Closed emiran-orange closed 2 years ago
jcantrill
commented
2 years ago I don't think any of this change is required other then to bump the library and modify it to use bearer token path instead of the token directly. Not This lib depends upon https://github.com/ManageIQ/kubeclient which is where https://github.com/ManageIQ/kubeclient/pull/532 was merged in 2022-Feb-13. Actually, it looks like we could simply bump the dependency and it would already reload the bearer token from the path
jcantrill
commented
2 years ago Closing as I believe the change merged here https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter/pull/330 addresses the issue
cben
commented
2 years ago No, kubeclient only implemented token refresh on master branch, on top of faraday + http gems, which will one day be released as 5.0 (can't really commit to timing but at current rate of me rarely working on it I'd say at least couple months :disappointed:).
None of the 4.y.z releases — in fact no released version of kubeclient — have token refresh. Options if you want it soon:
v4.y branch. It uses a different rest-client gem (+ same http for watches), so it's not a trivial textual backport.
PettitWesley
commented
2 years ago Here is another way of doing it, reactively refresh the token when you get an Unauthorized error: https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter/pull/337
jcantrill
commented
2 years ago Closing in favor of https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter/pull/337
Recreate k8s client periodically. As discussed in #327 this seems a better approach than waiting for the token to expire.
NB: I couldn't reopen #326 hence this new PR (sorry for the mess)
Fixes #323