Automatic updating of imported cluster configs #13
Comments
|
Hi @dbarentine, we will read more about how OIDC works, so if I understand you correctly there is external sort of daemon that refreshes your token in kubeconfig periodically. |
|
@lnikell Yeah essentially. It's not so much a daemon but a webook token authentication that gets called when you try to make an authenticated call via kubectl. This causes one of two things to happen:
Both result in an updated .kube/config file as the access-token value will be updated. Token expiration I think is 60 minutes so our .kube/config will be updated every 60 minutes if we are actively working with kubectl. For more information, you can see the AAD Integration here: https://docs.microsoft.com/en-us/azure/aks/concepts-identity#azure-active-directory-integration Or the Webhook Token Authentication here: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication |
|
@dbarentine Thank you for clarification, we will try to come up with solution for that. |
|
Hi, @dbarentine. We have released a new version. Now it's possible to set a path to a file instead of copying its content. I hope the feature will fix your issue. Please, feel free to try the update and share feedback with us. Thanks! |
|
Closing the issue, It should be resolved in the latest version as Alexandr mentioned. |
We have Kubernetes clusters that use OIDC for authentication. So, anytime it refreshes the token or reauthenticates I have to either manually update the config within kube-forwarder or delete and recreate.
An example of the part of our config that changes.
user: auth-provider: config: access-token: <access_token apiserver-id: <apiserver-id> client-id: <clientid> expires-in: "3599" expires-on: "1562692749" refresh-token: <refresh_token> tenant-id: <guid> name: azureIt would be nice if kube-forwarder did one of two things:
The text was updated successfully, but these errors were encountered: