kube_credentials.lock file doesn't created.

[JungBin-Eom]

When I loged in teleport with tsh login command, a lot of browser open repeatly. I think this PR(#26102) can fix my problem, but it doesn't work. The kube_credentials.lock file didn't be created.
I already updated tsh and teleport version to 13.2.3.

Expected behavior:
I hope the browser will not open automatically even if I connect to Kubernetes using openlens.

Current behavior:
When you connect to Kubernetes using openlens, sso login is done automatically, causing the browser to generate very many login pages.
And, kube_credentials.lock file doesn't created.

Bug details:

• Teleport version: 13.2.3
• Recreation steps
• Debug logs

[tigrato]

Hey @JungBin-Eom can you please identify the following:

• OS
• Your setup

Can you also collect the logs by running the following script after OpenLens opens a ton of tabs but before you log in via browser

$   tsh -d kube credentials --kube-cluster=<kube_cluster_name>  --teleport-cluster=<teleport_cluster_name> --proxy=<proxy_addr> 

We are just interested in the logs and not in the JSON written - redact it!!!

This should give me some information about the problem

[JungBin-Eom]

Hi @tigrato, thanks for your help.

The problem occured windows 10, 11 and mac os. I think all kind of OS are affected.

I installed teleport cluster in A kube cluster and teleport kube agent in B kube cluster. And I disabled auth.teleportConfig.teleport.cache.enable to false. The rest of the settings are almost identical to the default value of helm chart.

Here is my debug log.

