diff --git a/plugins/filter_kubernetes/kube_conf.h b/plugins/filter_kubernetes/kube_conf.h
index f67b79516a9..81b692b70fc 100644
--- a/plugins/filter_kubernetes/kube_conf.h
+++ b/plugins/filter_kubernetes/kube_conf.h
@@ -83,6 +83,7 @@ struct flb_kube {
     int dummy_meta;
     int tls_debug;
     int tls_verify;
+    int kube_token_ttl;
     flb_sds_t meta_preload_cache_dir;
 
     /* Configuration proposed through Annotations (boolean) */
diff --git a/plugins/filter_kubernetes/kube_meta.c b/plugins/filter_kubernetes/kube_meta.c
index ec1ee0f6cc1..f2227f731d4 100644
--- a/plugins/filter_kubernetes/kube_meta.c
+++ b/plugins/filter_kubernetes/kube_meta.c
@@ -46,7 +46,6 @@
 #define FLB_KUBE_META_INIT_CONTAINER_STATUSES_KEY_LEN \
     (sizeof(FLB_KUBE_META_INIT_CONTAINER_STATUSES_KEY) - 1)
 #define FLB_KUBE_TOKEN_BUF_SIZE 8192       /* 8KB */
-#define FLB_KUBE_TOKEN_TTL 600             /* 10 minutes */
 
 static int file_to_buffer(const char *path,
                           char **out_buf, size_t *out_size)
@@ -162,17 +161,15 @@ static int get_http_auth_header(struct flb_kube *ctx)
         if (ret == -1) {
             flb_plg_warn(ctx->ins, "failed to run command %s", ctx->kube_token_command);
         }
-        ctx->kube_token_create = time(NULL);
-    } 
+    }
     else {
         ret = file_to_buffer(ctx->token_file, &tk, &tk_size);
         if (ret == -1) {
             flb_plg_warn(ctx->ins, "cannot open %s", FLB_KUBE_TOKEN);
         }
-        /* Token from token file will not expire */
-        /* Set the creation time to 0 to aviod refresh */
-        ctx->kube_token_create = 0;
+        flb_plg_info(ctx->ins, " token updated", FLB_KUBE_TOKEN);
     }
+    ctx->kube_token_create = time(NULL);
 
     /* Token */
     if (ctx->token != NULL) {
@@ -211,19 +208,17 @@ static int refresh_token_if_needed(struct flb_kube *ctx)
     int expired = 0;
     int ret;
 
-    if (ctx->kube_token_command != NULL) {
-        if (ctx->kube_token_create > 0) {
-            if (time(NULL) > ctx->kube_token_create + FLB_KUBE_TOKEN_TTL) {
-                expired = FLB_TRUE;
-            }
+    if (ctx->kube_token_create > 0) {
+        if (time(NULL) > ctx->kube_token_create + ctx->kube_token_ttl) {
+            expired = FLB_TRUE;
         }
-        
-        if (expired || ctx->kube_token_create == 0) {
-            ret = get_http_auth_header(ctx);
-            if (ret == -1) {
-                flb_plg_warn(ctx->ins, "failed to set http auth header");
-                return -1;
-            }
+    }
+
+    if (expired || ctx->kube_token_create == 0) {
+        ret = get_http_auth_header(ctx);
+        if (ret == -1) {
+            flb_plg_warn(ctx->ins, "failed to set http auth header");
+            return -1;
         }
     }
 
diff --git a/plugins/filter_kubernetes/kubernetes.c b/plugins/filter_kubernetes/kubernetes.c
index 2a8763185ff..f6568e3e4ac 100644
--- a/plugins/filter_kubernetes/kubernetes.c
+++ b/plugins/filter_kubernetes/kubernetes.c
@@ -847,6 +847,11 @@ static struct flb_config_map config_map[] = {
      0, FLB_TRUE, offsetof(struct flb_kube, kubelet_port),
      "kubelet port to connect with when using kubelet"
     },
+    {
+     FLB_CONFIG_MAP_TIME, "kube_token_ttl", "10m",
+     0, FLB_TRUE, offsetof(struct flb_kube, kube_token_ttl),
+     "kubernetes token ttl, until it is reread from the token file. Default: 10m"
+    },
     /*
      * Set TTL for K8s cached metadata 
      */