INACTIVITY_TIMEOUT":{"description":"If defined, will automatically stop the pod after the inactivity period. Examples: 10m, 1h"},"KUBERNETES_CONFIG":{"description":"The kubernetes config to use. E.g. /path/to/my/kube/config.yaml"},"KUBERNETES_CONTEXT":{"description":"The kubernetes context to use. E.g. my-kube-context"},"KUBERNETES_NAMESPACE":{"description":"The kubernetes namespace to use. Defaults to devpod.","default":"devpod"},"KUBERNETES_PULL_SECRETS_ENABLED":{"description":"If true, DevPod will try to use the pull secrets from the current context.","type":"boolean","global":true,"default":"true"},"LABELS":{"description":"The labels to use for the workspace pod. E.g. devpod.sh/example=value,devpod.sh/example2=value2","global":true},"NODE_SELECTOR":{"description":"The node selector to use for the workspace pod. E.g. my-label=value,my-label-2=value-2","global":true},"POD_MANIFEST_TEMPLATE":{"description":"Pod manifest template file path used as template to build the devpod pod. E.g. /path/pod_manifest.yaml. Alternatively can be an inline yaml string.","type":"multiline","global":true},"POD_TIMEOUT":{"description":"Determines how long the provider waits for the workspace pod to come up. Examples: 10m, 1h","default":"10m"},"PVC_ACCESS_MODE":{"description":"If defined, DevPod will use the given access mode to create the persistent volume claim. You will need to ensure the storage class support the given access mode!. E.g. RWO or ROX or RWX or RWOP","global":true},"PVC_ANNOTATIONS":{"description":"If defined, DevPod will use add the given annotations to the main workspace pvc","global":true},"RESOURCES":{"description":"The resources to use for the workspace container. E.g. requests.cpu=500m,limits.memory=5Gi,limits.gpu-vendor.example/example-gpu=1","global":true},"SERVICE_ACCOUNT":{"description":"If defined, DevPod will use the given service account for the dev container.","global":true},"STORAGE_CLASS":{"description":"If defined, DevPod will use the given storage class to create the persistent volume claim. You will need to ensure the storage class exists in your cluster!","global":true},"STRICT_SECURITY":{"description":"EXPERIMENTAL! Use at your own risk. Removes the default security context and merges the one from POD_MANIFEST_TEMPLATE if specified.","type":"boolean","default":"false"},"WORKSPACE_VOLUME_MOUNT":{"description":"Sets the path of the workspace volume mount. By default it is the root of your workspace source code, usually /workspaces/$WORKSPACE_ID. If you intend to create multi-repo workspaces or need additional files throughout the lifecycle of the workspace, set this option to a parent directory of the workspace mount.","type":"string"}},"agent":{"local":"true","containerInactivityTimeout":"${INACTIVITY_TIMEOUT}","exec":{},"dockerless":{"disabled":"${DOCKERLESS_DISABLED}","image":"${DOCKERLESS_IMAGE}"},"driver":"kubernetes","docker":{},"custom":{},"kubernetes":{"kubernetesContext":"${KUBERNETES_CONTEXT}","kubernetesConfig":"${KUBERNETES_CONFIG}","kubernetesNamespace":"${KUBERNETES_NAMESPACE}","podTimeout":"${POD_TIMEOUT}","kubernetesPullSecretsEnabled":"${KUBERNETES_PULL_SECRETS_ENABLED}","createNamespace":"${CREATE_NAMESPACE}","clusterRole":"${CLUSTER_ROLE}","serviceAccount":"${SERVICE_ACCOUNT}","architecture":"${ARCHITECTURE}","inactivityTimeout":"${INACTIVITY_TIMEOUT}","storageClass":"${STORAGE_CLASS}","diskSize":"${DISK_SIZE}","pvcAccessMode":"${PVC_ACCESS_MODE}","pvcAnnotations":"${PVC_ANNOTATIONS}","nodeSelector":"${NODE_SELECTOR}","resources":"${RESOURCES}","workspaceVolumeMount":"${WORKSPACE_VOLUME_MOUNT}","podManifestTemplate":"${POD_MANIFEST_TEMPLATE}","labels":"${LABELS}","strictSecurity":"${STRICT_SECURITY}"}},"exec":{"command":["\"${DEVPOD}\" helper sh -c \"${COMMAND}\""]}}
I used the quickstart example https://github.com/microsoft/vscode-remote-try-python.
Finally, this is my kube config:
...
users:
- name: erugfra
user:
auth-provider:
config:
client-id: erc-k8s-login
client-secret: <hidden-by-me>
id-token: <hidden-by-me>
idp-issuer-url: https://auth.researchcloud.internal.ericsson.com:5554/dex
refresh-token: <hidden-by-me>
name: oidcLocal Environment:
- DevPod Version: v0.6.15
- Operating System: mac
- ARCH of the OS: ARM64
DevPod Provider:
- Cloud Provider: on-prem Kubernetes
- Kubernetes Provider:
Client Version: v1.32.2
Kustomize Version: v5.5.0
Server Version: v1.30.4Anything else we need to know?
I could only find this related issue, and it seems to be something with the k8s go client related to the OpenID Connect authentication. Note also that my kube configs are filled in automatically by a custom login procedure that I can't modify.