Open dimm0 opened 3 years ago
sbstp
commented
3 years ago Ah I see, yeah it has to be done by another session. I think that maybe I could add something to refresh the temporary kubeconfig file that I create from the original file if the original changes.
dimm0
commented
3 years ago Also if token is refreshed inside kubie first, it breaks the main one - the refresh token is already used, and main one can't refresh
sbstp
commented
3 years ago So how do you fix the problem, if the token is refreshed in the temporary kubie file, what happens to the main file? How do you fix it?
dimm0
commented
3 years ago I don't fix it now, just get a new config file with a new token..
TyBrown
commented
3 years ago This is also an issue with Client TLS Certs that are issued with short durations... our tooling issues 12hr certs for cluster-admins. Which means that if I left any Kubie sessions open in my terminal, I have to re-run kubie ctx ... to re-copy the config, otherwise I get all kinda of Kubie errors (can't auth to validate namespaces, etc).
Refreshing the KUBIE_KUBECONFIG file if the original changes would solve this problem.
When using OIDC with refresh tokens, need to restart the session to update the token (if token was updated outside of the session by another client)
To reproduce: use k8s via OIDC in kubie session and regular one. Kubie session will break once the toke is refreshed.