Reload access tokens for in cluster config #426
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
doriordan
reviewed
Nov 4, 2025
| // This is configurable, hence we allow it to be overridden by an environment variable. | ||
| // Note that the equivalent Go code for this reloads every minute, erroneously stating in a comment that tokens are | ||
| // rotated every 10 minutes. See https://github.com/kubernetes/client-go/blob/4f9edc15a7e71c3f9c7874a872a2545c8737726c/transport/token_source.go#L75-L79 | ||
| sys.env.get("SKUBER_TOKEN_RELOAD_INTERVAL_SECONDS") |
Owner
There was a problem hiding this comment.
Can we explicitly check that if the value is zero or less and if so then disable the token reloading? This is in case there is some edge case where token reloading is problematic so users can restore the old behaviour.
Owner
|
I merged #424, there is now a conflict that needs fixing, and I also left a single comment requesting a small change. Other than that looks good to me. |
Fixes doriordan#350 This implements token reloading for in cluster config. It's built on doriordan#424 so that needs to be reviewed/merged first. Also fixed a resource leak where the input streams for reading the files for in cluster config were not being closed. This was necessary to fix given that we're now frequently loading those streams.
f1a58e6 to
b1adf3a
Compare
Contributor
Author
|
Rebased and updated to make reloading possible to disable. |
doriordan
approved these changes
Nov 5, 2025
doriordan
pushed a commit
that referenced
this pull request
Nov 10, 2025
Fixes #350 This implements token reloading for in cluster config. It's built on #424 so that needs to be reviewed/merged first. Also fixed a resource leak where the input streams for reading the files for in cluster config were not being closed. This was necessary to fix given that we're now frequently loading those streams.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #350
This implements token reloading for in cluster config. It's built on #424 so that needs to be reviewed/merged first.
Also fixed a resource leak where the input streams for reading the files for in cluster config were not being closed. This was necessary to fix given that we're now frequently loading those streams.