You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is because K8s had some change for service account token renew
Since k8s 1.21, service account tokens have an lifespan of one hour (short-lived & rotation). The token expiration is 365 days actually.
I am wondering for GO client code with watch client? watch client will renew the token? or get 401 to renew the token?
The text was updated successfully, but these errors were encountered:
As long as the token on disk is refreshed at least a minute prior to expiration (which the kubelet automatically handles for tokens injected into pods), the client re-reads a refreshed token and starts using it for requests without being interrupted.
Requests are only authenticated when they are initialized, so if a single request lives longer than the token lifetime (like a watch request), the token expiration does not cause any issues.
We are using Go Kubernetes client . Recently we have some token expiration issue for some deployment running for more than 1 years.
Calico issue: projectcalico/calico#5910
Java-client issue: fabric8io/kubernetes-client#4264
This is because K8s had some change for service account token renew
Since k8s 1.21, service account tokens have an lifespan of one hour (short-lived & rotation). The token expiration is 365 days actually.
I am wondering for GO client code with watch client? watch client will renew the token? or get 401 to renew the token?
The text was updated successfully, but these errors were encountered: