k8s 1.22 - bearer tokens from mounts needs to be refreshed

[kjetijor]

k8s 1.22 starts enforcing lifetime for the bearer tokens mounted in to the pod, this means they'll go stale after an hour, and we'll start getting rejected by the k8s api servers.

See: ManageIQ/kubeclient#530

[jcantrill]

Resolving as I believe the change merged here #330 addresses the issue and is released https://rubygems.org/gems/fluent-plugin-kubernetes_metadata_filter/versions/2.10.0

Please reopen if you determine otherwise

[cben]

As I wrote on #328, this was not addressed.

[HarleyB123]

Any updates on when this will be fixed?

[jcantrill]

@cben Based upon your original response in #328, I agree we should continue to pursue your proposed changes. Please review my code comments.

[prashil-g]

Any update on this?
I see fluentbit : fluent/fluent-bit#5445 fix shipped with 1.9.4.

[jcantrill]

Any update on this?
I see fluentbit : fluent/fluent-bit#5445 fix shipped with 1.9.4.

This is a plugin for fluentd which is completely unrelated to to fluentbit

[PettitWesley]

Here is another way of doing it, reactively refresh the token when you get an Unauthorized error: #337

[jcantrill]

Released https://rubygems.org/gems/fluent-plugin-kubernetes_metadata_filter/versions/2.11.1