Stderr overwrites fullscreen app if logging in with kubelogin and "--logtostderr=false" does not seem to help

[tonur]

Describe the issue

I am trying to connect to a Kubernetes cluster from within a VM. This location causes a bit of disruption for the kubelogin, as it prints out the following stderr content when I am in a fullscreen terminal app (Such as K9s):

error: XDG RUNTIME DIR is invalid of not set in the environment.
error: XDG_RUNTIME_DIR is invalid or not set in the environment.
Warning: EGL_EXT_create_context_robustness must be supported
at Create (../../third_party/dawn/src/dawn/native/opengl/ContextEGL.cpp:66)
at Create (../../third_party/dawn/src/dawn/native/opengl/PhysicalDeviceGL.cpp:76)

The error is not that important, the reason for creating this issue is that there exists a flag in the --help menu, that I wanted to use:

It is regarding the "--logtostderr" that I wanted to set to false, as shown in this .kube/config file:

apiVersion: v1
kind: Config
clusters:
- cluster:
    certificate-authority-data: "..."
    server: https://127.0.0.1:8443
  name: my-cluster
contexts:
- context:
    cluster: my-cluster
    user: oidc-my-user
  name: my-cluster
current-context: my-cluster
preferences: {}
users:
  - name: oidc-my-user
    users:
      exec:
        apiVersion:
        args:
          - oidc-login
          - get-token
          - --oidc-isser-url=https://127.0.0.1
          - -- oidc-client-id=kubelogin-my-user
          - --oidc-use-pkce
          - --logtostderr=false
          - --log-dir=/tmp/kubelogin-errors/
        command: kubectl

Where I would expect: --logtostderr=false and --log-dir=/tmp/kubelogin-errors/ to have an impact, but as far as I can see in the source code, there are nowhere that kubelogin uses these input variables, fx if you look at

kubelogin/pkg/cmd/get_token.go

Lines 28 to 39 in 97b0a20

	func (o *getTokenOptions) addFlags(f *pflag.FlagSet) {
	f.StringVar(&o.IssuerURL, "oidc-issuer-url", "", "Issuer URL of the provider (mandatory)")
	f.StringVar(&o.ClientID, "oidc-client-id", "", "Client ID of the provider (mandatory)")
	f.StringVar(&o.ClientSecret, "oidc-client-secret", "", "Client secret of the provider")
	f.StringSliceVar(&o.ExtraScopes, "oidc-extra-scope", nil, "Scopes to request to the provider")
	f.BoolVar(&o.UsePKCE, "oidc-use-pkce", false, "Force PKCE usage")
	f.BoolVar(&o.UseAccessToken, "oidc-use-access-token", false, "Instead of using the id_token, use the access_token to authenticate to Kubernetes")
	f.StringVar(&o.TokenCacheDir, "token-cache-dir", defaultTokenCacheDir, "Path to a directory for token cache")
	f.BoolVar(&o.ForceRefresh, "force-refresh", false, "If set, refresh the ID token regardless of its expiration time")
	o.tlsOptions.addFlags(f)
	o.authenticationOptions.addFlags(f)
	}

In the issue that introduced these, it was mentioned that these flags was added because they are kubectl specific flags, but then it would perhaps be good with the message "Kubectl Global Flags" instead of just "Global Flags", as this currently give the impression that these flags also work with kubelogin: #63

Is there no intention of using these flags to avoid having stderrs pollute a given fullscreen terminal command using "kubectl" (and in turn use kubelogin for authentication)?

To reproduce

1. Have a kube config file such as the one showed above, placed at "$HOME/.kube/config", that uses exec with the kubectl oidc-login command
2. Have the following variable exported: export KUBECONFIG="$HOME/.kube/config"
3. Use k9s to launch that app, which reads the kube config and logs in with a browser via kubelogin
4. Wait for 90 seconds for the stderrs to begin flooding the screen

Your environment

• OS: Debian Bookworm
• kubelogin version: v1.29
• kubectl version: v1.28.3
• OpenID Connect provider: N/A