log

2023-08-22T13:28:32+09:00 [CLIENT] INFO No teleport login given. defaulting to client\api.go:1033
2023-08-22T13:28:32+09:00 [CLIENT] INFO no host login given. defaulting to client\api.go:1043
2023-08-22T13:28:32+09:00 [CLIENT] ERRO [KEY AGENT] Unable to connect to SSH agent on socket: "". client\api.go:4293
2023-08-22T13:28:32+09:00 [TSH] DEBU Pinging the proxy to fetch listening addresses for non-web ports. tsh\tsh.go:3315
2023-08-22T13:28:32+09:00 [CLIENT] DEBU not using loopback pool for remote proxy addr: <TELEPORT_PROXY>:443 client\api.go:4252
2023-08-22T13:28:32+09:00 DEBU Attempting GET <TELEPORT_PROXY>:443/webapi/ping webclient\webclient.go:129
2023-08-22T13:28:32+09:00 [TSH] DEBU Requesting TLS cert for Kubernetes cluster "<KUBE_CLUSTER>" tsh\kube.go:725
2023-08-22T13:28:32+09:00 [CLIENT] DEBU Activating relogin on no SSH auth methods loaded, are you logged in?. client\api.go:546
2023-08-22T13:28:32+09:00 DEBU ALPN connection upgrade required for "<TELEPORT_PROXY>:443": false. client\alpn_conn_upgrade.go:95
2023-08-22T13:28:32+09:00 [CLIENT] DEBU Attempting to login with a new RSA private key. client\api.go:3636
2023-08-22T13:28:32+09:00 [CLIENT] DEBU not using loopback pool for remote proxy addr: <TELEPORT_PROXY>:443 client\api.go:4252
2023-08-22T13:28:32+09:00 [CLIENT] DEBU HTTPS client init(proxyAddr=<TELEPORT_PROXY>:443, insecure=false, extraHeaders=map[]) client\weblogin.go:308
2023-08-22T13:28:32+09:00 [CLIENT] INFO Waiting for response at: http://127.0.0.1:55924. client\redirect.go:157
If browser window does not open automatically, open it by clicking on the link:
http://127.0.0.1:55924/d1ec8821-2a97-413c-b290-48af1970cb7d
2023-08-22T13:28:34+09:00 [CLIENT] DEBU Got response from browser. client\weblogin.go:396
2023-08-22T13:28:34+09:00 [KEYSTORE] DEBU Adding known host <TELEPORT_CLUSTER> with proxy <TELEPORT_PROXY> client\trusted_certs_store.go:393
2023-08-22T13:28:34+09:00 [KEYAGENT] INFO Loading SSH key for user "<TELEPORT_USERNAME>" and cluster "<TELEPORT_CLUSTER>". client\keyagent.go:195
2023-08-22T13:28:34+09:00 [KEYSTORE] DEBU Teleport TLS certificate valid until "2023-08-22 16:28:34 +0000 UTC". client\client_store.go:106
2023-08-22T13:28:34+09:00 [KEYSTORE] DEBU Teleport TLS certificate valid until "2023-08-22 16:28:34 +0000 UTC". client\client_store.go:106
2023-08-22T13:28:34+09:00 [CLIENT] INFO Connecting to proxy=<TELEPORT_PROXY>:3023 login="-teleport-nologin-bd1e0cdd-039e-431a-b427-9e0a2e4e9f0a" client\api.go:3073
2023-08-22T13:28:34+09:00 [HTTP:PROX] DEBU No proxy set in environment, returning direct dialer. proxy\proxy.go:195
2023-08-22T13:28:34+09:00 [KEYSTORE] DEBU Teleport TLS certificate valid until "2023-08-22 16:28:34 +0000 UTC". client\client_store.go:106
2023-08-22T13:28:34+09:00 [KEYAGENT] DEBU "Checking key: ssh-rsa-cert-v01@openssh.com " client\keyagent.go:367
2023-08-22T13:28:34+09:00 [KEYAGENT] DEBU Validated host <TELEPORT_PROXY>:3023. client\keyagent.go:373
2023-08-22T13:28:34+09:00 [CLIENT] INFO Successful auth with proxy <TELEPORT_PROXY>:3023. client\api.go:3081
2023-08-22T13:28:34+09:00 [KEYSTORE] DEBU Teleport TLS certificate valid until "2023-08-22 16:28:34 +0000 UTC". client\client_store.go:106
2023-08-22T13:28:34+09:00 [CLIENT] DEBU Client is connecting to auth server on cluster "<TELEPORT_CLUSTER>". client\client.go:1286
2023-08-22T13:28:34+09:00 [KEYSTORE] DEBU Adding known host <TELEPORT_CLUSTER> with proxy <TELEPORT_PROXY> client\trusted_certs_store.go:393
2023-08-22T13:28:34+09:00 [CLIENT] DEBU Device Trust: skipping device authentication, device trust disabled client\api.go:3376
2023-08-22T13:28:34+09:00 [KEYSTORE] DEBU Teleport TLS certificate valid until "2023-08-22 16:28:34 +0000 UTC". client\client_store.go:106
2023-08-22T13:28:34+09:00 [KEYSTORE] DEBU Teleport TLS certificate valid until "2023-08-22 16:28:34 +0000 UTC". client\client_store.go:106
2023-08-22T13:28:34+09:00 [CLIENT] INFO Connecting to proxy=<TELEPORT_PROXY>:3023 login="-teleport-nologin-bd1e0cdd-039e-431a-b427-9e0a2e4e9f0a" client\api.go:3073
2023-08-22T13:28:34+09:00 [HTTP:PROX] DEBU No proxy set in environment, returning direct dialer. proxy\proxy.go:195
2023-08-22T13:28:34+09:00 [KEYSTORE] DEBU Teleport TLS certificate valid until "2023-08-22 16:28:34 +0000 UTC". client\client_store.go:106
2023-08-22T13:28:34+09:00 [KEYAGENT] DEBU "Checking key: ssh-rsa-cert-v01@openssh.com ." client\keyagent.go:367
2023-08-22T13:28:34+09:00 [KEYAGENT] DEBU Validated host <TELEPORT_PROXY>:3023. client\keyagent.go:373
2023-08-22T13:28:35+09:00 [CLIENT] INFO Successful auth with proxy <TELEPORT_PROXY>:3023. client\api.go:3081
2023-08-22T13:28:35+09:00 [KEYSTORE] DEBU Teleport TLS certificate valid until "2023-08-22 16:28:34 +0000 UTC". client\client_store.go:106
2023-08-22T13:28:35+09:00 [CLIENT] DEBU Client is connecting to auth server on cluster "<TELEPORT_CLUSTER>". client\client.go:1286
2023-08-22T13:28:35+09:00 [KEYSTORE] DEBU Reading certificates from path "C:\Users\\.tsh\keys\<TELEPORT_PROXY>\<TELEPORT_USERNAME>-ssh\<TELEPORT_CLUSTER>-cert.pub". client\keystore.go:354
2023-08-22T13:28:35+09:00 [KEYSTORE] DEBU Teleport TLS certificate valid until "2023-08-22 16:28:34 +0000 UTC". client\client_store.go:106
2023-08-22T13:28:35+09:00 [CLIENT] DEBU MFA not required for access. client\client.go:507
2023-08-22T13:28:35+09:00 [KEYSTORE] DEBU Reading certificates from path "C:\Users\\.tsh\keys\<TELEPORT_PROXY>\<TELEPORT_USERNAME>-ssh\<TELEPORT_CLUSTER>-cert.pub". client\keystore.go:354
2023-08-22T13:28:35+09:00 [KEYSTORE] DEBU Teleport TLS certificate valid until "2023-08-22 16:28:34 +0000 UTC". client\client_store.go:106
2023-08-22T13:28:35+09:00 [KEYSTORE] DEBU Teleport TLS certificate valid until "2023-08-22 16:28:34 +0000 UTC". client\client_store.go:106
2023-08-22T13:28:35+09:00 [TSH] DEBU Got TLS cert for Kubernetes cluster "<KUBE_CLUSTER>" tsh\kube.go:822
2023-08-22T13:28:35+09:00 [KEYSTORE] DEBU Teleport TLS certificate valid until "2023-08-22 16:28:34 +0000 UTC". client\client_store.go:106
2023-08-22T13:28:35+09:00 [KEYSTORE] DEBU Adding known host <TELEPORT_CLUSTER> with proxy <TELEPORT_PROXY> client\trusted_certs_store.go:393

[JungBin-Eom]

Should I run tsh kube credentials command before login the kube cluster(tsh kube ls, tsh kube login)?

[tigrato]

Why did you disabled cache?

[JungBin-Eom]

https://goteleport.slack.com/archives/CEZH6UL64/p1686118244335969

I had an issue on application service.