Support for BoundServiceAccountTokenVolume 1hr token refresh in k8s 1.21+

[bobmacks]

What would you like to be added:
Support for BoundServiceAccountTokenVolume 1hr service account token refresh requirements for Kubernetes 1.21+

Why is this needed:
We use splunk/splunk-connect-for-kubernetes chart which uses splunk/fluentd-hec v1.2.13 by default.

Similar to feature request raised in fluent/fluent-bit and logzio/logzio-k8s and fabric8io/fluent-plugin-kubernetes_metadata_filter we are also receiving notifications from AWS indicating our EKS 1.21 cluster has enabled BoundServiceAccountTokenVolume feature by default and encountering numerous stale service account token notifications as a result.

There is an open PR from fabric8io/fluent-plugin-kubernetes_metadata_filter seeking to address this issue.

Can a similar feature be included in fluentd-hec to support hourly service account token refresh?

[vinzent]

Related to splunk/splunk-connect-for-kubernetes#768

[derek-miller-yohana]

The PR you mentioned has been closed in favor of the workaround in this PR, which is in the 2.11.1 release. I opened #251 hoping to get a release that uses that version.

[hvaghani221]

Added support in 1.3.0 release