Remove EOL adal dependency and Azure auth provider

[Copilot]

The adal library (Azure Active Directory Authentication Library) is EOL since 2021 and triggers security findings. AKS authentication now uses exec-based providers, making this code obsolete.

Changes

• setup.py: Removed adal from extras_require
• kubernetes/base/config/kube_config.py: Removed Azure auth provider implementation
  • _load_azure_token()
  • _refresh_azure_token()
  • _azure_is_expired()
  • Azure case in _load_auth_provider_token()
• kubernetes/base/config/kube_config_test.py: Removed Azure auth test coverage

Users with Azure kubeconfigs containing auth-provider: azure will need to regenerate their kubeconfig using modern exec-based authentication.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>ADAL "extras" dependency triggers security findings</issue_title>
<issue_description>What happened (please include outputs or screenshots):
Security scanning tools such as wiz detect an EOL package in anything built with the Python Kubernetes library due to it bringing in adal library as an Extra (last updated 2021).

What you expected to happen:
Migrate to MSAL or remove the dependency entirely.

How to reproduce it (as minimally and precisely as possible):
Install the kubernetes library without removing extras, verify this package is brought along.

Anything else we need to know?:
#1983 is a previously opened issue on this topic.

Environment:

• Kubernetes version (kubectl version): n/a
• OS (e.g., MacOS 10.13.6): n/a
• Python version (python --version): n/a
• Python client version (pip list | grep kubernetes): I observed it in 33.1.0, but from pypi.org it seems to still be an issue in 34.1.0
  </issue_description>

<agent_instructions>Please remove the adal dependency and related code, it's no longer needed.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

@yliaog /cc @brendandburns @brendandburns I believe this code can be removed as we have moved AKS auth to an exec based authentication provider instead of Entra tokens.

• Fixes ADAL "extras" dependency triggers security findings #2481

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[k8s-ci-robot]

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Copilot
Once this PR has been reviewed and has the lgtm label, please assign yliaog for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[brendandburns]

This looks good to me, we removed this from the Java client a while ago and there were no complaints.

[brendandburns]

/lgtm

I will defer to @yliaog for final approval