TechQA.

Kubernetes client-go informers getting "Unauthorized" error after 15 mins

350 views Asked by At

What happened?

Kubernetes client-go informers getting unauthorized error after 15 mins.

As per Kubernetes Client Go blogs and discussion we see the client go wil refresh the token after 15 mins but it is not happening. Any way to refresh the token without stopping the informer?

`

gen, err := token.NewGenerator(false, false)
if err != nil {
    return token.Token{}, err
}


opts := &token.GetTokenOptions{
    Region:               cluster.Region,
    ClusterID:            aws.StringValue(&cluster.Name),
    AssumeRoleARN:        cluster.AssumeRoleConfig.RoleArn,
    AssumeRoleExternalID: cluster.AssumeRoleConfig.ExternalId,
    SessionName:          "testsession",
    Session:              awsSession,
}
token, err := gen.GetWithOptions(opts)
    clientConfig := &rest.Config{
    Host:        cluster.Endpoint,
    BearerToken: token.Token,
    TLSClientConfig: rest.TLSClientConfig{
        CAData: ca,
    },
}
    dynamicClient, err := dynamic.NewForConfig(clientConfig)

    factory := dynamicinformer.NewFilteredDynamicSharedInformerFactory(dynamicClient, 60*time.Minute, "", nil)  
    gvr := schema.GroupVersionResource{Group: "apps", Version: "v1 ", Resource: "deployments"}

informer := factory.ForResource(gvr).Informer()

informer.AddEventHandler(cache.ResourceEventHandlerFuncs{
    AddFunc: func(obj interface{}) {
        fmt.Println(obj)
    },

    UpdateFunc: func(old, new interface{}) {
        fmt.Println(old)
        fmt.Println(new)
    },
})

factory.Start(ctx.Done())

`

What you expected to happen?

The Kubernetes Auth Token created by aws-iam-authenticator should be refreshed automatically.

Installation tooling

other (please specify in description)

AWS IAM Authenticator server Version

AWS EKS Managed service

Client information

- OS/arch: Darwin/arm64 & Linux/amd64
- kubernetes client & version: k8s.io/client-go v0.25.2
- authenticator client & version: sigs.k8s.io/aws-iam-authenticator v0.5.9

Kubernetes API Version

Client Version: version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.0", GitCommit:"a866cbe2e5bbaa01cfd5e969aa3e033f3282a8a2", GitTreeState:"clean", BuildDate:"2022-08-23T17:36:43Z", GoVersion:"go1.19", Compiler:"gc", Platform:"darwin/arm64"} Kustomize Version: v4.5.7 Server Version: version.Info{Major:"1", Minor:"22+", GitVersion:"v1.22.15-eks-fb459a0", GitCommit:"be82fa628e60d024275efaa239bfe53a9119c2d9", GitTreeState:"clean", BuildDate:"2022-10-24T20:33:23Z", GoVersion:"go1.16.15", Compiler:"gc", Platform:"linux/amd64"} WARNING: version difference between client (1.25) and server (1.22) exceeds the supported minor version skew of +/-1

kubernetes amazon-eks client-go aws-iam-authenticator
Original Q&A
0

There are 0 answers

Related Questions in KUBERNETES

Related Questions in AMAZON-EKS

Related Questions in CLIENT-GO

Related Questions in AWS-IAM-AUTHENTICATOR

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions